The Omni Group
These forums are now read-only. Please visit our new forums to participate in discussion. A new account will be required to post in the new forums. For more info on the switch, see this post. Thank you!

Go Back   The Omni Group Forums > OmniWeb > OmniWeb Bug Reports
FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
Omniweb subject to javascript injection from QT HREFTrack Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
You've probably seen the headlines, there's an interesting XSS attack going on at myspace using a malicious QuickTime movie to infect myspace sites.

Here's a good description of the basic technique that uses a QT movies to execute a HREFTrack, the HREFTrack being some javascript.
http://www.gnucitizen.org/blog/backd...cktime-movies/

The interesting thing (to this forum) would be that this technique doesn't work in Safari. It does however execute javascript in Omniweb, which surprised me since OW utilizes so much of WebKit.
You can access this test movie to see if your browser displays a benign pop-up http://rdiv.com/downloads/jim/pop-up.mov

I'm not sure whether this is a Safari security feature or lack of javascript support . . . and is this a correctly functioning feature or hole in OmniWeb.
 
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Omniweb and Javascript? danica_talos OmniWeb Bug Reports 4 2013-10-26 08:39 AM
Mail clipping shortcut doesn't take subject line jlbaker OmniFocus 1 for Mac 2 2010-12-04 01:04 PM
When email comes into Omni inbox, possible to have name appear as well as subject? rshane OmniFocus 1 for Mac 0 2009-01-06 11:01 AM
Email Import to Ignore Subject Line WolfUK OmniFocus Extras 0 2008-01-23 05:31 AM


All times are GMT -8. The time now is 06:37 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.