API tools faq
paste
Advertisement
therube

Yahoo generated XSS in NoScript

therube
Jul 30th, 2014
620
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 108.75 KB | None | 0 0
raw download clone embed print report
  1. (Can't recall if I had looked earlier, or I may have filtered on Errors instead of Messages or All?)
  2.  
  3. [code]
  4. [NoScript InjectionChecker] HTML injection:
  5. <script
  6. matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|i(?:s(?:c(?:o(?:verystatechanged|nnect(?:ing|ed))|hargingtimechange)|abled)|aling)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rol(?:lerchange|select)|extmenu)|nect(?:ing|ed)?)|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change|u(?:echange|t))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|ad(?:ystatechange|success|error)|mo(?:te(?:resume|hel)d|vetrack)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:adiost)?atechange)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:(?:lec(?:tstar)?)?t|ek(?:ing|ed)|n(?:ding|t))|pe(?:akerforcedchange|ech(?:start|end))|c(?:ostatuschanged|roll)|u(?:ccess|spend|bmit)|ound(?:start|end)|how)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|p(?:o(?:inter(?:(?:lea|mo)ve|o(?:ver|ut)|cancel|enter|down|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state))|a(?:i(?:redstatuschanged|nt)|ge(?:hide|show)|(?:st|us)e)|ro(?:pertychange|gress)|endingchange|lay(?:ing)?)|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load|interruptbegin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|fter(?:(?:scriptexecu|upda)te|print)|d(?:apter(?:remov|add)ed|dtrack)|(?:2dpstatus|ttribute)changed|udio(?:process|start|end)|ctivate|lerting|bort)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ypechange|ext)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|e(?:m(?:ergencycbmodechange|ptied)|n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|victed|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|requencychange|ailed|etch)|u(?:p(?:date(?:found|ready)|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|o(?:(?:tastatuschang|(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|h(?:e(?:adphoneschange|l[dp])|fpstatuschanged|ashchange|olding)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|v(?:o(?:lum|ic)e|ersion)change|n(?:o(?:update|match)|eedkey)|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s\0]*=
  7. [/code]
  8. [code]
  9. [NoScript XSS]: sanitized window.name, "darla_csc_writer_0--%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527NP1NAWKL4NQ-%2527%255D%253D%2527%2528as%252412rtf20eu%252Caid%2524NP1NAWKL4NQ-%252Cbi%25242139750051%252Ccr%25244200473051%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DLDRB%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527QBROAWKL4NQ-%2527%255D%253D%2527%2528as%252412rqdsf6c%252Caid%2524QBROAWKL4NQ-%252Cbi%25242027537051%252Ccr%25243890619051%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DLN2%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527TCtOAWKL4NQ-%2527%255D%253D%2527%2528as%252412rf6rgoc%252Caid%2524TCtOAWKL4NQ-%252Cbi%25241941398051%252Ccr%25243726814051%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DLREC%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527WEJOAWKL4NQ-%2527%255D%253D%2527%2528as%252412rrratfm%252Caid%2524WEJOAWKL4NQ-%252Cbi%25241941404051%252Ccr%25243726810551%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DLREC2%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527ZFlOAWKL4NQ-%2527%255D%253D%2527%2528as%252412rm965rq%252Caid%2524ZFlOAWKL4NQ-%252Cbi%25241941403551%252Ccr%25243726656551%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DLREC3%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527cHBOAWKL4NQ-%2527%255D%253D%2527%2528as%25241252ql76v%252Caid%2524cHBOAWKL4NQ-%252Ccr%2524-1%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DMAST%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527fIdOAWKL4NQ-%2527%255D%253D%2527%2528as%25241252d546v%252Caid%2524fIdOAWKL4NQ-%252Ccr%2524-1%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DTL1%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527KOZNAWKL4NQ-%2527%255D%253D%2527%2528as%2524125vpnh8i%252Caid%2524KOZNAWKL4NQ-%252Ccr%2524-1%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DFSRVY%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_d%253D%253Dnull%2529window.xzq_d%253Dnew%2520Object%2528%2529%253B%250Awindow.xzq_d%255B%2527iJ5OAWKL4NQ-%2527%255D%253D%2527%2528as%2524125s5lg3u%252Caid%2524iJ5OAWKL4NQ-%252Ccr%2524-1%252Cct%252425%252Cat%2524H%252Ceob%2524gd1_match_id%253D-1%253Aypos%253DWPFP%2529%2527%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250A%2528function%2528%2529%257Bwindow.xzq_p%253Dfunction%2528R%2529%257BM%253DR%257D%253Bwindow.xzq_svr%253Dfunction%2528R%2529%257BJ%253DR%257D%253Bfunction%2520F%2528S%2529%257Bvar%2520T%253Ddocument%253Bif%2528T.xzq_i%253D%253Dnull%2529%257BT.xzq_i%253Dnew%2520Array%2528%2529%253BT.xzq_i.c%253D0%257Dvar%2520R%253DT.xzq_i%253BR%255B++R.c%255D%253Dnew%2520Image%2528%2529%253BR%255BR.c%255D.src%253DS%257Dwindow.xzq_sr%253Dfunction%2528%2529%257Bvar%2520S%253Dwindow%253Bvar%2520Y%253DS.xzq_d%253Bif%2528Y%253D%253Dnull%2529%257Breturn%2520%257Dif%2528J%253D%253Dnull%2529%257Breturn%2520%257Dvar%2520T%253DJ+M%253Bif%2528T.length%253EP%2529%257BC%2528%2529%253Breturn%2520%257Dvar%2520X%253D%2522%2522%253Bvar%2520U%253D0%253Bvar%2520W%253DMath.random%2528%2529%253Bvar%2520V%253D%2528Y.hasOwnProperty%2521%253Dnull%2529%253Bvar%2520R%253Bfor%2528R%2520in%2520Y%2529%257Bif%2528typeof%2520Y%255BR%255D%253D%253D%2522string%2522%2529%257Bif%2528V%2526%2526%2521Y.hasOwnProperty%2528R%2529%2529%257Bcontinue%257Dif%2528T.length+X.length+Y%255BR%255D.length%253C%253DP%2529%257BX+%253DY%255BR%255D%257Delse%257Bif%2528T.length+Y%255BR%255D.length%253EP%2529%257B%257Delse%257BU++%253BN%2528T%252CX%252CU%252CW%2529%253BX%253DY%255BR%255D%257D%257D%257D%257Dif%2528U%2529%257BU++%257DN%2528T%252CX%252CU%252CW%2529%253BC%2528%2529%257D%253Bfunction%2520N%2528R%252CU%252CS%252CT%2529%257Bif%2528U.length%253E0%2529%257BR+%253D%2522%2526al%253D%2522%257DF%2528R+U+%2522%2526s%253D%2522+S+%2522%2526r%253D%2522+T%2529%257Dfunction%2520C%2528%2529%257Bwindow.xzq_d%253Dnull%253BM%253Dnull%253BJ%253Dnull%257Dfunction%2520K%2528R%2529%257Bxzq_sr%2528%2529%257Dfunction%2520B%2528R%2529%257Bxzq_sr%2528%2529%257Dfunction%2520L%2528U%252CV%252CW%2529%257Bif%2528W%2529%257Bvar%2520R%253DW.toString%2528%2529%253Bvar%2520T%253DU%253Bvar%2520Y%253DR.match%2528new%2520RegExp%2528%2522%255C%255C%255C%255C%2528%2528%255B%255E%255C%255C%255C%255C%2529%255D*%2529%255C%255C%255C%255C%2529%2522%2529%2529%253BY%253D%2528Y%255B1%255D.length%253E0%253FY%255B1%255D%253A%2522e%2522%2529%253BT%253DT.replace%2528new%2520RegExp%2528%2522%255C%255C%255C%255C%2528%255B%255E%255C%255C%255C%255C%2529%255D*%255C%255C%255C%255C%2529%2522%252C%2522g%2522%2529%252C%2522%2528%2522+Y+%2522%2529%2522%2529%253Bif%2528R.indexOf%2528T%2529%253C0%2529%257Bvar%2520X%253DR.indexOf%2528%2522%257B%2522%2529%253Bif%2528X%253E0%2529%257BR%253DR.substring%2528X%252CR.length%2529%257Delse%257Breturn%2520W%257DR%253DR.replace%2528new%2520RegExp%2528%2522%2528%255B%255Ea-zA-Z0-9%2524_%255D%2529this%2528%255B%255Ea-zA-Z0-9%2524_%255D%2529%2522%252C%2522g%2522%2529%252C%2522%25241xzq_this%25242%2522%2529%253Bvar%2520Z%253DT+%2522%253Bvar%2520rv%2520%253D%2520f%2528%2520%2522+Y+%2522%252Cthis%2529%253B%2522%253Bvar%2520S%253D%2522%257Bvar%2520a0%2520%253D%2520%2527%2522+Y+%2522%2527%253Bvar%2520ofb%2520%253D%2520%2527%2522+escape%2528R%2529+%2522%2527%2520%253Bvar%2520f%2520%253D%2520new%2520Function%2528%2520a0%252C%2520%2527xzq_this%2527%252C%2520unescape%2528ofb%2529%2529%253B%2522+Z+%2522return%2520rv%253B%257D%2522%253Breturn%2520new%2520Function%2528Y%252CS%2529%257Delse%257Breturn%2520W%257D%257Dreturn%2520V%257Dwindow.xzq_eh%253Dfunction%2528%2529%257Bif%2528E%257C%257CI%2529%257Bthis.onload%253DL%2528%2522xzq_onload%2528e%2529%2522%252CK%252Cthis.onload%252C0%2529%253Bif%2528E%2526%2526typeof%2520%2528this.onbeforeunload%2529%2521%253DO%2529%257Bthis.onbeforeunload%253DL%2528%2522xzq_dobeforeunload%2528e%2529%2522%252CB%252Cthis.onbeforeunload%252C0%2529%257D%257D%257D%253Bwindow.xzq_s%253Dfunction%2528%2529%257BsetTimeout%2528%2522xzq_sr%2528%2529%2522%252C1%2529%257D%253Bvar%2520J%253Dnull%253Bvar%2520M%253Dnull%253Bvar%2520Q%253Dnavigator.appName%253Bvar%2520H%253Dnavigator.appVersion%253Bvar%2520G%253Dnavigator.userAgent%253Bvar%2520A%253DparseInt%2528H%2529%253Bvar%2520D%253DQ.indexOf%2528%2522Microsoft%2522%2529%253Bvar%2520E%253DD%2521%253D-1%2526%2526A%253E%253D4%253Bvar%2520I%253D%2528Q.indexOf%2528%2522Netscape%2522%2529%2521%253D-1%257C%257CQ.indexOf%2528%2522Opera%2522%2529%2521%253D-1%2529%2526%2526A%253E%253D4%253Bvar%2520O%253D%2522undefined%2522%253Bvar%2520P%253D2000%257D%2529%2528%2529%253B%250A%253C/script%253E%253Cscript%2520language%253Djavascript%253E%250Aif%2528window.xzq_svr%2529xzq_svr%2528%2527http%253A//csc.beap.bc.yahoo.com/%2527%2529%253B%250Aif%2528window.xzq_p%2529xzq_p%2528%2527yi%253Fbv%253D1.0.0%2526bs%253D%2528133uh6c54%2528gid%2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%252Cst%25241406717126652396%252Csi%25244464051%252Csp%25247665145%252Cpv%25240%252Cv%25242.0%2529%2529%2526t%253DJ_3-D_3%2527%2529%253B%250Aif%2528window.xzq_s%2529xzq_s%2528%2529%253B%250A%253C/script%253E%253Cscript%253E%2528function%2528c%2529%257Bvar%2520e%253D%2522https%253A//%2522%252Ca%253Dc%2526%2526c.JSON%252Cf%253D%2522ypcdb%2522%252Cg%253Ddocument%252Cd%253D%255B%2522yahoo.com%2522%252C%2522flickr.com%2522%252C%2522rivals.com%2522%252C%2522yahoo.net%2522%252C%2522yimg.com%2522%255D%252Cb%253Bfunction%2520i%2528l%252Co%252Cn%252Cm%2529%257Bvar%2520k%252Cp%253Btry%257Bk%253Dnew%2520Date%2528%2529%253Bk.setTime%2528k.getTime%2528%2529+m*1000%2529%253Bg.cookie%253D%255Bl%252C%2522%253D%2522%252CencodeURIComponent%2528o%2529%252C%2522%253B%2520domain%253D%2522%252Cn%252C%2522%253B%2520path%253D/%253B%2520max-age%253D%2522%252Cm%252C%2522%253B%2520expires%253D%2522%252Ck.toUTCString%2528%2529%255D.join%2528%2522%2522%2529%257Dcatch%2528p%2529%257B%257D%257Dfunction%2520h%2528l%2529%257Bvar%2520k%252Cm%253Btry%257Bk%253Dnew%2520Image%2528%2529%253Bk.onerror%253Dk.onload%253Dfunction%2528%2529%257Bk.onerror%253Dk.onload%253Dnull%253Bk%253Dnull%257D%253Bk.src%253Dl%257Dcatch%2528m%2529%257B%257D%257Dfunction%2520j%2528u%252CA%252Cn%252Cy%2529%257Bvar%2520w%253D0%252Cv%252Cz%252Cx%252Cs%252Ct%252Cp%252Cm%252Cr%252Cl%252Co%252Ck%252Cq%253Btry%257Bb%253Dlocation%257Dcatch%2528r%2529%257Bb%253Dnull%257Dtry%257Bif%2528a%2529%257Bk%253Da.parse%2528y%2529%257Delse%257Bq%253Dnew%2520Function%2528%2522return%2520%2522+y%2529%253Bk%253Dq%2528%2529%257D%257Dcatch%2528r%2529%257Bk%253Dnull%257Dtry%257Bv%253Db.hostname%253Bz%253Db.protocol%253Bif%2528z%2529%257Bz+%253D%2522//%2522%257D%257Dcatch%2528r%2529%257Bv%253Dz%253D%2522%2522%257Dif%2528%2521v%2529%257Btry%257Bx%253Dg.URL%257C%257Cb.href%257C%257C%2522%2522%253Bs%253Dx.match%2528/%255E%2528%2528http%255Bs%255D%253F%2529%255C%253A%255B%255C/%255D+%2529%253F%2528%255B%255E%253A%255C/%255Cs%255D+%257C%255B%255C%253A%255Cdabcdef%255C.%255D+%2529/i%2529%253Bif%2528s%2526%2526s%255B1%255D%2526%2526s%255B3%255D%2529%257Bz%253Ds%255B1%255D%257C%257C%2522%2522%253Bv%253Ds%255B3%255D%257C%257C%2522%2522%257D%257Dcatch%2528r%2529%257Bz%253Dv%253D%2522%2522%257D%257Dif%2528%2521v%257C%257C%2521k%257C%257C%2521z%257C%257C%2521A%2529%257Breturn%257Dwhile%2528l%253Dd%255Bw++%255D%2529%257Bt%253Dl.replace%2528/%255C./g%252C%2522%255C%255C.%2522%2529%253Bp%253Dnew%2520RegExp%2528%2522%2528%255C%255C.