Hacker Read

Piskvorrr · 2016-02-05 09:53:10+00:00

Nice try, but no, that's a broken old trick. window.status is gone for exactly this reason, but things like onclick="this.href=http://evilsite.example/" (or even onclick="window.location=http://somewhereelse.evil.example/;return false") still work (link shows a benign location, but it's changed to a malicious one when you click).

hrrsn | karma 1003 | avg karma 2.48 · | 2012-10-08 09:26:39+00:00

<a href="http://www.fakehover.com onclick="window.location='http://www.goto.com/>; I presume.

benmanns | karma 1413 | avg karma 3.79 · | 2012-10-29 14:13:11+00:00

There used to be a DOM attribute specifically for changing the window status text, which was the same area used to display a hovered link URL.[0]

[0] https://developer.mozilla.org/en-US/docs/DOM/window.status

reply

simonbrown | karma 1637 | avg karma 3.6 · | 2011-11-16 01:16:16+00:00

The href attribute is still changed. While javascript can't change the status bar explicitly any more, they can set the link's href to the fake URL and change the link's target in the click event.

Demo: http://jsfiddle.net/zTRQh/

reply

AntonyGarand | karma 274 | avg karma 2.98 · | 2020-12-02 16:17:20+00:00

Doesn't work with event handlers: https://remove-js.com/http://14.rs

thirdplace_ | karma 233 | avg karma 2.84 · | 2023-10-25 12:50:10

wayback machine for current url:

javascript:window.location='https://web.archive.org/web/*/'+document.location

reply

cratermoon | karma 12830 | avg karma 2.05 · | 2023-11-08 20:10:42

Ah, Javascript. https://www.destroyallsoftware.com/talks/wat

typeofhuman | karma 1502 | avg karma 4.83 · | 2023-01-13 09:41:32

I still use Knockout[0] for almost an identical experience.

0: https://knockoutjs.com/

reply

mparramon | karma 4788 | avg karma 7.59 · | 2015-06-12 16:35:11+00:00

This is a case of Something.js if I've ever seen one:

http://www.developingandstuff.com/2015/03/somethingjs.html

reply

6510 | karma 1565 | avg karma 0.55 · | 2022-08-16 14:51:22

OT note: sel.onclick=e=>{} works just fine. https://jsfiddle.net/39h5ynga/

timothya | karma 1384 | avg karma 5.0 · | 2014-10-18 22:05:24+00:00

That code doesn't work (at least in ordinary page scripts), as far as I can tell.

http://jsfiddle.net/vej6vbdt/

reply

judge2020 | karma 18790 | avg karma 2.87 · | 2019-03-24 00:21:45

The page: https://www.virustotal.com/old-browsers/

It doesn't work without Javascript.

reply

TimJYoung | karma 936 | avg karma 1.81 · | 2016-01-14 17:39:23+00:00

Yes, exactly:

http://www.elevatesoft.com/blog?action=view&id=why_limit_web...

reply

chime | karma 9034 | avg karma 5.8 · | 2011-03-26 23:33:01

I use A without href only when I'm making an actual anchor A name. When I use href=#, I always have javascript onclick return false. This won't stop crawlers but it keeps the user's history and address bar clean.

steviedotboston | karma 555 | avg karma 2.68 · | 2020-12-02 14:30:05+00:00

Here is a little snippet you can add as a bookmark to load the current page you are viewing with remove-js.com

javascript:window.location.href='http://remove-js.com/'+window.location.href

reply

al_borland | karma 4530 | avg karma 2.46 · | 2022-06-06 05:27:34

Since I know I'll forget this in 10 minutes... I threw together this bookmarklet to use it as needed.

javascript:void%20function(){location.href=%22http://12ft.io/%22+window.location.href}();

reply

johnhenry | karma 2036 | avg karma 2.45 · | 2017-04-03 03:28:38+00:00

Interesting. I just happen to have this tab open: http://exploringjs.com/es6/ch_callables.html.

ronilan | karma 2754 | avg karma 4.34 · | 2019-07-25 07:07:51+00:00

Here is my implementation from 2014 (with jquery...). Watch out. It has lots of bugs!

http://www.ronilan.com/bugsweeper/

reply

kalistoga | karma 54 | avg karma 2.84 · | 2011-12-27 21:37:15+00:00

http://jquery.com seems to be working fine by the way.

bal00ns | karma 54 | avg karma 2.45 · | 2016-04-18 21:37:18+00:00

I particularly enjoy how going to http://javascript.crockford.com/ doesn't load any javascript.