views:

48

answers:

2

Hi,

i am just trying to create a link which execute some JavaScript in stead to redirect the user to a particular page

I tried the following but it doesn t work

<a href="#" onclick="javascript:location.replace('http://http://stackoverflow.com/questions/ask');"&gt;www.google.com&lt;/a&gt;&lt;br />


<a href="javascript:location.replace('http://stackoverflow.com/questions/ask');"&gt;www.google.com&lt;/a&gt;

I am not trying to do anything illegal whit the redirect, just an exercise for a university module (Internet Security)

Thanks

A: 
<a href="http://google.com" onclick="location.href = 'http://porn.com'; return false;">google.com</a>
Ivo Sabev
+2  A: 

Your second link works. First one doesn't. As was said earlier, onclick doesn't require 'javascript:' as it's implied.

Also - your first link has an incorrect url: http://http://stac... - notice two http://

And finally, as you may realize, you can technically spoof a link simply by mismatching the href and text properties without javascript:

<a href="http://stackoverflow.com" title="www.google.com">www.google.com</a>

Obviously hovering over the link would reveal the url to saavy users or those not paying attention, but thought I'd include it for example's sake...

The most likely to fool people is:

<a href="http://www.google.com" onclick="location.replace('http://www.stackoverflow.com/');return false;">www.google.com</a>

Hovering shows google in status bar. Only way to detect this is to inspect html.

It's things like this that make Firefox + NoScript so valuable :)

KP
The real link will show in the browser status bar. Only if you are not paying attention you will miss it, tech savvy or not.
Ivo Sabev