[thelist] HTTP links in HTTPS content

Lee Kowalkowski lee.kowalkowski at googlemail.com
Mon Apr 23 15:07:05 CDT 2007

On 23/04/07, John DeStefano <john.destefano at gmail.com> wrote:
> OK, here's an example:
> http://tinyurl.com/ywjycb
> I just ran through the source on this one again and didn't see
> anything offensive in this context.

I can see this in the *executed* source using the MSIE Dev Toolbar
(but one could just do
javascript:alert(document.body.parentNode.outerHTML) in the address

<SCRIPT id="__ie_onload" src="javascript:void(0)" defer> </SCRIPT>

That's it for sure.  It's immediately after your ploneScripts4840.js,
so I bet it's written by a document.write inside there.

It's not actually doing anything, you could just get rid.  If there's
a situation where it is used, you don't need to do the
src="javascript:void()" bit, just put what needs to be executed in the
script body.

Better still, the next-nearest equivalent of the deferred script is a
non-deferred script immediately before the body closing tag.  Other
than that, you can use the onload event...


More information about the thelist mailing list