I was replying to a friend on Twitter using trim, and I had a <script> tag in the post. I realized when I submitted that the tag made everything after it in my tweet dissapear. If you want to see the actual tweets, you can find them in my twitter feed here: Matt Bernier’s Twitter Feed
First thougt was, “No Way!”. Second thought was, “What Else Can I do?”.
So, I tried basic HTML with this tweet:
-
<h2>Testing whether HTML breaks tr.im</h2> B/c my
-
<script> tag did earlier</script>
-
<span style="color:blue;"> ScreenShot coming</script>
This got me this result:
Just HTML in the Tweet
Then I tried an alert:
-
<script type="text/javascript">
-
alert('does this work?');
-
</script>
That got me this result:
Javascript Alert in a tweet
Then lastly, I tried a little more JS, pay attention though. To make it fit, I used a tr.im URL!!
-
<script type="text/javascript">
-
document.body.select('img').each(function(e){e.src="http://tr.im/evmz"});
-
alert('check the images')
-
</script>
Which got me this result:
Replaced Tr.im's images with Google's!
I have submitted this information to tr.im. I did very mundane, topical things to the page I was looking at, and did not even attempt anything more dangerous. My hope is that you will see the humor in this, urge tr.im to fix this issue and to continue the amazing job that they do.
UPDATE: The Tr.im developers are quick to read their emails, respond, and fix issues. It took all of twenty minutes from when I sent the email to them, for a response saying that this issue was fixed.
Sphere: Related Content