Tuesday, July 27, 2010

Blogger's unusual shenanigan ? safe : malicious

A very interesting thing happened while making the earlier post. I quite naively pushed the 'Publish Post' button after keying in the test javascript code snippet. Though the script was entered in the multiline comments construct /* */ of JS, but blogger identified it as javascript and started popping all the alerts there!


This is not it, when I tried to edit the script to have '//' comment construct before each line.. there was no script to be found!
Blogger consumed the script, for all the alert calls the respective alerts were displayed and finally the post looked empty, without any JS code..

It may sound foolish... Well considering the fact that I am a /no{2}b/ this might make some sense...

Anyways, this also shows that any one can easily post any damn nasty JS code onto Blogger.(Any comments???)
Is blogger safe?


  1. Interesting, may create a possible XSS MITM attack.

  2. For interested readers here is a useful information http://www.owasp.org/index.php/Session_hijacking_attack