|
|
|
|
|
|
by thebeefytaco
2078 days ago
|
|
|
Well I just quickly tested, and NoScript doesn't seem to block that, whereas it would if it were externally loaded or inline JS on a web page. So that's one difference. Not that the type of person to use NoScript would likely paste obvious javascript into the address bar... Edit: Doesn't look like you can create a valid URL with that format, but it can be launched via pasting in (obviously), a bookmark (which the contents of which could be obfuscated by telling a user to drag an image to the bookmark bar and click it), and can be launched via command line, e.g. start firefox "data:text/html,<script>alert('');</script>"
|
|
|