%2529+%2522+t+%2522%2524%2522%2529%253Bif%2528v%253D%253Dl%257C%257Cv.search%2528p%2529%2521%253D-1%2529%257Bo%253Dl%253Bbreak%257D%257Dif%2528%2521o%2529%257Breturn%257Dif%2528z%253D%253D%253De%2529%257BA%253Dn%257Dw%253D0%253Bwhile%2528m%253DA%255Bw++%255D%2529%257Bh%2528z+m+k%255Bm.substr%25281+m.lastIndexOf%2528%2522%253D%2522%2529%2529%255D%2529%257Di%2528f%252Cu%252Co%252C86400%2529%257Dj%2528%2527e2593b7d549a8c3fda7f88c5c6163d9c%2527%252C%255B%2527ad.yieldmanager.com/csync%253Fver%253D2.1%2527%252C%2527csync.yahooapis.com/csync%253Fver%253D2.1%2527%252C%2527u2sb.interclick.com/beacon.gif%253Fver%253D2.1%2527%255D%252C%255B%2527ad.yieldmanager.com/csync%253Fver%253D2.1%2527%252C%2527cdnk.interclick.com/beacon.gif%253Fver%253D2.1%2527%252C%2527csync.yahooapis.com/csync%253Fver%253D2.1%2527%255D%252C%2527%257B%25222.1%2522%253A%2522%2526id%253D23351%2526value%253Dpix3t199xy9ay%252526o%25253d4%252526q%25253d4AksiKgcLRVndrt3cI90FY6MuQRNZozQh1fxSSjyhxAk%252526f%25253dvc%252526v%25253daOBO1lbwELthHlHpRWO4%2526optout%253Dh%25253d1%252526b%25253d0%252526qag%25253d1%2526timeout%253D1406717126%2526sig%253D14l0jt5rh%2522%257D%2527%2529%257D%2529%2528window%2529%253B%250A%253C/script%253E" to "darla_csc_writer_0-- 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527NP1NAWKL4NQ- 2527 255D 253D 2527 2528as 252412rtf20eu 252Caid 2524NP1NAWKL4NQ- 252Cbi 25242139750051 252Ccr 25244200473051 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DLDRB 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527QBROAWKL4NQ- 2527 255D 253D 2527 2528as 252412rqdsf6c 252Caid 2524QBROAWKL4NQ- 252Cbi 25242027537051 252Ccr 25243890619051 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DLN2 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527TCtOAWKL4NQ- 2527 255D 253D 2527 2528as 252412rf6rgoc 252Caid 2524TCtOAWKL4NQ- 252Cbi 25241941398051 252Ccr 25243726814051 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DLREC 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527WEJOAWKL4NQ- 2527 255D 253D 2527 2528as 252412rrratfm 252Caid 2524WEJOAWKL4NQ- 252Cbi 25241941404051 252Ccr 25243726810551 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DLREC2 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527ZFlOAWKL4NQ- 2527 255D 253D 2527 2528as 252412rm965rq 252Caid 2524ZFlOAWKL4NQ- 252Cbi 25241941403551 252Ccr 25243726656551 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DLREC3 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527cHBOAWKL4NQ- 2527 255D 253D 2527 2528as 25241252ql76v 252Caid 2524cHBOAWKL4NQ- 252Ccr 2524-1 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DMAST 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527fIdOAWKL4NQ- 2527 255D 253D 2527 2528as 25241252d546v 252Caid 2524fIdOAWKL4NQ- 252Ccr 2524-1 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DTL1 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527KOZNAWKL4NQ- 2527 255D 253D 2527 2528as 2524125vpnh8i 252Caid 2524KOZNAWKL4NQ- 252Ccr 2524-1 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DFSRVY 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_d 253D 253Dnull 2529window.xzq_d 253Dnew 2520Object 2528 2529 253B 250Awindow.xzq_d 255B 2527iJ5OAWKL4NQ- 2527 255D 253D 2527 2528as 2524125s5lg3u 252Caid 2524iJ5OAWKL4NQ- 252Ccr 2524-1 252Cct 252425 252Cat 2524H 252Ceob 2524gd1_match_id 253D-1 253Aypos 253DWPFP 2529 2527 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250A 2528function 2528 2529 257Bwindow.xzq_p 253Dfunction 2528R 2529 257BM 253DR 257D 253Bwindow.xzq_svr 253Dfunction 2528R 2529 257BJ 253DR 257D 253Bfunction 2520F 2528S 2529 257Bvar 2520T 253Ddocument 253Bif 2528T.xzq_i 253D 253Dnull 2529 257BT.xzq_i 253Dnew 2520Array 2528 2529 253BT.xzq_i.c 253D0 257Dvar 2520R 253DT.xzq_i 253BR 255B++R.c 255D 253Dnew 2520Image 2528 2529 253BR 255BR.c 255D.src 253DS 257Dwindow.xzq_sr 253Dfunction 2528 2529 257Bvar 2520S 253Dwindow 253Bvar 2520Y 253DS.xzq_d 253Bif 2528Y 253D 253Dnull 2529 257Breturn 2520 257Dif 2528J 253D 253Dnull 2529 257Breturn 2520 257Dvar 2520T 253DJ+M 253Bif 2528T.length 253EP 2529 257BC 2528 2529 253Breturn 2520 257Dvar 2520X 253D 2522 2522 253Bvar 2520U 253D0 253Bvar 2520W 253DMath.random 2528 2529 253Bvar 2520V 253D 2528Y.hasOwnProperty 2521 253Dnull 2529 253Bvar 2520R 253Bfor 2528R 2520in 2520Y 2529 257Bif 2528typeof 2520Y 255BR 255D 253D 253D 2522string 2522 2529 257Bif 2528V 2526 2526 2521Y.hasOwnProperty 2528R 2529 2529 257Bcontinue 257Dif 2528T.length+X.length+Y 255BR 255D.length 253C 253DP 2529 257BX+ 253DY 255BR 255D 257Delse 257Bif 2528T.length+Y 255BR 255D.length 253EP 2529 257B 257Delse 257BU++ 253BN 2528T 252CX 252CU 252CW 2529 253BX 253DY 255BR 255D 257D 257D 257D 257Dif 2528U 2529 257BU++ 257DN 2528T 252CX 252CU 252CW 2529 253BC 2528 2529 257D 253Bfunction 2520N 2528R 252CU 252CS 252CT 2529 257Bif 2528U.length 253E0 2529 257BR+ 253D 2522 2526al 253D 2522 257DF 2528R+U+ 2522 2526s 253D 2522+S+ 2522 2526r 253D 2522+T 2529 257Dfunction 2520C 2528 2529 257Bwindow.xzq_d 253Dnull 253BM 253Dnull 253BJ 253Dnull 257Dfunction 2520K 2528R 2529 257Bxzq_sr 2528 2529 257Dfunction 2520B 2528R 2529 257Bxzq_sr 2528 2529 257Dfunction 2520L 2528U 252CV 252CW 2529 257Bif 2528W 2529 257Bvar 2520R 253DW.toString 2528 2529 253Bvar 2520T 253DU 253Bvar 2520Y 253DR.match 2528new 2520RegExp 2528 2522 255C 255C 255C 255C 2528 2528 255B 255E 255C 255C 255C 255C 2529 255D* 2529 255C 255C 255C 255C 2529 2522 2529 2529 253BY 253D 2528Y 255B1 255D.length 253E0 253FY 255B1 255D 253A 2522e 2522 2529 253BT 253DT.replace 2528new 2520RegExp 2528 2522 255C 255C 255C 255C 2528 255B 255E 255C 255C 255C 255C 2529 255D* 255C 255C 255C 255C 2529 2522 252C 2522g 2522 2529 252C 2522 2528 2522+Y+ 2522 2529 2522 2529 253Bif 2528R.indexOf 2528T 2529 253C0 2529 257Bvar 2520X 253DR.indexOf 2528 2522 257B 2522 2529 253Bif 2528X 253E0 2529 257BR 253DR.substring 2528X 252CR.length 2529 257Delse 257Breturn 2520W 257DR 253DR.replace 2528new 2520RegExp 2528 2522 2528 255B 255Ea-zA-Z0-9 2524_ 255D 2529this 2528 255B 255Ea-zA-Z0-9 2524_ 255D 2529 2522 252C 2522g 2522 2529 252C 2522 25241xzq_this 25242 2522 2529 253Bvar 2520Z 253DT+ 2522 253Bvar 2520rv 2520 253D 2520f 2528 2520 2522+Y+ 2522 252Cthis 2529 253B 2522 253Bvar 2520S 253D 2522 257Bvar 2520a0 2520 253D 2520 2527 2522+Y+ 2522 2527 253Bvar 2520ofb 2520 253D 2520 2527 2522+escape 2528R 2529+ 2522 2527 2520 253Bvar 2520f 2520 253D 2520new 2520Function 2528 2520a0 252C 2520 2527xzq_this 2527 252C 2520unescape 2528ofb 2529 2529 253B 2522+Z+ 2522return 2520rv 253B 257D 2522 253Breturn 2520new 2520Function 2528Y 252CS 2529 257Delse 257Breturn 2520W 257D 257Dreturn 2520V 257Dwindow.xzq_eh 253Dfunction 2528 2529 257Bif 2528E 257C 257CI 2529 257Bthis.onload 253DL 2528 2522xzq_onload 2528e 2529 2522 252CK 252Cthis.onload 252C0 2529 253Bif 2528E 2526 2526typeof 2520 2528this.onbeforeunload 2529 2521 253DO 2529 257Bthis.onbeforeunload 253DL 2528 2522xzq_dobeforeunload 2528e 2529 2522 252CB 252Cthis.onbeforeunload 252C0 2529 257D 257D 257D 253Bwindow.xzq_s 253Dfunction 2528 2529 257BsetTimeout 2528 2522xzq_sr 2528 2529 2522 252C1 2529 257D 253Bvar 2520J 253Dnull 253Bvar 2520M 253Dnull 253Bvar 2520Q 253Dnavigator.appName 253Bvar 2520H 253Dnavigator.appVersion 253Bvar 2520G 253Dnavigator.userAgent 253Bvar 2520A 253DparseInt 2528H 2529 253Bvar 2520D 253DQ.indexOf 2528 2522Microsoft 2522 2529 253Bvar 2520E 253DD 2521 253D-1 2526 2526A 253E 253D4 253Bvar 2520I 253D 2528Q.indexOf 2528 2522Netscape 2522 2529 2521 253D-1 257C 257CQ.indexOf 2528 2522Opera 2522 2529 2521 253D-1 2529 2526 2526A 253E 253D4 253Bvar 2520O 253D 2522undefined 2522 253Bvar 2520P 253D2000 257D 2529 2528 2529 253B 250A 253C/script 253E 253Cscript 2520language 253Djavascript 253E 250Aif 2528window.xzq_svr 2529xzq_svr 2528 2527http 253A//csc.beap.bc.yahoo.com/ 2527 2529 253B 250Aif 2528window.xzq_p 2529xzq_p 2528 2527yi 253Fbv 253D1.0.0 2526bs 253D 2528133uh6c54 2528gid 2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 252Cst 25241406717126652396 252Csi 25244464051 252Csp 25247665145 252Cpv 25240 252Cv 25242.0 2529 2529 2526t 253DJ_3-D_3 2527 2529 253B 250Aif 2528window.xzq_s 2529xzq_s 2528 2529 253B 250A 253C/script 253E 253Cscript 253E 2528function 2528c 2529 257Bvar 2520e 253D 2522https 253A// 2522 252Ca 253Dc 2526 2526c.JSON 252Cf 253D 2522ypcdb 2522 252Cg 253Ddocument 252Cd 253D 255B 2522yahoo.com 2522 252C 2522flickr.com 2522 252C 2522rivals.com 2522 252C 2522yahoo.net 2522 252C 2522yimg.com 2522 255D 252Cb 253Bfunction 2520i 2528l 252Co 252Cn 252Cm 2529 257Bvar 2520k 252Cp 253Btry 257Bk 253Dnew 2520Date 2528 2529 253Bk.setTime 2528k.getTime 2528 2529+m*1000 2529 253Bg.cookie 253D 255Bl 252C 2522 253D 2522 252CencodeURIComponent 2528o 2529 252C 2522 253B 2520domain 253D 2522 252Cn 252C 2522 253B 2520path 253D/ 253B 2520max-age 253D 2522 252Cm 252C 2522 253B 2520expires 253D 2522 252Ck.toUTCString 2528 2529 255D.join 2528 2522 2522 2529 257Dcatch 2528p 2529 257B 257D 257Dfunction 2520h 2528l 2529 257Bvar 2520k 252Cm 253Btry 257Bk 253Dnew 2520Image 2528 2529 253Bk.onerror 253Dk.onload 253Dfunction 2528 2529 257Bk.onerror 253Dk.onload 253Dnull 253Bk 253Dnull 257D 253Bk.src 253Dl 257Dcatch 2528m 2529 257B 257D 257Dfunction 2520j 2528u 252CA 252Cn 252Cy 2529 257Bvar 2520w 253D0 252Cv 252Cz 252Cx 252Cs 252Ct 252Cp 252Cm 252Cr 252Cl 252Co 252Ck 252Cq 253Btry 257Bb 253Dlocation 257Dcatch 2528r 2529 257Bb 253Dnull 257Dtry 257Bif 2528a 2529 257Bk 253Da.parse 2528y 2529 257Delse 257Bq 253Dnew 2520Function 2528 2522return 2520 2522+y 2529 253Bk 253Dq 2528 2529 257D 257Dcatch 2528r 2529 257Bk 253Dnull 257Dtry 257Bv 253Db.hostname 253Bz 253Db.protocol 253Bif 2528z 2529 257Bz+ 253D 2522// 2522 257D 257Dcatch 2528r 2529 257Bv 253Dz 253D 2522 2522 257Dif 2528 2521v 2529 257Btry 257Bx 253Dg.URL 257C 257Cb.href 257C 257C 2522 2522 253Bs 253Dx.match 2528/ 255E 2528 2528http 255Bs 255D 253F 2529 255C 253A 255B 255C/ 255D+ 2529 253F 2528 255B 255E 253A 255C/ 255Cs 255D+ 257C 255B 255C 253A 255Cdabcdef 255C. 255D+ 2529/i 2529 253Bif 2528s 2526 2526s 255B1 255D 2526 2526s 255B3 255D 2529 257Bz 253Ds 255B1 255D 257C 257C 2522 2522 253Bv 253Ds 255B3 255D 257C 257C 2522 2522 257D 257Dcatch 2528r 2529 257Bz 253Dv 253D 2522 2522 257D 257Dif 2528 2521v 257C 257C 2521k 257C 257C 2521z 257C 257C 2521A 2529 257Breturn 257Dwhile 2528l 253Dd 255Bw++ 255D 2529 257Bt 253Dl.replace 2528/ 255C./g 252C 2522 255C 255C. 2522 2529 253Bp 253Dnew 2520RegExp 2528 2522 2528 255C 255C. 2529+ 2522+t+ 2522 2524 2522 2529 253Bif 2528v 253D 253Dl 257C 257Cv.search 2528p 2529 2521 253D-1 2529 257Bo 253Dl 253Bbreak 257D 257Dif 2528 2521o 2529 257Breturn 257Dif 2528z 253D 253D 253De 2529 257BA 253Dn 257Dw 253D0 253Bwhile 2528m 253DA 255Bw++ 255D 2529 257Bh 2528z+m+k 255Bm.substr 25281+m.lastIndexOf 2528 2522 253D 2522 2529 2529 255D 2529 257Di 2528f 252Cu 252Co 252C86400 2529 257Dj 2528 2527e2593b7d549a8c3fda7f88c5c6163d9c 2527 252C 255B 2527ad.yieldmanager.com/csync 253Fver 253D2.1 2527 252C 2527csync.yahooapis.com/csync 253Fver 253D2.1 2527 252C 2527u2sb.interclick.com/beacon.gif 253Fver 253D2.1 2527 255D 252C 255B 2527ad.yieldmanager.com/csync 253Fver 253D2.1 2527 252C 2527cdnk.interclick.com/beacon.gif 253Fver 253D2.1 2527 252C 2527csync.yahooapis.com/csync 253Fver 253D2.1 2527 255D 252C 2527 257B 25222.1 2522 253A 2522 2526id 253D23351 2526value 253Dpix3t199xy9ay 252526o 25253d4 252526q 25253d4AksiKgcLRVndrt3cI90FY6MuQRNZozQh1fxSSjyhxAk 252526f 25253dvc 252526v 25253daOBO1lbwELthHlHpRWO4 2526optout 253Dh 25253d1 252526b 25253d0 252526qag 25253d1 2526timeout 253D1406717126 2526sig 253D14l0jt5rh 2522 257D 2527 2529 257D 2529 2528window 2529 253B 250A 253C/script 253E".
