Back to Epicmafia

Hidden Link Detector

The
about 10 years

https://greasyfork.org/en/scripts/11623-hidden-link-detector

As many of you know, hidden links can be a significant for threat one's security all throughout the Internet, not limited to just Epicmafia. To combat this threat, have made a greasemonkey script that will detect and alert you of any hidden links on the current page. This script works on every website, including sites that have real-time updates like Skype.

If you haven't already, install the tampermonkey extension for chrome or the greasemonkey extension for FireFox so you can install my script.

Instructions

Normal links will be unaffected, links that go to a destination other than what they appear to go to are highlighted in yellow, and any links that will run JavaScript when they're clicked are highlighted in red.

Hovering over the links will also show you the real destination, or in the case of a JavaScript link, the script that will be run when you click on it.

As always, notify me of any issues or exploits you may find in the script.

admin
about 10 years
alright all fixed
cub
about 10 years

Zhuorb says

So hidden links aren't actually hidden?

How does one fall for them lol


markdown hidden links still work using this trick, see my profile for reference
Satan
about 10 years

Croned says

Will I get any reward/compensation for the competition stats tool, an issue which I already emailed you about and you read, but never replied to?


lmfao
Zhuorb
about 10 years
So hidden links aren't actually hidden?

How does one fall for them lol
Miloo7
about 10 years

lilin says


Miloo7 says

Lucid, you promised this, please deliver




dumb idea

if they are really saying nasty stuff kick them??


I was thinking this will help you reread in ranked games not just muting someone in unranked.
cub
about 10 years
i have faith in phill
Giga13
about 10 years
wonky wheel
Hibiki
about 10 years
its heartbreaking to see lucid interested in fixing all this stuff but not having the time to sit down and do it. it's like he's your workaholic dad who promised to fix your bike but he's busy, can't help it, etc and eventually you just learn to bike with the wonky wheel
cub
about 10 years
hi
Hibiki
about 10 years
hello to you too cub
cub
about 10 years
im saying goodbye to my last hidden links
deletedabout 10 years
hi foxie, are u clever?
cub
about 10 years
itp testing alternatives

javascript://x%0aalert(%22hello%20%22+auth_top.textContent)

[url=x://]y[/url]
[url]x://[/url]

[url=ftp://]y[/url]
[url]ftp://[/url]

bug( affecting nobody at all ): ftp isn't recognized as a valid protocol in url tags
cub
about 10 years
javascript://x%0aalert%28%22with%20clicks%22%29

filthy cheats
deletedabout 10 years

Miloo7 says

Lucid, you promised this, please deliver




dumb idea

if they are really saying nasty stuff kick them??
Miloo7
about 10 years
Lucid, you promised this, please deliver

Giga13
about 10 years
This is so great, thanks to all involved!
admin
about 10 years
it will terminate if any of the images along the redirects are not an image
cub
about 10 years
ok it blocked a nefarious poking fake image

also what if i give it 4 fake images?

anyway tbh once you add csrf checks to all actions, this extra server strain won't be necessary anymore
cub
about 10 years

admin says

foxie, it follows the redirects, up to 4, to check to see if the final destination is an image or not


prince
about 10 years

moon says


mist says


xela says

*backflips into thread*

yo lucid, profile pets

*sashays outta here*


don't do this.





admin
about 10 years
foxie, it follows the redirects, up to 4, to check to see if the final destination is an image or not
AdrenalineMime
about 10 years
rip hibiki's profile(s)
cub
about 10 years
additionally i think every profile(/markdown) image is broken
cub
about 10 years
it accepted my redirect (check the image url)

confirmed vulnerable but really that won't be a problem with csrf