Chances are that you’ve already been a victim of this.
You may think this link leads you to Google. But try clicking it.
You might think, pretty harmless right? But what about something like this:
You can probably now see how this could be used.
The method is fairly simple – you just change the href on the anchor right before the mouse click is released by using onmousedown. If you click and hold the link, you’ll see that the URL changes to Bing.
What makes my code different than Google’s? Well, if you click and hold a link on the Google search results and end up dragging away (basically not fully completing the click), the URL is permanently changed to the Google one. The code I have restores the original URL every time the mouse moves over the link. It’s not a big change, but it could make a difference.
Without much further ado, here’s the code.
[…] The Internet is full of threats like cross-site scripting attacks and clickjacking. […]