  10. [/code]
  11. [code]
  12. [NoScript InjectionChecker] HTML injection:
  13. <style
  14. matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|i(?:s(?:c(?:o(?:verystatechanged|nnect(?:ing|ed))|hargingtimechange)|abled)|aling)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rol(?:lerchange|select)|extmenu)|nect(?:ing|ed)?)|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change|u(?:echange|t))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|ad(?:ystatechange|success|error)|mo(?:te(?:resume|hel)d|vetrack)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:adiost)?atechange)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:(?:lec(?:tstar)?)?t|ek(?:ing|ed)|n(?:ding|t))|pe(?:akerforcedchange|ech(?:start|end))|c(?:ostatuschanged|roll)|u(?:ccess|spend|bmit)|ound(?:start|end)|how)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|p(?:o(?:inter(?:(?:lea|mo)ve|o(?:ver|ut)|cancel|enter|down|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state))|a(?:i(?:redstatuschanged|nt)|ge(?:hide|show)|(?:st|us)e)|ro(?:pertychange|gress)|endingchange|lay(?:ing)?)|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load|interruptbegin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|fter(?:(?:scriptexecu|upda)te|print)|d(?:apter(?:remov|add)ed|dtrack)|(?:2dpstatus|ttribute)changed|udio(?:process|start|end)|ctivate|lerting|bort)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ypechange|ext)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|e(?:m(?:ergencycbmodechange|ptied)|n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|victed|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|requencychange|ailed|etch)|u(?:p(?:date(?:found|ready)|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|o(?:(?:tastatuschang|(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|h(?:e(?:adphoneschange|l[dp])|fpstatuschanged|ashchange|olding)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|v(?:o(?:lum|ic)e|ersion)change|n(?:o(?:update|match)|eedkey)|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s\0]*=
  15. [/code]
  16. [code]
  17. [NoScript XSS]: sanitized window.name, "pos=LDRB&id=yom-ad-LDRB-iframe&html=%253Cstyle%2520type%253D%2522text/css%2522%253E%250A.CAN_ad%2520.yadslug%2520%257B%250A%2520%2520%2520%2520position%253A%2520absolute%2520%2521important%253B%2520right%253A%25201px%253B%2520top%253A1px%253B%2520display%253Ainline-block%250A%2521important%253B%2520z-index%2520%253A%2520999%253B%250A%2520%2520%2520%2520color%253A%2523999%2520%2521important%253Btext-decoration%253Anone%253Bbackground%253A%2523fff%250Aurl%2528%2527http%253A//ads.yldmgrimg.net/apex/mediastore/adchoice_1.png%2527%2529%2520no-repeat%2520100%2525%25200%250A%2521important%253Bcursor%253Ahand%2520%2521important%253Bheight%253A12px%2520%2521important%253Bpadding%253A0px%252014px%25200px%250A1px%2520%2521important%253Bdisplay%253Ainline-block%2520%2521important%253B%250A%257D%250A.CAN_ad%2520.yadslug%2520span%2520%257Bdisplay%253Anone%2520%2521important%253B%257D%250A.CAN_ad%2520.yadslug%253Ahover%2520%257Bzoom%253A%25201%253B%257D%250A.CAN_ad%2520.yadslug%253Ahover%2520span%2520%257Bdisplay%253Ainline-block%2520%2521important%253Bcolor%253A%2523999%250A%2521important%253B%257D%250A.CAN_ad%2520.yadslug%253Ahover%2520span%252C%2520.CAN_ad%2520.yadslug%253Ahover%2520%257Bfont%253A11px%2520arial%250A%2521important%253B%257D%250A%253C/style%253E%2520%2520%2520%2520%250A%253Cdiv%2520class%253D%2522CAN_ad%2522%2520style%253D%2522display%253Ainline-block%253Bposition%253A%2520relative%253B%2522%253E%250A%253Ca%2520class%253D%2522yadslug%2522%250Ahref%253D%2522http%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NTQzdmI3bihnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCx3JDAseW9vJDEsYWdwJDMyNzE2OTMwNTEsYXAkTERSQikp/0/*http%253A//info.yahoo.com/relevantads/%2522%250Atarget%253D%2522_blank%2522%253E%253Cspan%253EAdChoices%253C/span%253E%253C/a%253E%253C%2521--%2520APT%2520Vendor%253A%2520Atlas%252C%2520Format%253A%2520Standard%2520Graphical%2520--%253E%250A%253Ciframe%2520src%253D%2522https%253A//view.atdmt.com/NYC/iview/475359404/direct%253Bwi.728%253Bhi.90/01%253Ftime%253D1406717126.737168%2526click%253Dhttp%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NXVycjQxaChnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCxyJDAseW9vJDEsYWdwJDMyNzE2OTMwNTEsYXAkTERSQikp/0/*%2522%2520frameborder%253D%25220%2522%2520scrolling%253D%2522no%2522%2520marginheight%253D%25220%2522%2520marginwidth%253D%25220%2522%2520topmargin%253D%25220%2522%2520leftmargin%253D%25220%2522%2520allowtransparency%253D%2522true%2522%2520width%253D%2522728%2522%2520height%253D%252290%2522%253E%250A%253Cscript%2520language%253D%2522JavaScript%2522%2520type%253D%2522text/javascript%2522%253E%250Adocument.write%2528%2527%253Ca%2520HREF%253D%2522http%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3aWk5dGVlaihnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCxyJDEscmQkMTJrOWd1ZWJuLHlvbyQxLGFncCQzMjcxNjkzMDUxLGFwJExEUkIpKQ/2/*http%253A//clk.atdmt.com/NYC/go/475359404/direct%253Bwi.728%253Bhi.90/01/%253Ftime%253D1406717126.737168%2522%2520target%253D%2522_blank%2522%253E%253Cimg%2520src%253D%2522https%253A//view.atdmt.com/NYC/view/475359404/direct%253Bwi.728%253Bhi.90/01/%253Ftime%253D1406717126.737168%2522/%253E%253C/a%253E%2527%2529%253B%250A%253C/script%253E%253Cnoscript%253E%253Ca%2520HREF%253D%2522http%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3aWtvbnE5byhnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCxyJDIscmQkMTJrOWd1ZWJuLHlvbyQxLGFncCQzMjcxNjkzMDUxLGFwJExEUkIpKQ/2/*http%253A//clk.atdmt.com/NYC/go/475359404/direct%253Bwi.728%253Bhi.90/01/%253Ftime%253D1406717126.737168%2522%2520target%253D%2522_blank%2522%253E%253Cimg%2520border%253D%25220%2522%2520src%253D%2522https%253A//view.atdmt.com/NYC/view/475359404/direct%253Bwi.728%253Bhi.90/01/%253Ftime%253D1406717126.737168%2522%2520/%253E%253C/a%253E%253C/noscript%253E%253C/iframe%253E%250A%250A%253CSCRIPT%2520language%253D%2527JavaScript1.1%2527%2520SRC%253D%2522https%253A//pixel.adsafeprotected.com/rjss/st/27731/2507836/skeleton.js%2522%253E%253C/SCRIPT%253E%250A%253C%2521--http%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NTVxb2xhdChnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCxyJDMseW9vJDEsYWdwJDMyNzE2OTMwNTEsYXAkTERSQikp/0/*--%253E%253C%2521--QYZ%25202139750051%252C4200473051%252C98.139.230.56%253B%253BLDRB%253B7665145%253B1%253B--%253E%253C/div%253E&src=http%3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML=&cscURI=&behavior=expIfr_exp&hasErr=&hasError=&adID=999999&matchID=&bookID=2139750051&serveType=-1&slotID=1&size=728x90&hasExternal=&hasRMX=&ioID=999999&lineID=999999&creativeID=4200473051&placementID=3271693051&impID=NP1NAWKL4NQ-&supp_ugc=0&fdb=fdb_url%3Dhttp%253A//af.beap.bc.yahoo.com/af%253Fbv%253D1.0.0%2526bs%253D%252816f8o4nm5%2528gid%2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%252Cst%25241406717126652396%252Csrv%25241%252Csi%25244464051%252Cadv%252422978787195%252Cct%252425%252Cli%25243265975551%252Cexp%25241406724326652396%252Ccr%25244200473051%252Cdmn%2524individual.troweprice.com%252Cpbid%252420459933223%252Cv%25241.0%2529%2529%2526al%253D%2528type%2524%257Btype%257D%252Ccmnt%2524%257Bcmnt%257D%252Csubo%2524%257Bsubo%257D%2529%2526r%253D10%26fdb_on%3D1%26fdb_exp%3D1406724326652&serveTime=1406717126652396&meta=ownerKey%253Dy%2526title%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D%2526y%253DcscHTML%25253D%252526cscURI%25253D%252526impID%25253DNP1NAWKL4NQ-%252526supp_ugc%25253D0%252526placementID%25253D3271693051%252526creativeID%25253D4200473051%252526serveTime%25253D1406717126652396%252526behavior%25253DexpIfr_exp%252526adID%25253D9032990752802799208%252526matchID%25253D999999.999999.999999.999999%252526err%25253D%252526hasExternal%25253D0%252526size%25253D728x90%252526bookID%25253D2139750051%252526serveType%25253D-1%252526slotID%25253D1%252526fdb%25253D%2525257B%25252520%25252522fdb_url%25252522%2525253A%25252520%25252522http%2525253A%2525255C/%2525255C/af.beap.bc.yahoo.com%2525255C/af%2525253Fbv%2525253D1.0.0%25252526bs%2525253D%2525252816f8o4nm5%25252528gid%25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%2525252Cst%252525241406717126652396%2525252Csrv%252525241%2525252Csi%252525244464051%2525252Cadv%2525252422978787195%2525252Cct%2525252425%2525252Cli%252525243265975551%2525252Cexp%252525241406724326652396%2525252Ccr%252525244200473051%2525252Cdmn%25252524individual.troweprice.com%2525252Cpbid%2525252420459933223%2525252Cv%252525241.0%25252529%25252529%25252526al%2525253D%25252528type%25252524%2525257Btype%2525257D%2525252Ccmnt%25252524%2525257Bcmnt%2525257D%2525252Csubo%25252524%2525257Bsubo%2525257D%25252529%25252526r%2525253D10%25252522%2525252C%25252520%25252522fdb_on%25252522%2525253A%25252520%252525221%25252522%2525252C%25252520%25252522fdb_exp%25252522%2525253A%25252520%252525221406724326652%25252522%25252520%2525257D&conf=w%3D728%26h%3D90%26dest%3Dyom-ad-LDRB-iframe%26fr%3DexpIfr_exp%26pos%3DLDRB%26id%3DLDRB%26clean%3Dyom-ad-LDRB%26rmxp%3D0%26z%3D20%26metaSize%3Dtrue%26supports%3Dexp-ovr%253D1%2526exp-push%253D1%26wcpx%3D1%26hcpx%3D1%26async%3Dfalse%26css%3D%26size%3D728x90%26flex%3Dnull%26bg%3Dtransparent%26tgt%3D_blank%26fdb%3Dfalse%26meta%3Dtitle%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D&renderClass=expIfr_exp&guid=dr__0_1406717185002_78&geom=win%253Dt%25253D-4%252526l%25253D-4%252526b%25253D850%252526r%25253D1916%252526w%25253D1920%252526h%25253D854%2526par%253Dt%25253D0%252526l%25253D0%252526r%25253D1905%252526b%25253D854%252526w%25253D1905%252526h%25253D854%2526doc%253Dt%25253D0%252526l%25253D0%252526b%25253D4568%252526r%25253D1905%252526w%25253D1905%252526h%25253D4568%2526root%253Dtrue%2526fixed%253Dnull%2526exp%253Dt%25253D91%252526l%25253D197%252526r%25253D980%252526b%25253D673%252526xs%25253Dfalse%252526ys%25253Dfalse%252526w%25253D783%252526h%25253D582%252526civ%25253D0%2526self%253Dt%25253D91%252526l%25253D197%252526r%25253D925%252526b%25253D181%252526w%25253D728%252526h%25253D90%252526z%25253D20%252526iv%25253D1%252526xiv%25253D1%252526yiv%25253D1&ckOn=true&dm=&hf=false&flexW=false&flexH=false&origX=197&origY=91&srcHost=http%3A//l.yimg.com&host=http%3A//news.yahoo.com&hostURL=http%253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL=&proxyID=&html5=1&proxyPath=" to "pos LDRB&id yom-ad-LDRB-iframe&html  253Cstyle 2520type 253D 2522text/css 2522 253E 250A.CAN_ad 2520.yadslug 2520 257B 250A 2520 2520 2520 2520position 253A 2520absolute 2520 2521important 253B 2520right 253A 25201px 253B 2520top 253A1px 253B 2520display 253Ainline-block 250A 2521important 253B 2520z-index 2520 253A 2520999 253B 250A 2520 2520 2520 2520color 253A 2523999 2520 2521important 253Btext-decoration 253Anone 253Bbackground 253A 2523fff 250Aurl 2528 2527http 253A//ads.yldmgrimg.net/apex/mediastore/adchoice_1.png 2527 2529 2520no-repeat 2520100 2525 25200 250A 2521important 253Bcursor 253Ahand 2520 2521important 253Bheight 253A12px 2520 2521important 253Bpadding 253A0px 252014px 25200px 250A1px 2520 2521important 253Bdisplay 253Ainline-block 2520 2521important 253B 250A 257D 250A.CAN_ad 2520.yadslug 2520span 2520 257Bdisplay 253Anone 2520 2521important 253B 257D 250A.CAN_ad 2520.yadslug 253Ahover 2520 257Bzoom 253A 25201 253B 257D 250A.CAN_ad 2520.yadslug 253Ahover 2520span 2520 257Bdisplay 253Ainline-block 2520 2521important 253Bcolor 253A 2523999 250A 2521important 253B 257D 250A.CAN_ad 2520.yadslug 253Ahover 2520span 252C 2520.CAN_ad 2520.yadslug 253Ahover 2520 257Bfont 253A11px 2520arial 250A 2521important 253B 257D 250A 253C/style 253E 2520 2520 2520 2520 250A 253Cdiv 2520class 253D 2522CAN_ad 2522 2520style 253D 2522display 253Ainline-block 253Bposition 253A 2520relative 253B 2522 253E 250A 253Ca 2520class 253D 2522yadslug 2522 250Ahref 253D 2522http 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NTQzdmI3bihnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCx3JDAseW9vJDEsYWdwJDMyNzE2OTMwNTEsYXAkTERSQikp/0/*http 253A//info.yahoo.com/relevantads/ 2522 250Atarget 253D 2522_blank 2522 253E 253Cspan 253EAdChoices 253C/span 253E 253C/a 253E 253C 2521-- 2520APT 2520Vendor 253A 2520Atlas 252C 2520Format 253A 2520Standard 2520Graphical 2520-- 253E 250A 253Ciframe 2520src 253D 2522https 253A//view.atdmt.com/NYC/iview/475359404/direct 253Bwi.728 253Bhi.90/01 253Ftime 253D1406717126.737168 2526click 253Dhttp 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NXVycjQxaChnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCxyJDAseW9vJDEsYWdwJDMyNzE2OTMwNTEsYXAkTERSQikp/0/* 2522 2520frameborder 253D 25220 2522 2520scrolling 253D 2522no 2522 2520marginheight 253D 25220 2522 2520marginwidth 253D 25220 2522 2520topmargin 253D 25220 2522 2520leftmargin 253D 25220 2522 2520allowtransparency 253D 2522true 2522 2520width 253D 2522728 2522 2520height 253D 252290 2522 253E 250A 253Cscript 2520language 253D 2522JavaScript 2522 2520type 253D 2522text/javascript 2522 253E 250Adocument.write 2528 2527 253Ca 2520HREF 253D 2522http 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3aWk5dGVlaihnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCxyJDEscmQkMTJrOWd1ZWJuLHlvbyQxLGFncCQzMjcxNjkzMDUxLGFwJExEUkIpKQ/2/*http 253A//clk.atdmt.com/NYC/go/475359404/direct 253Bwi.728 253Bhi.90/01/ 253Ftime 253D1406717126.737168 2522 2520target 253D 2522_blank 2522 253E 253Cimg 2520src 253D 2522https 253A//view.atdmt.com/NYC/view/475359404/direct 253Bwi.728 253Bhi.90/01/ 253Ftime 253D1406717126.737168 2522/ 253E 253C/a 253E 2527 2529 253B 250A 253C/script 253E 253Cnoscript 253E 253Ca 2520HREF 253D 2522http 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3aWtvbnE5byhnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCxyJDIscmQkMTJrOWd1ZWJuLHlvbyQxLGFncCQzMjcxNjkzMDUxLGFwJExEUkIpKQ/2/*http 253A//clk.atdmt.com/NYC/go/475359404/direct 253Bwi.728 253Bhi.90/01/ 253Ftime 253D1406717126.737168 2522 2520target 253D 2522_blank 2522 253E 253Cimg 2520border 253D 25220 2522 2520src 253D 2522https 253A//view.atdmt.com/NYC/view/475359404/direct 253Bwi.728 253Bhi.90/01/ 253Ftime 253D1406717126.737168 2522 2520/ 253E 253C/a 253E 253C/noscript 253E 253C/iframe 253E 250A 250A 253CSCRIPT 2520language 253D 2527JavaScript1.1 2527 2520SRC 253D 2522https 253A//pixel.adsafeprotected.com/rjss/st/27731/2507836/skeleton.js 2522 253E 253C/SCRIPT 253E 250A 253C 2521--http 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NTVxb2xhdChnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQ0MjAwNDczMDUxLHYkMi4wLGFpZCROUDFOQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjEzOTc1MDA1MSxtbWUkOTAzMjk5MDc1MjgwMjc5OTIwOCxyJDMseW9vJDEsYWdwJDMyNzE2OTMwNTEsYXAkTERSQikp/0/*-- 253E 253C 2521--QYZ 25202139750051 252C4200473051 252C98.139.230.56 253B 253BLDRB 253B7665145 253B1 253B-- 253E 253C/div 253E&src http 3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML &cscURI &behavior expIfr_exp&hasErr &hasError &adID 999999&matchID &bookID 2139750051&serveType -1&slotID 1&size 728x90&hasExternal &hasRMX &ioID 999999&lineID 999999&creativeID 4200473051&placementID 3271693051&impID NP1NAWKL4NQ-&supp_ugc 0&fdb fdb_url 3Dhttp 253A//af.beap.bc.yahoo.com/af 253Fbv 253D1.0.0 2526bs 253D 252816f8o4nm5 2528gid 2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 252Cst 25241406717126652396 252Csrv 25241 252Csi 25244464051 252Cadv 252422978787195 252Cct 252425 252Cli 25243265975551 252Cexp 25241406724326652396 252Ccr 25244200473051 252Cdmn 2524individual.troweprice.com 252Cpbid 252420459933223 252Cv 25241.0 2529 2529 2526al 253D 2528type 2524 257Btype 257D 252Ccmnt 2524 257Bcmnt 257D 252Csubo 2524 257Bsubo 257D 2529 2526r 253D10 26fdb_on 3D1 26fdb_exp 3D1406724326652&serveTime 1406717126652396&meta ownerKey 253Dy 2526title 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D 2526y 253DcscHTML 25253D 252526cscURI 25253D 252526impID 25253DNP1NAWKL4NQ- 252526supp_ugc 25253D0 252526placementID 25253D3271693051 252526creativeID 25253D4200473051 252526serveTime 25253D1406717126652396 252526behavior 25253DexpIfr_exp 252526adID 25253D9032990752802799208 252526matchID 25253D999999.999999.999999.999999 252526err 25253D 252526hasExternal 25253D0 252526size 25253D728x90 252526bookID 25253D2139750051 252526serveType 25253D-1 252526slotID 25253D1 252526fdb 25253D 2525257B 25252520 25252522fdb_url 25252522 2525253A 25252520 25252522http 2525253A 2525255C/ 2525255C/af.beap.bc.yahoo.com 2525255C/af 2525253Fbv 2525253D1.0.0 25252526bs 2525253D 2525252816f8o4nm5 25252528gid 25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 2525252Cst 252525241406717126652396 2525252Csrv 252525241 2525252Csi 252525244464051 2525252Cadv 2525252422978787195 2525252Cct 2525252425 2525252Cli 252525243265975551 2525252Cexp 252525241406724326652396 2525252Ccr 252525244200473051 2525252Cdmn 25252524individual.troweprice.com 2525252Cpbid 2525252420459933223 2525252Cv 252525241.0 25252529 25252529 25252526al 2525253D 25252528type 25252524 2525257Btype 2525257D 2525252Ccmnt 25252524 2525257Bcmnt 2525257D 2525252Csubo 25252524 2525257Bsubo 2525257D 25252529 25252526r 2525253D10 25252522 2525252C 25252520 25252522fdb_on 25252522 2525253A 25252520 252525221 25252522 2525252C 25252520 25252522fdb_exp 25252522 2525253A 25252520 252525221406724326652 25252522 25252520 2525257D&conf w 3D728 26h 3D90 26dest 3Dyom-ad-LDRB-iframe 26fr 3DexpIfr_exp 26pos 3DLDRB 26id 3DLDRB 26clean 3Dyom-ad-LDRB 26rmxp 3D0 26z 3D20 26metaSize 3Dtrue 26supports 3Dexp-ovr 253D1 2526exp-push 253D1 26wcpx 3D1 26hcpx 3D1 26async 3Dfalse 26css 3D 26size 3D728x90 26flex 3Dnull 26bg 3Dtransparent 26tgt 3D_blank 26fdb 3Dfalse 26meta 3Dtitle 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D&renderClass expIfr_exp&guid dr__0_1406717185002_78&geom win 253Dt 25253D-4 252526l 25253D-4 252526b 25253D850 252526r 25253D1916 252526w 25253D1920 252526h 25253D854 2526par 253Dt 25253D0 252526l 25253D0 252526r 25253D1905 252526b 25253D854 252526w 25253D1905 252526h 25253D854 2526doc 253Dt 25253D0 252526l 25253D0 252526b 25253D4568 252526r 25253D1905 252526w 25253D1905 252526h 25253D4568 2526root 253Dtrue 2526fixed 253Dnull 2526exp 253Dt 25253D91 252526l 25253D197 252526r 25253D980 252526b 25253D673 252526xs 25253Dfalse 252526ys 25253Dfalse 252526w 25253D783 252526h 25253D582 252526civ 25253D0 2526self 253Dt 25253D91 252526l 25253D197 252526r 25253D925 252526b 25253D181 252526w 25253D728 252526h 25253D90 252526z 25253D20 252526iv 25253D1 252526xiv 25253D1 252526yiv 25253D1&ckOn true&dm &hf false&flexW false&flexH false&origX 197&origY 91&srcHost http 3A//l.yimg.com&host http 3A//news.yahoo.com&hostURL http 253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL &proxyID &html5 1&proxyPath ".
