Threaded Mode | Linear Mode

DarthTrader · Jan. 28, 2009, 12:11 AM

Is this anything we IE8 users need to worry about? Blog post:
http://hackademix.net/2009/01/27/ehy-ie8...rotection/

Details are a little sketchy, but if iframes are indeed the problem aren't we already protected by Sidki's filter set?

DarthTrader

***sidki3003*** · Jan. 28, 2009, 01:18 AM

I haven't seen an actual test/in-the-wild case yet, but the config does contain a couple of frame busters ("Jump out of...") and blockers, and those don't care about possible "SECURITY" frame attributes.

DarthTrader · Feb. 04, 2009, 12:53 AM

(Jan. 28, 2009 01:18 AM)sidki3003 Wrote: I haven't seen an actual test/in-the-wild case yet, but the config does contain a couple of frame busters ("Jump out of...") and blockers, and those don't care about possible "SECURITY" frame attributes.

Okay, it looks like we have a PoC about a third of the way down this page:
http://hackademix.net/2009/01/31/all-that-clickjazz/

Code:

<a href="http://yahoo.com" onclick="location='http://evil.hackademix.net/images/stallowned.jpg';return false">

It works on IE8 RC1. Is it feasible to just remove this sort of thing?

DarthTrader

***sidki3003*** · Feb. 04, 2009, 01:40 AM

Ahh, that's all? Dang, Google is doing that since almost two years now. I thought the hype was about some sort of overlaying links with off-site elements.

Google Search:

Code:

<a href="http://www.homedepot.com/" class=l onmousedown="return clk(this.href,'','','res','1','')">The 

<em>Home</em> Depot</a>

I perceive this "security risk" as rather trivial. I'm preventing that at Google, because they apparently are using it for user screening.

DarthTrader · Feb. 04, 2009, 03:41 AM

Okay, how about this one:
http://ha.ckers.org/weird/followmouse.html

Something weird happens after clicking on "here" and then moving the mouse around the lower right hand corner of the page.

DarthTrader

DarthTrader · Feb. 04, 2009, 01:52 PM

Whoa! Interesting error message on this page:
http://blogs.msdn.com/ie/archive/2009/02...fense.aspx

Error Message:

Code:

Message: A security problem occurred.

Line: 153

Char: 9

Code: 0

URI: http://local.ptron/sidki_h_2009-01-14/proxjs-full.js

I am using IE8 RC1.

DarthTrader

***sidki3003*** · Feb. 04, 2009, 02:25 PM

(Feb. 04, 2009 03:41 AM)DarthTrader Wrote: Okay, how about this one:
http://ha.ckers.org/weird/followmouse.html

Exactly! However, in this test case the overlayed iframe is on-site.
What i did see in the wild are odd things (not this one though), done with off-site iframes (which would get blocked).

As for the IE8 error message, dunno.

***sidki3003*** · Feb. 04, 2009, 06:00 PM

(Feb. 04, 2009 01:52 PM)DarthTrader Wrote: Whoa! Interesting error message on this page:
http://blogs.msdn.com/ie/archive/2009/02...fense.aspx

The Prox menu is gone bye bye in IE7 there as well.
What happens if you open proxjs-full.js and replace lines 153-155:

Code:

if ((t = f.target) && f.protocol != "javascript:" &&

            f.className.indexOf("Prox") != 0 &&

            !this.inTgCheck(t) && noClick(f))

...with:

Code:

//        if ((t = f.target) && f.protocol != "javascript:" &&

//            f.className.indexOf("Prox") != 0 &&

//            !this.inTgCheck(t) && noClick(f))

        if ((t = f.target) &&

            (typeof f.protocol != "string" || f.protocol != "javascript:") &&

            f.className.indexOf("Prox") != 0 &&

            !this.inTgCheck(t) && noClick(f))

?

***ProxRocks*** · Feb. 04, 2009, 07:06 PM

Prox menu shows up for me *without* making that change...
Should i be making that change to see if it "still" shows up?

***sidki3003*** · Feb. 04, 2009, 07:23 PM

No, should be okay, as the change didn't hurt IE6. If it fixes DarthTrader's issue, i'll add it.

DarthTrader · Feb. 04, 2009, 07:55 PM

(Feb. 04, 2009 07:23 PM)sidki3003 Wrote: No, should be okay, as the change didn't hurt IE6. If it fixes DarthTrader's issue, i'll add it.

Hi Sidki,

Looks like that did the trick! No errors and the menu is back. Thanks a million! Hail

I wonder what other things are yet to be discovered with IE8? Smile!

DarthTrader

***ProxRocks*** · Feb. 04, 2009, 08:03 PM

fyi, the Prox menu showed up for me on that link with IE SEVEN...
without making any .js change...

so i'm not sure where that leaves us...

***sidki3003*** · Feb. 04, 2009, 08:11 PM

(Feb. 04, 2009 07:55 PM)DarthTrader Wrote: I wonder what other things are yet to be discovered with IE8?

Better make that smiley a: Crazy

***sidki3003*** · Feb. 04, 2009, 08:16 PM

(Feb. 04, 2009 08:03 PM)ProxRocks Wrote: fyi, the Prox menu showed up for me on that link with IE SEVEN...
without making any .js change...

so i'm not sure where that leaves us...

Yes, i've got you. Wink

I don't know why the Prox menu is showing up in your IE7 but wasn't in mine, maybe the virtual machine, but it doesn't matter anyway.

What i was trying to transport is: If the added test didn't break my real-OS-IE6 and VM-IE7, it shouldn't break your real-OS-IE7 either. Smile!