This post has 304 words. It will take approximately 3 minutes, 2 secondes for reading it.
An interesting post that’s currently going around the Tumblr blog which causes posts in the Dashboard to spin. Could this actually be exploited by less than harmless users?
So while visiting my Tumblr blog’s dashboard I found this interesting little post (I’ve reblogged it as it isn’t unsafe).
When you click on the “Source:” link where normally takes the user to the original post this one causes the posts in your dashboard to spin when you hover over them with the mouse. It does all this with a little bit of Javascript in the source link area instead of the normal link. The javascript looks like this:
While this bit of javascript trickery is nothing serious and just a bit of fun, the possibility to add javascript could possibly be exploited. This is especially dangerous as most users don’t expect there to be a script on this link but an actual http link to another part of the Tumblr site. A user could be tricked into running javascript that is more malicious than a little redecoration of the dashboard.
After running into this issue I wanted to report it to Tumblr. Sadly Tumblr doesn’t seem to provide a very easy way to report bugs found in the system (and from a security standpoint this is a major bug!), only violations of TOS.
So if you are a Tumblr user be very wary of posts that suggest you click on the “source” link. Tumblr really needs to look into this problem and fix it.