As many of you know, hidden links can be a significant for threat one's security all throughout the Internet, not limited to just Epicmafia. To combat this threat, have made a greasemonkey script that will detect and alert you of any hidden links on the current page. This script works on every website, including sites that have real-time updates like Skype.
Normal links will be unaffected, links that go to a destination other than what they appear to go to are highlighted in yellow, and any links that will run JavaScript when they're clicked are highlighted in red.
Hovering over the links will also show you the real destination, or in the case of a JavaScript link, the script that will be run when you click on it.
As always, notify me of any issues or exploits you may find in the script.
yes cub, i did it for all alternate actions and added CSRF tokens. moderator actions are still GET, but i plan to renovate all of them into another method + csrf them as well. i need to do that in conjunction with some logging because some rogue mod is carrying out lobby actions that admin can't detect. likely get to it this weekend.
have you changed most actions performed through GET requests to POST requests? i don't recall, but i thought friend requests were GETs before, but now they're POST. did you do that recently and also do it for mod actions and such?
alright i'll get on the monkey later this week if i have time. i think i know how to build it even though everyone seems confused how it interacts with various meetings