  18. [/code]
  19. [code]
  20. [NoScript InjectionChecker] HTML injection:
  21. <a href="http://clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3aGJkdDN0dShnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzODkwNjE5MDUxLHYkMi4wLGFpZCRRQlJPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjAyNzUzNzA1MSxtbWUkODUzMDcxNTgwMjM3MTU3NjM3NixyJDAscmQkMTB0dHJpNWVhLHlvbyQxLGFncCQzMDc0Njc5NTUxLGFwJExOMikp/0/*http://www.yahoo.com/?hps=246" target="_blank"><img src=
  22. matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|i(?:s(?:c(?:o(?:verystatechanged|nnect(?:ing|ed))|hargingtimechange)|abled)|aling)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rol(?:lerchange|select)|extmenu)|nect(?:ing|ed)?)|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change|u(?:echange|t))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|ad(?:ystatechange|success|error)|mo(?:te(?:resume|hel)d|vetrack)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:adiost)?atechange)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:(?:lec(?:tstar)?)?t|ek(?:ing|ed)|n(?:ding|t))|pe(?:akerforcedchange|ech(?:start|end))|c(?:ostatuschanged|roll)|u(?:ccess|spend|bmit)|ound(?:start|end)|how)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|p(?:o(?:inter(?:(?:lea|mo)ve|o(?:ver|ut)|cancel|enter|down|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state))|a(?:i(?:redstatuschanged|nt)|ge(?:hide|show)|(?:st|us)e)|ro(?:pertychange|gress)|endingchange|lay(?:ing)?)|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load|interruptbegin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|fter(?:(?:scriptexecu|upda)te|print)|d(?:apter(?:remov|add)ed|dtrack)|(?:2dpstatus|ttribute)changed|udio(?:process|start|end)|ctivate|lerting|bort)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ypechange|ext)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|e(?:m(?:ergencycbmodechange|ptied)|n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|victed|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|requencychange|ailed|etch)|u(?:p(?:date(?:found|ready)|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|o(?:(?:tastatuschang|(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|h(?:e(?:adphoneschange|l[dp])|fpstatuschanged|ashchange|olding)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|v(?:o(?:lum|ic)e|ersion)change|n(?:o(?:update|match)|eedkey)|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s\0]*=
  23. [/code]
  24. [code]
  25. [NoScript XSS]: sanitized window.name, "pos=LN2&id=yom-ad-LN2-iframe&html=%253Ca%2520href%253D%2522http%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3aGJkdDN0dShnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzODkwNjE5MDUxLHYkMi4wLGFpZCRRQlJPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjAyNzUzNzA1MSxtbWUkODUzMDcxNTgwMjM3MTU3NjM3NixyJDAscmQkMTB0dHJpNWVhLHlvbyQxLGFncCQzMDc0Njc5NTUxLGFwJExOMikp/0/*http%253A//www.yahoo.com/%253Fhps%253D246%2522%2520target%253D%2522_blank%2522%253E%253Cimg%2520src%253D%2522http%253A//ads.yldmgrimg.net/apex/mediastore/6d9b1025-28cb-41a0-8b8e-bdd23e445c73_1%2522%2520alt%253D%2522%2522%2520title%253D%2522%2522%2520width%253D120%2520height%253D55%2520border%253D0/%253E%253C/a%253E%253C%2521--QYZ%25202027537051%252C3890619051%252C98.139.230.56%253B%253BLN2%253B7665145%253B1%253B--%253E&src=http%3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML=&cscURI=&behavior=non_exp&hasErr=&hasError=&adID=999999&matchID=&bookID=2027537051&serveType=-1&slotID=2&size=120x55&hasExternal=&hasRMX=&ioID=999999&lineID=999999&creativeID=3890619051&placementID=3074679551&impID=QBROAWKL4NQ-&supp_ugc=0&fdb=fdb_url%3Dhttp%253A//af.beap.bc.yahoo.com/af%253Fbv%253D1.0.0%2526bs%253D%2528163hukstm%2528gid%2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%252Cst%25241406717126652396%252Csrv%25241%252Csi%25244464051%252Cadv%252429146799433%252Cct%252425%252Cli%25243066866551%252Cexp%25241406724326652396%252Ccr%25243890619051%252Cdmn%2524www.yahoo.com%252Cpbid%252420459933223%252Cv%25241.0%2529%2529%2526al%253D%2528type%2524%257Btype%257D%252Ccmnt%2524%257Bcmnt%257D%252Csubo%2524%257Bsubo%257D%2529%2526r%253D10%26fdb_on%3D1%26fdb_exp%3D1406724326652&serveTime=1406717126652396&meta=ownerKey%253Dy%2526title%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D%2526y%253DcscHTML%25253D%252526cscURI%25253D%252526impID%25253DQBROAWKL4NQ-%252526supp_ugc%25253D0%252526placementID%25253D3074679551%252526creativeID%25253D3890619051%252526serveTime%25253D1406717126652396%252526behavior%25253Dnon_exp%252526adID%25253D8530715802371576376%252526matchID%25253D999999.999999.999999.999999%252526err%25253D%252526hasExternal%25253D0%252526size%25253D120x55%252526bookID%25253D2027537051%252526serveType%25253D-1%252526slotID%25253D2%252526fdb%25253D%2525257B%25252520%25252522fdb_url%25252522%2525253A%25252520%25252522http%2525253A%2525255C/%2525255C/af.beap.bc.yahoo.com%2525255C/af%2525253Fbv%2525253D1.0.0%25252526bs%2525253D%25252528163hukstm%25252528gid%25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%2525252Cst%252525241406717126652396%2525252Csrv%252525241%2525252Csi%252525244464051%2525252Cadv%2525252429146799433%2525252Cct%2525252425%2525252Cli%252525243066866551%2525252Cexp%252525241406724326652396%2525252Ccr%252525243890619051%2525252Cdmn%25252524www.yahoo.com%2525252Cpbid%2525252420459933223%2525252Cv%252525241.0%25252529%25252529%25252526al%2525253D%25252528type%25252524%2525257Btype%2525257D%2525252Ccmnt%25252524%2525257Bcmnt%2525257D%2525252Csubo%25252524%2525257Bsubo%2525257D%25252529%25252526r%2525253D10%25252522%2525252C%25252520%25252522fdb_on%25252522%2525253A%25252520%252525221%25252522%2525252C%25252520%25252522fdb_exp%25252522%2525253A%25252520%252525221406724326652%25252522%25252520%2525257D&conf=w%3D120%26h%3D55%26dest%3Dyom-ad-LN2-iframe%26fr%3DexpIfr_exp%26pos%3DLN2%26id%3DLN2%26clean%3Dyom-ad-LN2%26rmxp%3D0%26metaSize%3Dtrue%26z%3D10%26wcpx%3D1%26hcpx%3D1%26async%3Dfalse%26css%3D%26supports%3Dexp-ovr%253D1%2526exp-push%253D0%2526bg%253D0%2526lyr%253D0%2526write-cookie%253D0%2526read-cookie%253D0%26size%3D120x55%26flex%3Dnull%26bg%3Dtransparent%26tgt%3D_blank%26fdb%3Dfalse%26meta%3Dtitle%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D&renderClass=expIfr_exp&guid=dr__0_1406717185002_78&geom=win%253Dt%25253D-4%252526l%25253D-4%252526b%25253D850%252526r%25253D1916%252526w%25253D1920%252526h%25253D854%2526par%253Dt%25253D0%252526l%25253D0%252526r%25253D1905%252526b%25253D854%252526w%25253D1905%252526h%25253D854%2526doc%253Dt%25253D0%252526l%25253D0%252526b%25253D4568%252526r%25253D1905%252526w%25253D1905%252526h%25253D4568%2526root%253Dtrue%2526fixed%253Dnull%2526exp%253Dt%25253D682.5%252526l%25253D15%252526r%25253D1770%252526b%25253D116.5%252526xs%25253Dfalse%252526ys%25253Dfalse%252526w%25253D1755%252526h%25253D0%252526civ%25253D0%2526self%253Dt%25253D682.5%252526l%25253D15%252526r%25253D135%252526b%25253D737.5%252526w%25253D120%252526h%25253D55%252526z%25253D10%252526iv%25253D1%252526xiv%25253D1%252526yiv%25253D1&ckOn=true&dm=&hf=false&flexW=false&flexH=false&origX=15&origY=682.5&srcHost=http%3A//l.yimg.com&host=http%3A//news.yahoo.com&hostURL=http%253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL=&proxyID=&html5=1&proxyPath=" to "pos LN2&id yom-ad-LN2-iframe&html  253Ca 2520href 253D 2522http 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3aGJkdDN0dShnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzODkwNjE5MDUxLHYkMi4wLGFpZCRRQlJPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMjAyNzUzNzA1MSxtbWUkODUzMDcxNTgwMjM3MTU3NjM3NixyJDAscmQkMTB0dHJpNWVhLHlvbyQxLGFncCQzMDc0Njc5NTUxLGFwJExOMikp/0/*http 253A//www.yahoo.com/ 253Fhps 253D246 2522 2520target 253D 2522_blank 2522 253E 253Cimg 2520src 253D 2522http 253A//ads.yldmgrimg.net/apex/mediastore/6d9b1025-28cb-41a0-8b8e-bdd23e445c73_1 2522 2520alt 253D 2522 2522 2520title 253D 2522 2522 2520width 253D120 2520height 253D55 2520border 253D0/ 253E 253C/a 253E 253C 2521--QYZ 25202027537051 252C3890619051 252C98.139.230.56 253B 253BLN2 253B7665145 253B1 253B-- 253E&src http 3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML &cscURI &behavior non_exp&hasErr &hasError &adID 999999&matchID &bookID 2027537051&serveType -1&slotID 2&size 120x55&hasExternal &hasRMX &ioID 999999&lineID 999999&creativeID 3890619051&placementID 3074679551&impID QBROAWKL4NQ-&supp_ugc 0&fdb fdb_url 3Dhttp 253A//af.beap.bc.yahoo.com/af 253Fbv 253D1.0.0 2526bs 253D 2528163hukstm 2528gid 2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 252Cst 25241406717126652396 252Csrv 25241 252Csi 25244464051 252Cadv 252429146799433 252Cct 252425 252Cli 25243066866551 252Cexp 25241406724326652396 252Ccr 25243890619051 252Cdmn 2524www.yahoo.com 252Cpbid 252420459933223 252Cv 25241.0 2529 2529 2526al 253D 2528type 2524 257Btype 257D 252Ccmnt 2524 257Bcmnt 257D 252Csubo 2524 257Bsubo 257D 2529 2526r 253D10 26fdb_on 3D1 26fdb_exp 3D1406724326652&serveTime 1406717126652396&meta ownerKey 253Dy 2526title 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D 2526y 253DcscHTML 25253D 252526cscURI 25253D 252526impID 25253DQBROAWKL4NQ- 252526supp_ugc 25253D0 252526placementID 25253D3074679551 252526creativeID 25253D3890619051 252526serveTime 25253D1406717126652396 252526behavior 25253Dnon_exp 252526adID 25253D8530715802371576376 252526matchID 25253D999999.999999.999999.999999 252526err 25253D 252526hasExternal 25253D0 252526size 25253D120x55 252526bookID 25253D2027537051 252526serveType 25253D-1 252526slotID 25253D2 252526fdb 25253D 2525257B 25252520 25252522fdb_url 25252522 2525253A 25252520 25252522http 2525253A 2525255C/ 2525255C/af.beap.bc.yahoo.com 2525255C/af 2525253Fbv 2525253D1.0.0 25252526bs 2525253D 25252528163hukstm 25252528gid 25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 2525252Cst 252525241406717126652396 2525252Csrv 252525241 2525252Csi 252525244464051 2525252Cadv 2525252429146799433 2525252Cct 2525252425 2525252Cli 252525243066866551 2525252Cexp 252525241406724326652396 2525252Ccr 252525243890619051 2525252Cdmn 25252524www.yahoo.com 2525252Cpbid 2525252420459933223 2525252Cv 252525241.0 25252529 25252529 25252526al 2525253D 25252528type 25252524 2525257Btype 2525257D 2525252Ccmnt 25252524 2525257Bcmnt 2525257D 2525252Csubo 25252524 2525257Bsubo 2525257D 25252529 25252526r 2525253D10 25252522 2525252C 25252520 25252522fdb_on 25252522 2525253A 25252520 252525221 25252522 2525252C 25252520 25252522fdb_exp 25252522 2525253A 25252520 252525221406724326652 25252522 25252520 2525257D&conf w 3D120 26h 3D55 26dest 3Dyom-ad-LN2-iframe 26fr 3DexpIfr_exp 26pos 3DLN2 26id 3DLN2 26clean 3Dyom-ad-LN2 26rmxp 3D0 26metaSize 3Dtrue 26z 3D10 26wcpx 3D1 26hcpx 3D1 26async 3Dfalse 26css 3D 26supports 3Dexp-ovr 253D1 2526exp-push 253D0 2526bg 253D0 2526lyr 253D0 2526write-cookie 253D0 2526read-cookie 253D0 26size 3D120x55 26flex 3Dnull 26bg 3Dtransparent 26tgt 3D_blank 26fdb 3Dfalse 26meta 3Dtitle 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D&renderClass expIfr_exp&guid dr__0_1406717185002_78&geom win 253Dt 25253D-4 252526l 25253D-4 252526b 25253D850 252526r 25253D1916 252526w 25253D1920 252526h 25253D854 2526par 253Dt 25253D0 252526l 25253D0 252526r 25253D1905 252526b 25253D854 252526w 25253D1905 252526h 25253D854 2526doc 253Dt 25253D0 252526l 25253D0 252526b 25253D4568 252526r 25253D1905 252526w 25253D1905 252526h 25253D4568 2526root 253Dtrue 2526fixed 253Dnull 2526exp 253Dt 25253D682.5 252526l 25253D15 252526r 25253D1770 252526b 25253D116.5 252526xs 25253Dfalse 252526ys 25253Dfalse 252526w 25253D1755 252526h 25253D0 252526civ 25253D0 2526self 253Dt 25253D682.5 252526l 25253D15 252526r 25253D135 252526b 25253D737.5 252526w 25253D120 252526h 25253D55 252526z 25253D10 252526iv 25253D1 252526xiv 25253D1 252526yiv 25253D1&ckOn true&dm &hf false&flexW false&flexH false&origX 15&origY 682.5&srcHost http 3A//l.yimg.com&host http 3A//news.yahoo.com&hostURL http 253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL &proxyID &html5 1&proxyPath ".
