-
Notifications
You must be signed in to change notification settings - Fork 1
/
ayw-bookmarklet.html
40 lines (36 loc) · 1.38 KB
/
ayw-bookmarklet.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<p>By dragging <a id="bookmarklet">this link</a>
to your bookmarks toolbar and then clicking it to see an alert of the
contents of a remote HTML file (something which sites can normally
not do unless the site is hosted on their own domain), bearing in mind
again, that if you grant AsYouWish privileges to the site on which the code
is hosted (e.g., Github), whether as a normal page or a bookmarklet,
the site will be able to invoke those privileges
(including if the site were found to be open to exploits).</p>
<p>This is the code above in a readable format:</p>
<pre><code id="source">
(function() {
if (typeof AsYouWish === 'undefined') {
alert("You do not appear to have AsYouWish installed. Redirecting to Github...");
return window.location = 'https://github.com/brettz9/asyouwish/';
}
var require = AsYouWish.requestPrivs;
var xhr = require('sdk/net/xhr');
var x = new xhr.XMLHttpRequest();
x.open('GET', 'http://mozilla.org/', false);
x.send(null);
alert(x.responseText);
}());
</code></pre>
<script>
var bookmarklet = document.getElementById('bookmarklet');
bookmarklet.href = 'javascript:' + encodeURIComponent(document.getElementById('source').textContent.trim().replace(/\s\s+/g, ' '));
</script>
</body>
</html>