Back to Epicmafia

Hidden Link Detector

The
over 9 years

https://greasyfork.org/en/scripts/11623-hidden-link-detector

As many of you know, hidden links can be a significant for threat one's security all throughout the Internet, not limited to just Epicmafia. To combat this threat, have made a greasemonkey script that will detect and alert you of any hidden links on the current page. This script works on every website, including sites that have real-time updates like Skype.

If you haven't already, install the tampermonkey extension for chrome or the greasemonkey extension for FireFox so you can install my script.

Instructions

Normal links will be unaffected, links that go to a destination other than what they appear to go to are highlighted in yellow, and any links that will run JavaScript when they're clicked are highlighted in red.

Hovering over the links will also show you the real destination, or in the case of a JavaScript link, the script that will be run when you click on it.

As always, notify me of any issues or exploits you may find in the script.

cub
over 9 years
because lucid should fix it instead

mods needed it for better reasons at the time i made it
Sanctify
over 9 years

cub says

i made this for mods quite a while back

also this isn't really a threat on any other website since they almost all properly sanitize input before parsing it. em is the first place i've seen that passes up the simple check for "does this link start with the word javascript" before making it a functional link

the real solution, which i've already given to lucid (complete with ctrl+f replace-ability) and he ignored, is just sanitizing links in his markdown file so you don't make a link that isn't really a link.

i would also recommend against running an interval constantly while links are static


why didn't u just make it for the general public lol so everyone has it
Sanctify
over 9 years
plot twist: this is a hidden link
Miloo7
over 9 years
like people like croned who actually care about this site should be mod, not...
Satan
over 9 years
mod foxie
cub
over 9 years
and far more so i recommend against loading the entirety of the jquery library in your script that barely needs it, big wasted request on every page

running the entire thing with eval(), not even once
cub
over 9 years
i made this for mods quite a while back

also this isn't really a threat on any other website since they almost all properly sanitize input before parsing it. em is the first place i've seen that passes up the simple check for "does this link start with the word javascript" before making it a functional link

the real solution, which i've already given to lucid (complete with ctrl+f replace-ability) and he ignored, is just sanitizing links in his markdown file so you don't make a link that isn't really a link.

i would also recommend against running an interval constantly while links are static
moon
over 9 years
mod croned
The
over 9 years
I have some safe test links on my profile, so you can see how it functions there.
ThomasDuBois
over 9 years
bless u
MeetTerry
over 9 years
excellent job.
Satan
over 9 years

Jaleb says

Nomination for Croned to be a site staff member!


no.
Jaleb
over 9 years
Nomination for Croned to be a site staff member!
The
over 9 years
Also, protip, hovering over any link (even without this script) will show you its true destination in the bottom left corner of your browser window.