so i first saw this glitch in post #4 in this topic
http://forums.d2jsp.org/topic.php?t=51307883&f=34
and tried to replicate it, its pretty easy to do and should be an ez fix... maybe

why would this need fix?
because its pretty annoying
+ you can make other users click on unauthorized links by not even clicking near that link, so this can be a safety hazard for the site

as you can see in the topic that i've showed, if you click the orange underlined "ty for help" it will pop up the message that your going to another site, most people will just press ok because they would think you can only edit the URL for d2jsp links and wont notice that its an outside link

example of changing text for d2jsp URL

but with this glitch, you can edit the text for an authorized link which the user will click thinking its a d2jsp link
even with the pop-up saying your being redirected to an other site, most people will press OK anyways since they are used to going to youtube videos and such from d2jsp

well the good thing is that the unauthorized link can only be .jpg .gif .bmp or other image file when doing this glitch... so there's nothing harmful right? its just links to images...
i tested with sites like youtube that it will just give you a "Server not found" because of the bad URL
well your wrong if you think clicking on a image URL is harmless, there are many viruses, example: zeus, zbot... and the list goes on that infects image files like .jpg .gif or .bmp to contain the trojan itself which installs on your computer silently
clicking on that link will automatically install the trojan BUT if you have a good anti-virus and have all your add-ons/browsers/firewall updated, you will be fine
you will only get this virus on clicking on the link of the infected image, viewing it on d2jsp will simply do nothing

i will not go in much details of these trojans, but they are very harmful and will steal pretty much all your private information, including your credit card information, email accounts... etc,
if you want to read more about this, simply look on Wikipedia
http://en.wikipedia.org/wiki/Zeus_(trojan_horse)

oh and you might be thinking that you can easily see the URL from the first quote... well there is a way to make that text invisible which i wont release into public for security reasons

this is what happens if you preview your glitched message:
if you click anywhere in the pink area, it will show up as the red URL in the bottom of the picture
so you cant post if you previewed your post, it will just open up the URL



here's some example of the glitch
i will post another one in the next post

btw these are links to tinypic images, they are not harmful

Quote (a @ a 1)

.

Click me!!!

with this one, it adds a class='quote1'>Quote for some reason then places glitched borders, like a semi-quote
again, sorry for double post, it was the only way to show this example... or i could have waited 24 hours, but i want this fixed now
thank you for your time


class='quote1'>Quote

I don't understand what the problem is here. With respect to yourself, I can't really understand what it is you've written about the actual supposed "glitch", you seem to be simply talking about trojans (which is quite patronising), and the information you've given about trojans infecting image files and just "installing silently" on sites such as imageshack are misleading. I won't get into it unless you'd like me to, but suffice it to say that you absolutely will not find trojan embedded images on the imageshack website, nor will you find them on any other direct links to popular hosting sites.

You can make any text on the site transparent, and you could essentially disguise any link in this way. It's no well guarded secret, nor is it even plausable to try this, as transparency does not work on all operating systems and browsers. It quite clearly states if you were to accidently click off site:



I say again, regardless of what problem you believe exists, this would always be the case if you were to click a link. It obviously would not be disguised as a URL, and as I've mentioned, it couldn't link to a popular domain name and just "install a trojan", and if people don't recognise the site, then they obviously arn't going to go there.

If you're proposing to change the name of the small url bar at the bottom, I really think this is a waste of time. Put it this way, in over a year here, I've never even noticed and, if I had, I wouldn't really care about what it said, nor spend my time petitioning to change it.

so you clearly cant see the glitched text when you click the link? or the missing bar on my second example?

i wasn't talking about popular image uploading sites... there are random sites that has images with those kinds of trojans that you could simply post on d2jsp but no one would click it because its to obvious or a moderator would close it to soon

i was saying members will fall into the trap of clicking the link way more easily since it will show the URL as something else
and no i wasn't talking about
there is another glitch involving this which makes the first link invisible

you could then disguised the second link as youtube or something, where the user thinks its a trusted link and will ignore that message

changing the URL at the bottom of the page wasn't what i was talking about, i was just showing that if you hover your mouse in those areas and click, it would go to that link

anyways, putting viruses aside, dont you think this should be fixed anyways? its pretty ugly and annoying

Feel free to show me, but I don't see any invisible links.

I can see the link in your second post as clear as day. Sure it's not just a browser / computer issue of your own?

This needs to be fixed... immediately. It poses a big problem to site security.

Pm paul. He changed the URL code about 3 years ago so that you couldn't mask potentially dangerous off site links. Your workaround managed to circumvent that. He'll be interested in this.

This has been resolved. Thanks