I just noticed that opening a page at ubuntuforums.org involves connecting to "runeplanet.com". What's that about?
I just noticed that opening a page at ubuntuforums.org involves connecting to "runeplanet.com". What's that about?
I'm pretty sure it doesn't do that for me. I ran "watch lsof -i" in a command prompt while loading a forum page.
Please try this page: http://ubuntuforums.org/search.php?do=getnew
It may not appear on subsequent pages.
But this is what I see when I look at "open blockable items" in AdBlock Plus. I also saw it show up in the little status bubble that appears in the bottom left of pages in Firefox when a pages is loading or when the mouse cursor is over a link:
It takes a script from there called vb.js NoScript blocks runeplanet here by default as I've not whitelisted it. I see no difference in appearance when allowing or disallowing the script.
Last edited by Erik1984; July 14th, 2013 at 07:51 PM.
-
Last edited by Erik1984; July 14th, 2013 at 07:53 PM.
It's a script linked to in a post "Test" posted by DiegoTc in Honduras announcements.
I'm not that good with javascript, but I do see a function called "stealPassword()".
The script is http://www.runeplanet.com/at/vb.js
By the way,
Nice catch, vasa1.
Even if you don't have any kind of prefetching active in your browser, the first post in each thread visible on the page is loaded to create the tooltip preview of the post. I would have assumed that all happened serverside, though - I wouldn't think that the previews are being generated locally, which I'd think would mean moving around a lot more data than necessary.
The script wouldn't be running, of course, just called as part of the content of the post and then omitted from the preview.
I know I shouldn't use tildes for decoration, but they always make me feel at home~
Bookmarks