  26. [/code]
  27. [code]
  28. [NoScript InjectionChecker] HTML injection:
  29. <SCRIPT
  30. matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|i(?:s(?:c(?:o(?:verystatechanged|nnect(?:ing|ed))|hargingtimechange)|abled)|aling)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rol(?:lerchange|select)|extmenu)|nect(?:ing|ed)?)|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change|u(?:echange|t))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|ad(?:ystatechange|success|error)|mo(?:te(?:resume|hel)d|vetrack)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:adiost)?atechange)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:(?:lec(?:tstar)?)?t|ek(?:ing|ed)|n(?:ding|t))|pe(?:akerforcedchange|ech(?:start|end))|c(?:ostatuschanged|roll)|u(?:ccess|spend|bmit)|ound(?:start|end)|how)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|p(?:o(?:inter(?:(?:lea|mo)ve|o(?:ver|ut)|cancel|enter|down|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state))|a(?:i(?:redstatuschanged|nt)|ge(?:hide|show)|(?:st|us)e)|ro(?:pertychange|gress)|endingchange|lay(?:ing)?)|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load|interruptbegin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|fter(?:(?:scriptexecu|upda)te|print)|d(?:apter(?:remov|add)ed|dtrack)|(?:2dpstatus|ttribute)changed|udio(?:process|start|end)|ctivate|lerting|bort)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ypechange|ext)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|e(?:m(?:ergencycbmodechange|ptied)|n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|victed|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|requencychange|ailed|etch)|u(?:p(?:date(?:found|ready)|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|o(?:(?:tastatuschang|(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|h(?:e(?:adphoneschange|l[dp])|fpstatuschanged|ashchange|olding)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|v(?:o(?:lum|ic)e|ersion)change|n(?:o(?:update|match)|eedkey)|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s\0]*=
  31. [/code]
  32. [code]
  33. [NoScript XSS]: sanitized window.name, "pos=LREC&id=yom-ad-LREC-iframe&html=%253C%2521--Vendor%253A%2520Right%2520Media%252C%2520Format%253A%2520Script%2520--%253E%253CSCRIPT%2520TYPE%253D%2522text/javascript%2522%2520SRC%253D%2522http%253A//ads.yahoo.com/st%253Fad_type%253Dad%2526publisher_blob%253Dlmsid%253Aa077000000CFoGyAAL%253Brevsp%253AYahoo%2521%2520News%253Blpstaid%253A0433d4eb-2830-3cbc-ba98-7caf5302b653%257CJDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%257C7665145%257CLREC%257C1406717126.738342%257C2-8-1%2526cnt%253Dyan%2526ad_size%253D300x250%2526site%253D140477%2526section_code%253D2937552051%2526cb%253D1406717126.738342%2526yud%253Dsmpv%25253d3%252526ed%25253dzAomdF31xQxuC8RcCEyKD8XNfbhfAejk7A--%2526pub_redirect_unencoded%253D1%2526pub_url%253Dhttp%253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526pub_redirect%253Dhttp%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NWE0MjV0OChnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzNzI2ODE0MDUxLHYkMi4wLGFpZCRUQ3RPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMTk0MTM5ODA1MSxtbWUkODE2NTk2NTcwNDc1ODQ2ODE4NyxyJDAseW9vJDEsYWdwJDI5Mzc1NTIwNTEsYXAkTFJFQykp/0/*%2522%253E%253C/SCRIPT%253E%253C%2521--QYZ%25201941398051%252C3726814051%252C98.139.230.56%253B%253BLREC%253B7665145%253B1%253B--%253E&src=http%3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML=&cscURI=&behavior=non_exp&hasErr=&hasError=&adID=999999&matchID=&bookID=1941398051&serveType=-1&slotID=3&size=300x250&hasExternal=&hasRMX=1&ioID=999999&lineID=999999&creativeID=3726814051&placementID=2937552051&impID=TCtOAWKL4NQ-&supp_ugc=0&fdb=fdb_url%3Dhttp%253A//af.beap.bc.yahoo.com/af%253Fbv%253D1.0.0%2526bs%253D%252815h732jub%2528gid%2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%252Cst%25241406717126652396%252Csrv%25241%252Csi%25244464051%252Cadv%252428845691635%252Cct%252425%252Cli%25242928224551%252Cexp%25241406724326652396%252Ccr%25243726814051%252Cpbid%252420459933223%252Cv%25241.0%2529%2529%2526al%253D%2528type%2524%257Btype%257D%252Ccmnt%2524%257Bcmnt%257D%252Csubo%2524%257Bsubo%257D%2529%2526r%253D10%26fdb_on%3D1%26fdb_exp%3D1406724326652&serveTime=1406717126652396&meta=ownerKey%253Dy%2526title%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D%2526y%253DcscHTML%25253D%252526cscURI%25253D%252526impID%25253DTCtOAWKL4NQ-%252526supp_ugc%25253D0%252526placementID%25253D2937552051%252526creativeID%25253D3726814051%252526serveTime%25253D1406717126652396%252526behavior%25253Dnon_exp%252526adID%25253D8165965704758468187%252526matchID%25253D999999.999999.999999.999999%252526err%25253D%252526hasExternal%25253D0%252526size%25253D300x250%252526bookID%25253D1941398051%252526serveType%25253D-1%252526slotID%25253D3%252526fdb%25253D%2525257B%25252520%25252522fdb_url%25252522%2525253A%25252520%25252522http%2525253A%2525255C/%2525255C/af.beap.bc.yahoo.com%2525255C/af%2525253Fbv%2525253D1.0.0%25252526bs%2525253D%2525252815h732jub%25252528gid%25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%2525252Cst%252525241406717126652396%2525252Csrv%252525241%2525252Csi%252525244464051%2525252Cadv%2525252428845691635%2525252Cct%2525252425%2525252Cli%252525242928224551%2525252Cexp%252525241406724326652396%2525252Ccr%252525243726814051%2525252Cpbid%2525252420459933223%2525252Cv%252525241.0%25252529%25252529%25252526al%2525253D%25252528type%25252524%2525257Btype%2525257D%2525252Ccmnt%25252524%2525257Bcmnt%2525257D%2525252Csubo%25252524%2525257Bsubo%2525257D%25252529%25252526r%2525253D10%25252522%2525252C%25252520%25252522fdb_on%25252522%2525253A%25252520%252525221%25252522%2525252C%25252520%25252522fdb_exp%25252522%2525253A%25252520%252525221406724326652%25252522%25252520%2525257D%252526hasRMX%25253D1&conf=w%3D300%26h%3D250%26dest%3Dyom-ad-LREC-iframe%26fr%3DexpIfr_exp%26pos%3DLREC%26id%3DLREC%26clean%3Dyom-ad-LREC%26rmxp%3D0%26metaSize%3Dtrue%26supports%3Dexp-ovr%253D1%2526lyr%253D1%26z%3D10%26wcpx%3D1%26hcpx%3D1%26async%3Dfalse%26css%3D%26size%3D300x250%26flex%3Dnull%26bg%3Dtransparent%26tgt%3D_blank%26fdb%3Dfalse%26meta%3Dtitle%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D&renderClass=expIfr_exp&guid=dr__0_1406717185002_78&geom=win%253Dt%25253D-4%252526l%25253D-4%252526b%25253D850%252526r%25253D1916%252526w%25253D1920%252526h%25253D854%2526par%253Dt%25253D0%252526l%25253D0%252526r%25253D1905%252526b%25253D854%252526w%25253D1905%252526h%25253D854%2526doc%253Dt%25253D0%252526l%25253D0%252526b%25253D4568%252526r%25253D1905%252526w%25253D1905%252526h%25253D4568%2526root%253Dtrue%2526fixed%253Dnull%2526exp%253Dt%25253D539.4166870117188%252526l%25253D900%252526r%25253D705%252526b%25253D64.58331298828125%252526xs%25253Dfalse%252526ys%25253Dfalse%252526w%25253D0%252526h%25253D0%252526civ%25253D0%2526self%253Dt%25253D539.4166870117188%252526l%25253D900%252526r%25253D1200%252526b%25253D789.4166870117188%252526w%25253D300%252526h%25253D250%252526z%25253D10%252526iv%25253D1%252526xiv%25253D1%252526yiv%25253D1&ckOn=true&dm=&hf=false&flexW=false&flexH=false&origX=900&origY=539.4166870117188&srcHost=http%3A//l.yimg.com&host=http%3A//news.yahoo.com&hostURL=http%253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL=&proxyID=&html5=1&proxyPath=" to "pos LREC&id yom-ad-LREC-iframe&html  253C 2521--Vendor 253A 2520Right 2520Media 252C 2520Format 253A 2520Script 2520-- 253E 253CSCRIPT 2520TYPE 253D 2522text/javascript 2522 2520SRC 253D 2522http 253A//ads.yahoo.com/st 253Fad_type 253Dad 2526publisher_blob 253Dlmsid 253Aa077000000CFoGyAAL 253Brevsp 253AYahoo 2521 2520News 253Blpstaid 253A0433d4eb-2830-3cbc-ba98-7caf5302b653 257CJDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 257C7665145 257CLREC 257C1406717126.738342 257C2-8-1 2526cnt 253Dyan 2526ad_size 253D300x250 2526site 253D140477 2526section_code 253D2937552051 2526cb 253D1406717126.738342 2526yud 253Dsmpv 25253d3 252526ed 25253dzAomdF31xQxuC8RcCEyKD8XNfbhfAejk7A-- 2526pub_redirect_unencoded 253D1 2526pub_url 253Dhttp 253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526pub_redirect 253Dhttp 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NWE0MjV0OChnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzNzI2ODE0MDUxLHYkMi4wLGFpZCRUQ3RPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMTk0MTM5ODA1MSxtbWUkODE2NTk2NTcwNDc1ODQ2ODE4NyxyJDAseW9vJDEsYWdwJDI5Mzc1NTIwNTEsYXAkTFJFQykp/0/* 2522 253E 253C/SCRIPT 253E 253C 2521--QYZ 25201941398051 252C3726814051 252C98.139.230.56 253B 253BLREC 253B7665145 253B1 253B-- 253E&src http 3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML &cscURI &behavior non_exp&hasErr &hasError &adID 999999&matchID &bookID 1941398051&serveType -1&slotID 3&size 300x250&hasExternal &hasRMX 1&ioID 999999&lineID 999999&creativeID 3726814051&placementID 2937552051&impID TCtOAWKL4NQ-&supp_ugc 0&fdb fdb_url 3Dhttp 253A//af.beap.bc.yahoo.com/af 253Fbv 253D1.0.0 2526bs 253D 252815h732jub 2528gid 2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 252Cst 25241406717126652396 252Csrv 25241 252Csi 25244464051 252Cadv 252428845691635 252Cct 252425 252Cli 25242928224551 252Cexp 25241406724326652396 252Ccr 25243726814051 252Cpbid 252420459933223 252Cv 25241.0 2529 2529 2526al 253D 2528type 2524 257Btype 257D 252Ccmnt 2524 257Bcmnt 257D 252Csubo 2524 257Bsubo 257D 2529 2526r 253D10 26fdb_on 3D1 26fdb_exp 3D1406724326652&serveTime 1406717126652396&meta ownerKey 253Dy 2526title 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D 2526y 253DcscHTML 25253D 252526cscURI 25253D 252526impID 25253DTCtOAWKL4NQ- 252526supp_ugc 25253D0 252526placementID 25253D2937552051 252526creativeID 25253D3726814051 252526serveTime 25253D1406717126652396 252526behavior 25253Dnon_exp 252526adID 25253D8165965704758468187 252526matchID 25253D999999.999999.999999.999999 252526err 25253D 252526hasExternal 25253D0 252526size 25253D300x250 252526bookID 25253D1941398051 252526serveType 25253D-1 252526slotID 25253D3 252526fdb 25253D 2525257B 25252520 25252522fdb_url 25252522 2525253A 25252520 25252522http 2525253A 2525255C/ 2525255C/af.beap.bc.yahoo.com 2525255C/af 2525253Fbv 2525253D1.0.0 25252526bs 2525253D 2525252815h732jub 25252528gid 25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 2525252Cst 252525241406717126652396 2525252Csrv 252525241 2525252Csi 252525244464051 2525252Cadv 2525252428845691635 2525252Cct 2525252425 2525252Cli 252525242928224551 2525252Cexp 252525241406724326652396 2525252Ccr 252525243726814051 2525252Cpbid 2525252420459933223 2525252Cv 252525241.0 25252529 25252529 25252526al 2525253D 25252528type 25252524 2525257Btype 2525257D 2525252Ccmnt 25252524 2525257Bcmnt 2525257D 2525252Csubo 25252524 2525257Bsubo 2525257D 25252529 25252526r 2525253D10 25252522 2525252C 25252520 25252522fdb_on 25252522 2525253A 25252520 252525221 25252522 2525252C 25252520 25252522fdb_exp 25252522 2525253A 25252520 252525221406724326652 25252522 25252520 2525257D 252526hasRMX 25253D1&conf w 3D300 26h 3D250 26dest 3Dyom-ad-LREC-iframe 26fr 3DexpIfr_exp 26pos 3DLREC 26id 3DLREC 26clean 3Dyom-ad-LREC 26rmxp 3D0 26metaSize 3Dtrue 26supports 3Dexp-ovr 253D1 2526lyr 253D1 26z 3D10 26wcpx 3D1 26hcpx 3D1 26async 3Dfalse 26css 3D 26size 3D300x250 26flex 3Dnull 26bg 3Dtransparent 26tgt 3D_blank 26fdb 3Dfalse 26meta 3Dtitle 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D&renderClass expIfr_exp&guid dr__0_1406717185002_78&geom win 253Dt 25253D-4 252526l 25253D-4 252526b 25253D850 252526r 25253D1916 252526w 25253D1920 252526h 25253D854 2526par 253Dt 25253D0 252526l 25253D0 252526r 25253D1905 252526b 25253D854 252526w 25253D1905 252526h 25253D854 2526doc 253Dt 25253D0 252526l 25253D0 252526b 25253D4568 252526r 25253D1905 252526w 25253D1905 252526h 25253D4568 2526root 253Dtrue 2526fixed 253Dnull 2526exp 253Dt 25253D539.4166870117188 252526l 25253D900 252526r 25253D705 252526b 25253D64.58331298828125 252526xs 25253Dfalse 252526ys 25253Dfalse 252526w 25253D0 252526h 25253D0 252526civ 25253D0 2526self 253Dt 25253D539.4166870117188 252526l 25253D900 252526r 25253D1200 252526b 25253D789.4166870117188 252526w 25253D300 252526h 25253D250 252526z 25253D10 252526iv 25253D1 252526xiv 25253D1 252526yiv 25253D1&ckOn true&dm &hf false&flexW false&flexH false&origX 900&origY 539.4166870117188&srcHost http 3A//l.yimg.com&host http 3A//news.yahoo.com&hostURL http 253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL &proxyID &html5 1&proxyPath ".
