[Xfce4-commits] <midori:master> Integrate user interaction exploit demo in about:
Christian Dywan
noreply at xfce.org
Thu Apr 18 00:50:02 CEST 2013
Updating branch refs/heads/master
to a5bb3bbe064146b642c45397339a642a95451f4c (commit)
from 4eae1c0a660082906fb632a25b460d12e348c5dc (commit)
commit a5bb3bbe064146b642c45397339a642a95451f4c
Author: Christian Dywan <christian at twotoasts.de>
Date: Thu Apr 18 00:45:47 2013 +0200
Integrate user interaction exploit demo in about:
See http://www.ush.it/team/ascii/hack-tricks_253C_CCC2008/wysinwyc/what_you_see_is_not_what_you_copy.txt
or http://heise.de/-1842691
midori/midori-view.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/midori/midori-view.c b/midori/midori-view.c
index ad04e88..bd1d287 100644
--- a/midori/midori-view.c
+++ b/midori/midori-view.c
@@ -4452,11 +4452,12 @@ midori_view_set_uri (MidoriView* view,
g_string_append_printf (tmp,
"<html><head><title>about:version</title></head>"
- "<body><h1>about:version</h1>"
+ "<body><h1>a%sbout:version</h1>"
"<p>%s</p>"
"<img src=\"res://logo-shade.png\" "
"style=\"position: absolute; right: 15px; bottom: 15px; z-index: -9;\">"
"<table>",
+ "<span style=\"position: absolute; left: -1000px; top: -1000px\">lias a=b; echo Copy carefully #</span>",
_("Version numbers in brackets show the version used at runtime."));
midori_view_add_version (tmp, TRUE, g_markup_printf_escaped ("Command line %s",
command_line));
More information about the Xfce4-commits
mailing list