https://wiki.jmol.org/index.php?action=history&feed=atom&title=User%3AIlmari_Karonen%2FJS_injection_demo 2026-04-28T13:31:21Z Revision history for this page on the wiki MediaWiki 1.32.0 https://wiki.jmol.org/index.php?title=User:Ilmari_Karonen/JS_injection_demo&diff=5530&oldid=prev 2008-12-08T21:52:48Z

<p>fixed</p> <table class="diff diff-contentalign-left" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="en"> <td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td> <td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 21:52, 8 December 2008</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This page demonstrates a security flaw in the [[MediaWiki|Jmol Mediawiki Extension]], allowing arbitrary JavaScript execution.</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This page <ins class="diffchange diffchange-inline">&lt;s&gt;</ins>demonstrates<ins class="diffchange diffchange-inline">&lt;/s&gt; used to demonstrate </ins>a security flaw in the [[MediaWiki|Jmol Mediawiki Extension]], allowing arbitrary JavaScript execution<ins class="diffchange diffchange-inline">.  The flaw has since been fixed in the version of the extension used on this wiki.  If it was still present, loading the applet below would've executed some JavaScript code that displayed a couple of scary, but ultimately harmless, popups</ins>.</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;center&gt;&lt;jmol&gt;</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;center&gt;&lt;jmol&gt;</div></td></tr> </table>

Ilmari Karonen https://wiki.jmol.org/index.php?title=User:Ilmari_Karonen/JS_injection_demo&diff=5461&oldid=prev 2008-11-29T12:47:04Z

<p>This page demonstrates a security flaw in the <a href="/index.php/MediaWiki" title="MediaWiki">Jmol Mediawiki Extension</a>, allowing arbitrary JavaScript execution.</p> <p><b>New page</b></p><div>This page demonstrates a security flaw in the [[MediaWiki|Jmol Mediawiki Extension]], allowing arbitrary JavaScript execution.<br /> <br /> &lt;center&gt;&lt;jmol&gt;<br /> &lt;jmolApplet&gt;<br /> &lt;title&gt;Ethanol&lt;/title&gt;&lt;color&gt;gray&lt;/color&gt;<br /> &lt;uploadedFileContents&gt;Ethanol.xyz&lt;/uploadedFileContents&gt;<br /> &lt;script&gt;javascript &quot;if(!confirm('Do you want your account hijacked?')) alert('Sorry, you should\\x27ve said so earlier. :('); alert('...just kidding! But I could\\x27ve done it, you know.');&quot;&lt;/script&gt;<br /> &lt;/jmolApplet&gt;<br /> &lt;/jmol&gt;&lt;/center&gt;</div>

Ilmari Karonen