  34. [/code]
  35. [code]
  36. [NoScript InjectionChecker] HTML injection:
  37. <SCRIPT
  38. matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|i(?:s(?:c(?:o(?:verystatechanged|nnect(?:ing|ed))|hargingtimechange)|abled)|aling)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rol(?:lerchange|select)|extmenu)|nect(?:ing|ed)?)|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change|u(?:echange|t))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|ad(?:ystatechange|success|error)|mo(?:te(?:resume|hel)d|vetrack)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:adiost)?atechange)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:(?:lec(?:tstar)?)?t|ek(?:ing|ed)|n(?:ding|t))|pe(?:akerforcedchange|ech(?:start|end))|c(?:ostatuschanged|roll)|u(?:ccess|spend|bmit)|ound(?:start|end)|how)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|p(?:o(?:inter(?:(?:lea|mo)ve|o(?:ver|ut)|cancel|enter|down|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state))|a(?:i(?:redstatuschanged|nt)|ge(?:hide|show)|(?:st|us)e)|ro(?:pertychange|gress)|endingchange|lay(?:ing)?)|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load|interruptbegin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|fter(?:(?:scriptexecu|upda)te|print)|d(?:apter(?:remov|add)ed|dtrack)|(?:2dpstatus|ttribute)changed|udio(?:process|start|end)|ctivate|lerting|bort)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ypechange|ext)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|e(?:m(?:ergencycbmodechange|ptied)|n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|victed|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|requencychange|ailed|etch)|u(?:p(?:date(?:found|ready)|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|o(?:(?:tastatuschang|(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|h(?:e(?:adphoneschange|l[dp])|fpstatuschanged|ashchange|olding)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|v(?:o(?:lum|ic)e|ersion)change|n(?:o(?:update|match)|eedkey)|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s\0]*=
  39. [/code]
  40. [code]
  41. [NoScript XSS]: sanitized window.name, "pos=LREC2&id=yom-ad-LREC2-iframe&html=%253C%2521--Vendor%253A%2520Right%2520Media%252C%2520Format%253A%2520Script%2520--%253E%253CSCRIPT%2520TYPE%253D%2522text/javascript%2522%2520SRC%253D%2522http%253A//ads.yahoo.com/st%253Fad_type%253Dad%2526publisher_blob%253Dlmsid%253Aa077000000CFoGyAAL%253Brevsp%253AYahoo%2521%2520News%253Blpstaid%253A0433d4eb-2830-3cbc-ba98-7caf5302b653%257CJDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%257C7665145%257CLREC2%257C1406717126.738932%257C2-8-1%2526cnt%253Dyan%2526ad_size%253D300x250%2526site%253D140477%2526section_code%253D2937552551%2526cb%253D1406717126.738932%2526yud%253Dsmpv%25253d3%252526ed%25253dzAomdF31xQxuC8RcCEyKD8XNfbhfAejk7A--%2526pub_redirect_unencoded%253D1%2526pub_url%253Dhttp%253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526pub_redirect%253Dhttp%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3Nm80bWtwZChnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzNzI2ODEwNTUxLHYkMi4wLGFpZCRXRUpPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMTk0MTQwNDA1MSxtbWUkODE2NTk2MzU1NzI3NDgyMDE3OCxyJDAseW9vJDEsYWdwJDI5Mzc1NTI1NTEsYXAkTFJFQzIpKQ/2/*%2522%253E%253C/SCRIPT%253E%253C%2521--QYZ%25201941404051%252C3726810551%252C98.139.230.56%253B%253BLREC2%253B7665145%253B1%253B--%253E&src=http%3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML=&cscURI=&behavior=non_exp&hasErr=&hasError=&adID=999999&matchID=&bookID=1941404051&serveType=-1&slotID=4&size=300x250&hasExternal=&hasRMX=1&ioID=999999&lineID=999999&creativeID=3726810551&placementID=2937552551&impID=WEJOAWKL4NQ-&supp_ugc=0&fdb=fdb_url%3Dhttp%253A//af.beap.bc.yahoo.com/af%253Fbv%253D1.0.0%2526bs%253D%252815hh8f7fq%2528gid%2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%252Cst%25241406717126652396%252Csrv%25241%252Csi%25244464051%252Cadv%252428845691635%252Cct%252425%252Cli%25242928225051%252Cexp%25241406724326652396%252Ccr%25243726810551%252Cpbid%252420459933223%252Cv%25241.0%2529%2529%2526al%253D%2528type%2524%257Btype%257D%252Ccmnt%2524%257Bcmnt%257D%252Csubo%2524%257Bsubo%257D%2529%2526r%253D10%26fdb_on%3D1%26fdb_exp%3D1406724326652&serveTime=1406717126652396&meta=ownerKey%253Dy%2526title%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D%2526y%253DcscHTML%25253D%252526cscURI%25253D%252526impID%25253DWEJOAWKL4NQ-%252526supp_ugc%25253D0%252526placementID%25253D2937552551%252526creativeID%25253D3726810551%252526serveTime%25253D1406717126652396%252526behavior%25253Dnon_exp%252526adID%25253D8165963557274820178%252526matchID%25253D999999.999999.999999.999999%252526err%25253D%252526hasExternal%25253D0%252526size%25253D300x250%252526bookID%25253D1941404051%252526serveType%25253D-1%252526slotID%25253D4%252526fdb%25253D%2525257B%25252520%25252522fdb_url%25252522%2525253A%25252520%25252522http%2525253A%2525255C/%2525255C/af.beap.bc.yahoo.com%2525255C/af%2525253Fbv%2525253D1.0.0%25252526bs%2525253D%2525252815hh8f7fq%25252528gid%25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%2525252Cst%252525241406717126652396%2525252Csrv%252525241%2525252Csi%252525244464051%2525252Cadv%2525252428845691635%2525252Cct%2525252425%2525252Cli%252525242928225051%2525252Cexp%252525241406724326652396%2525252Ccr%252525243726810551%2525252Cpbid%2525252420459933223%2525252Cv%252525241.0%25252529%25252529%25252526al%2525253D%25252528type%25252524%2525257Btype%2525257D%2525252Ccmnt%25252524%2525257Bcmnt%2525257D%2525252Csubo%25252524%2525257Bsubo%2525257D%25252529%25252526r%2525253D10%25252522%2525252C%25252520%25252522fdb_on%25252522%2525253A%25252520%252525221%25252522%2525252C%25252520%25252522fdb_exp%25252522%2525253A%25252520%252525221406724326652%25252522%25252520%2525257D%252526hasRMX%25253D1&conf=w%3D300%26h%3D250%26dest%3Dyom-ad-LREC2-iframe%26fr%3DexpIfr_exp%26pos%3DLREC2%26id%3DLREC2%26clean%3Dyom-ad-LREC2%26rmxp%3D0%26metaSize%3Dtrue%26supports%3Dexp-ovr%253D1%26z%3D10%26wcpx%3D1%26hcpx%3D1%26async%3Dfalse%26css%3D%26size%3D300x250%26flex%3Dnull%26bg%3Dtransparent%26tgt%3D_blank%26fdb%3Dfalse%26meta%3Dtitle%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D&renderClass=expIfr_exp&guid=dr__0_1406717185002_78&geom=win%253Dt%25253D-4%252526l%25253D-4%252526b%25253D850%252526r%25253D1916%252526w%25253D1920%252526h%25253D854%2526par%253Dt%25253D0%252526l%25253D0%252526r%25253D1905%252526b%25253D854%252526w%25253D1905%252526h%25253D854%2526doc%253Dt%25253D0%252526l%25253D0%252526b%25253D4568%252526r%25253D1905%252526w%25253D1905%252526h%25253D4568%2526root%253Dtrue%2526fixed%253Dnull%2526exp%253Dt%25253D2639.666748046875%252526l%25253D900%252526r%25253D0%252526b%25253D0%252526xs%25253Dfalse%252526ys%25253Dfalse%252526w%25253D0%252526h%25253D0%252526civ%25253D0%2526self%253Dt%25253D2639.666748046875%252526l%25253D900%252526r%25253D1200%252526b%25253D2889.666748046875%252526w%25253D300%252526h%25253D250%252526z%25253D10%252526iv%25253D0%252526xiv%25253D1%252526yiv%25253D0&ckOn=true&dm=&hf=false&flexW=false&flexH=false&origX=900&origY=2639.666748046875&srcHost=http%3A//l.yimg.com&host=http%3A//news.yahoo.com&hostURL=http%253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL=&proxyID=&html5=1&proxyPath=" to "pos LREC2&id yom-ad-LREC2-iframe&html  253C 2521--Vendor 253A 2520Right 2520Media 252C 2520Format 253A 2520Script 2520-- 253E 253CSCRIPT 2520TYPE 253D 2522text/javascript 2522 2520SRC 253D 2522http 253A//ads.yahoo.com/st 253Fad_type 253Dad 2526publisher_blob 253Dlmsid 253Aa077000000CFoGyAAL 253Brevsp 253AYahoo 2521 2520News 253Blpstaid 253A0433d4eb-2830-3cbc-ba98-7caf5302b653 257CJDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 257C7665145 257CLREC2 257C1406717126.738932 257C2-8-1 2526cnt 253Dyan 2526ad_size 253D300x250 2526site 253D140477 2526section_code 253D2937552551 2526cb 253D1406717126.738932 2526yud 253Dsmpv 25253d3 252526ed 25253dzAomdF31xQxuC8RcCEyKD8XNfbhfAejk7A-- 2526pub_redirect_unencoded 253D1 2526pub_url 253Dhttp 253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526pub_redirect 253Dhttp 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3Nm80bWtwZChnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzNzI2ODEwNTUxLHYkMi4wLGFpZCRXRUpPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMTk0MTQwNDA1MSxtbWUkODE2NTk2MzU1NzI3NDgyMDE3OCxyJDAseW9vJDEsYWdwJDI5Mzc1NTI1NTEsYXAkTFJFQzIpKQ/2/* 2522 253E 253C/SCRIPT 253E 253C 2521--QYZ 25201941404051 252C3726810551 252C98.139.230.56 253B 253BLREC2 253B7665145 253B1 253B-- 253E&src http 3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML &cscURI &behavior non_exp&hasErr &hasError &adID 999999&matchID &bookID 1941404051&serveType -1&slotID 4&size 300x250&hasExternal &hasRMX 1&ioID 999999&lineID 999999&creativeID 3726810551&placementID 2937552551&impID WEJOAWKL4NQ-&supp_ugc 0&fdb fdb_url 3Dhttp 253A//af.beap.bc.yahoo.com/af 253Fbv 253D1.0.0 2526bs 253D 252815hh8f7fq 2528gid 2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 252Cst 25241406717126652396 252Csrv 25241 252Csi 25244464051 252Cadv 252428845691635 252Cct 252425 252Cli 25242928225051 252Cexp 25241406724326652396 252Ccr 25243726810551 252Cpbid 252420459933223 252Cv 25241.0 2529 2529 2526al 253D 2528type 2524 257Btype 257D 252Ccmnt 2524 257Bcmnt 257D 252Csubo 2524 257Bsubo 257D 2529 2526r 253D10 26fdb_on 3D1 26fdb_exp 3D1406724326652&serveTime 1406717126652396&meta ownerKey 253Dy 2526title 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D 2526y 253DcscHTML 25253D 252526cscURI 25253D 252526impID 25253DWEJOAWKL4NQ- 252526supp_ugc 25253D0 252526placementID 25253D2937552551 252526creativeID 25253D3726810551 252526serveTime 25253D1406717126652396 252526behavior 25253Dnon_exp 252526adID 25253D8165963557274820178 252526matchID 25253D999999.999999.999999.999999 252526err 25253D 252526hasExternal 25253D0 252526size 25253D300x250 252526bookID 25253D1941404051 252526serveType 25253D-1 252526slotID 25253D4 252526fdb 25253D 2525257B 25252520 25252522fdb_url 25252522 2525253A 25252520 25252522http 2525253A 2525255C/ 2525255C/af.beap.bc.yahoo.com 2525255C/af 2525253Fbv 2525253D1.0.0 25252526bs 2525253D 2525252815hh8f7fq 25252528gid 25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 2525252Cst 252525241406717126652396 2525252Csrv 252525241 2525252Csi 252525244464051 2525252Cadv 2525252428845691635 2525252Cct 2525252425 2525252Cli 252525242928225051 2525252Cexp 252525241406724326652396 2525252Ccr 252525243726810551 2525252Cpbid 2525252420459933223 2525252Cv 252525241.0 25252529 25252529 25252526al 2525253D 25252528type 25252524 2525257Btype 2525257D 2525252Ccmnt 25252524 2525257Bcmnt 2525257D 2525252Csubo 25252524 2525257Bsubo 2525257D 25252529 25252526r 2525253D10 25252522 2525252C 25252520 25252522fdb_on 25252522 2525253A 25252520 252525221 25252522 2525252C 25252520 25252522fdb_exp 25252522 2525253A 25252520 252525221406724326652 25252522 25252520 2525257D 252526hasRMX 25253D1&conf w 3D300 26h 3D250 26dest 3Dyom-ad-LREC2-iframe 26fr 3DexpIfr_exp 26pos 3DLREC2 26id 3DLREC2 26clean 3Dyom-ad-LREC2 26rmxp 3D0 26metaSize 3Dtrue 26supports 3Dexp-ovr 253D1 26z 3D10 26wcpx 3D1 26hcpx 3D1 26async 3Dfalse 26css 3D 26size 3D300x250 26flex 3Dnull 26bg 3Dtransparent 26tgt 3D_blank 26fdb 3Dfalse 26meta 3Dtitle 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D&renderClass expIfr_exp&guid dr__0_1406717185002_78&geom win 253Dt 25253D-4 252526l 25253D-4 252526b 25253D850 252526r 25253D1916 252526w 25253D1920 252526h 25253D854 2526par 253Dt 25253D0 252526l 25253D0 252526r 25253D1905 252526b 25253D854 252526w 25253D1905 252526h 25253D854 2526doc 253Dt 25253D0 252526l 25253D0 252526b 25253D4568 252526r 25253D1905 252526w 25253D1905 252526h 25253D4568 2526root 253Dtrue 2526fixed 253Dnull 2526exp 253Dt 25253D2639.666748046875 252526l 25253D900 252526r 25253D0 252526b 25253D0 252526xs 25253Dfalse 252526ys 25253Dfalse 252526w 25253D0 252526h 25253D0 252526civ 25253D0 2526self 253Dt 25253D2639.666748046875 252526l 25253D900 252526r 25253D1200 252526b 25253D2889.666748046875 252526w 25253D300 252526h 25253D250 252526z 25253D10 252526iv 25253D0 252526xiv 25253D1 252526yiv 25253D0&ckOn true&dm &hf false&flexW false&flexH false&origX 900&origY 2639.666748046875&srcHost http 3A//l.yimg.com&host http 3A//news.yahoo.com&hostURL http 253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL &proxyID &html5 1&proxyPath ".
  42. [/code]
  43. [code]
  44. [NoScript InjectionChecker] HTML injection:
  45. <SCRIPT
  46. matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*i\W*s\W*i\W*n\W*d\W*e\W*x|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\0\/]|['"])(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|i(?:s(?:c(?:o(?:verystatechanged|nnect(?:ing|ed))|hargingtimechange)|abled)|aling)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rol(?:lerchange|select)|extmenu)|nect(?:ing|ed)?)|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change|u(?:echange|t))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|ad(?:ystatechange|success|error)|mo(?:te(?:resume|hel)d|vetrack)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:adiost)?atechange)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:(?:lec(?:tstar)?)?t|ek(?:ing|ed)|n(?:ding|t))|pe(?:akerforcedchange|ech(?:start|end))|c(?:ostatuschanged|roll)|u(?:ccess|spend|bmit)|ound(?:start|end)|how)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|p(?:o(?:inter(?:(?:lea|mo)ve|o(?:ver|ut)|cancel|enter|down|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state))|a(?:i(?:redstatuschanged|nt)|ge(?:hide|show)|(?:st|us)e)|ro(?:pertychange|gress)|endingchange|lay(?:ing)?)|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load|interruptbegin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|fter(?:(?:scriptexecu|upda)te|print)|d(?:apter(?:remov|add)ed|dtrack)|(?:2dpstatus|ttribute)changed|udio(?:process|start|end)|ctivate|lerting|bort)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ypechange|ext)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|e(?:m(?:ergencycbmodechange|ptied)|n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|victed|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|requencychange|ailed|etch)|u(?:p(?:date(?:found|ready)|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|o(?:(?:tastatuschang|(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|h(?:e(?:adphoneschange|l[dp])|fpstatuschanged|ashchange|olding)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|v(?:o(?:lum|ic)e|ersion)change|n(?:o(?:update|match)|eedkey)|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s\0]*=
  47. [/code]
  48. [code]
  49. [NoScript XSS]: sanitized window.name, "pos=LREC3&id=yom-ad-LREC3-iframe&html=%253C%2521--Vendor%253A%2520Right%2520Media%252C%2520Format%253A%2520Script%2520--%253E%253CSCRIPT%2520TYPE%253D%2522text/javascript%2522%2520SRC%253D%2522http%253A//ads.yahoo.com/st%253Fad_type%253Dad%2526publisher_blob%253Dlmsid%253Aa077000000CFoGyAAL%253Brevsp%253AYahoo%2521%2520News%253Blpstaid%253A0433d4eb-2830-3cbc-ba98-7caf5302b653%257CJDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%257C7665145%257CLREC3%257C1406717126.736512%257C2-8-1%2526cnt%253Dyan%2526ad_size%253D300x250%2526site%253D140477%2526section_code%253D2937553051%2526cb%253D1406717126.736512%2526yud%253Dsmpv%25253d3%252526ed%25253dzAomdF31xQxuC8RcCEyKD8XNfbhfAejk7A--%2526pub_redirect_unencoded%253D1%2526pub_url%253Dhttp%253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526pub_redirect%253Dhttp%253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NnRpanR0YShnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzNzI2NjU2NTUxLHYkMi4wLGFpZCRaRmxPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMTk0MTQwMzU1MSxtbWUkODE2NTk1OTI2MjMwNzUyNDE2OCxyJDAseW9vJDEsYWdwJDI5Mzc1NTMwNTEsYXAkTFJFQzMpKQ/2/*%2522%253E%253C/SCRIPT%253E%253C%2521--QYZ%25201941403551%252C3726656551%252C98.139.230.56%253B%253BLREC3%253B7665145%253B1%253B--%253E&src=http%3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML=&cscURI=&behavior=non_exp&hasErr=&hasError=&adID=999999&matchID=&bookID=1941403551&serveType=-1&slotID=5&size=300x250&hasExternal=&hasRMX=1&ioID=999999&lineID=999999&creativeID=3726656551&placementID=2937553051&impID=ZFlOAWKL4NQ-&supp_ugc=0&fdb=fdb_url%3Dhttp%253A//af.beap.bc.yahoo.com/af%253Fbv%253D1.0.0%2526bs%253D%252815hsccar4%2528gid%2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%252Cst%25241406717126652396%252Csrv%25241%252Csi%25244464051%252Cadv%252428845691635%252Cct%252425%252Cli%25242928225551%252Cexp%25241406724326652396%252Ccr%25243726656551%252Cpbid%252420459933223%252Cv%25241.0%2529%2529%2526al%253D%2528type%2524%257Btype%257D%252Ccmnt%2524%257Bcmnt%257D%252Csubo%2524%257Bsubo%257D%2529%2526r%253D10%26fdb_on%3D1%26fdb_exp%3D1406724326652&serveTime=1406717126652396&meta=ownerKey%253Dy%2526title%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D%2526y%253DcscHTML%25253D%252526cscURI%25253D%252526impID%25253DZFlOAWKL4NQ-%252526supp_ugc%25253D0%252526placementID%25253D2937553051%252526creativeID%25253D3726656551%252526serveTime%25253D1406717126652396%252526behavior%25253Dnon_exp%252526adID%25253D8165959262307524168%252526matchID%25253D999999.999999.999999.999999%252526err%25253D%252526hasExternal%25253D0%252526size%25253D300x250%252526bookID%25253D1941403551%252526serveType%25253D-1%252526slotID%25253D5%252526fdb%25253D%2525257B%25252520%25252522fdb_url%25252522%2525253A%25252520%25252522http%2525253A%2525255C/%2525255C/af.beap.bc.yahoo.com%2525255C/af%2525253Fbv%2525253D1.0.0%25252526bs%2525253D%2525252815hsccar4%25252528gid%25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo%2525252Cst%252525241406717126652396%2525252Csrv%252525241%2525252Csi%252525244464051%2525252Cadv%2525252428845691635%2525252Cct%2525252425%2525252Cli%252525242928225551%2525252Cexp%252525241406724326652396%2525252Ccr%252525243726656551%2525252Cpbid%2525252420459933223%2525252Cv%252525241.0%25252529%25252529%25252526al%2525253D%25252528type%25252524%2525257Btype%2525257D%2525252Ccmnt%25252524%2525257Bcmnt%2525257D%2525252Csubo%25252524%2525257Bsubo%2525257D%25252529%25252526r%2525253D10%25252522%2525252C%25252520%25252522fdb_on%25252522%2525253A%25252520%252525221%25252522%2525252C%25252520%25252522fdb_exp%25252522%2525253A%25252520%252525221406724326652%25252522%25252520%2525257D%252526hasRMX%25253D1&conf=w%3D300%26h%3D250%26dest%3Dyom-ad-LREC3-iframe%26fr%3DexpIfr_exp%26pos%3DLREC3%26id%3DLREC3%26clean%3Dyom-ad-LREC3%26rmxp%3D0%26metaSize%3Dtrue%26supports%3Dexp-ovr%253D1%26z%3D10%26wcpx%3D1%26hcpx%3D1%26async%3Dfalse%26css%3D%26size%3D300x250%26flex%3Dnull%26bg%3Dtransparent%26tgt%3D_blank%26fdb%3Dfalse%26meta%3Dtitle%253DBlast%252520in%252520Gaza%252520during%252520CNN%252520live%252520shot%252520sends%252520reporter%25252C%252520crew%252520ducking%252520for%252520cover%252520-%252520Yahoo%252520News%2526url%253Dhttp%25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html%2526urlref%253D&renderClass=expIfr_exp&guid=dr__0_1406717185002_78&geom=win%253Dt%25253D-4%252526l%25253D-4%252526b%25253D850%252526r%25253D1916%252526w%25253D1920%252526h%25253D854%2526par%253Dt%25253D0%252526l%25253D0%252526r%25253D1905%252526b%25253D854%252526w%25253D1905%252526h%25253D854%2526doc%253Dt%25253D0%252526l%25253D0%252526b%25253D4568%252526r%25253D1905%252526w%25253D1905%252526h%25253D4568%2526root%253Dtrue%2526fixed%253Dnull%2526exp%253Dt%25253D2180.25%252526l%25253D900%252526r%25253D0%252526b%25253D0%252526xs%25253Dfalse%252526ys%25253Dfalse%252526w%25253D0%252526h%25253D0%252526civ%25253D0%2526self%253Dt%25253D2180.25%252526l%25253D900%252526r%25253D1200%252526b%25253D2430.25%252526w%25253D300%252526h%25253D250%252526z%25253D10%252526iv%25253D0%252526xiv%25253D1%252526yiv%25253D0&ckOn=true&dm=&hf=false&flexW=false&flexH=false&origX=900&origY=2180.25&srcHost=http%3A//l.yimg.com&host=http%3A//news.yahoo.com&hostURL=http%253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL=&proxyID=&html5=1&proxyPath=" to "pos LREC3&id yom-ad-LREC3-iframe&html  253C 2521--Vendor 253A 2520Right 2520Media 252C 2520Format 253A 2520Script 2520-- 253E 253CSCRIPT 2520TYPE 253D 2522text/javascript 2522 2520SRC 253D 2522http 253A//ads.yahoo.com/st 253Fad_type 253Dad 2526publisher_blob 253Dlmsid 253Aa077000000CFoGyAAL 253Brevsp 253AYahoo 2521 2520News 253Blpstaid 253A0433d4eb-2830-3cbc-ba98-7caf5302b653 257CJDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 257C7665145 257CLREC3 257C1406717126.736512 257C2-8-1 2526cnt 253Dyan 2526ad_size 253D300x250 2526site 253D140477 2526section_code 253D2937553051 2526cb 253D1406717126.736512 2526yud 253Dsmpv 25253d3 252526ed 25253dzAomdF31xQxuC8RcCEyKD8XNfbhfAejk7A-- 2526pub_redirect_unencoded 253D1 2526pub_url 253Dhttp 253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526pub_redirect 253Dhttp 253A//clicks.beap.bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3NnRpanR0YShnaWQkSkRtU05ERXdMakhQMEhBS1UwcW05UURrTWpBd01WUFl6TWJfZzV5byxzdCQxNDA2NzE3MTI2NjUyMzk2LHNpJDQ0NjQwNTEsc3AkNzY2NTE0NSxjciQzNzI2NjU2NTUxLHYkMi4wLGFpZCRaRmxPQVdLTDROUS0sY3QkMjUseWJ4JDUzdVVYWjN5QkpGRjFSY3hoc1RBOXcsYmkkMTk0MTQwMzU1MSxtbWUkODE2NTk1OTI2MjMwNzUyNDE2OCxyJDAseW9vJDEsYWdwJDI5Mzc1NTMwNTEsYXAkTFJFQzMpKQ/2/* 2522 253E 253C/SCRIPT 253E 253C 2521--QYZ 25201941403551 252C3726656551 252C98.139.230.56 253B 253BLREC3 253B7665145 253B1 253B-- 253E&src http 3A//l.yimg.com/rq/darla/2-8-1/html/r-sf.html&cscHTML &cscURI &behavior non_exp&hasErr &hasError &adID 999999&matchID &bookID 1941403551&serveType -1&slotID 5&size 300x250&hasExternal &hasRMX 1&ioID 999999&lineID 999999&creativeID 3726656551&placementID 2937553051&impID ZFlOAWKL4NQ-&supp_ugc 0&fdb fdb_url 3Dhttp 253A//af.beap.bc.yahoo.com/af 253Fbv 253D1.0.0 2526bs 253D 252815hsccar4 2528gid 2524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 252Cst 25241406717126652396 252Csrv 25241 252Csi 25244464051 252Cadv 252428845691635 252Cct 252425 252Cli 25242928225551 252Cexp 25241406724326652396 252Ccr 25243726656551 252Cpbid 252420459933223 252Cv 25241.0 2529 2529 2526al 253D 2528type 2524 257Btype 257D 252Ccmnt 2524 257Bcmnt 257D 252Csubo 2524 257Bsubo 257D 2529 2526r 253D10 26fdb_on 3D1 26fdb_exp 3D1406724326652&serveTime 1406717126652396&meta ownerKey 253Dy 2526title 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D 2526y 253DcscHTML 25253D 252526cscURI 25253D 252526impID 25253DZFlOAWKL4NQ- 252526supp_ugc 25253D0 252526placementID 25253D2937553051 252526creativeID 25253D3726656551 252526serveTime 25253D1406717126652396 252526behavior 25253Dnon_exp 252526adID 25253D8165959262307524168 252526matchID 25253D999999.999999.999999.999999 252526err 25253D 252526hasExternal 25253D0 252526size 25253D300x250 252526bookID 25253D1941403551 252526serveType 25253D-1 252526slotID 25253D5 252526fdb 25253D 2525257B 25252520 25252522fdb_url 25252522 2525253A 25252520 25252522http 2525253A 2525255C/ 2525255C/af.beap.bc.yahoo.com 2525255C/af 2525253Fbv 2525253D1.0.0 25252526bs 2525253D 2525252815hsccar4 25252528gid 25252524JDmSNDEwLjHP0HAKU0qm9QDkMjAwMVPYzMb_g5yo 2525252Cst 252525241406717126652396 2525252Csrv 252525241 2525252Csi 252525244464051 2525252Cadv 2525252428845691635 2525252Cct 2525252425 2525252Cli 252525242928225551 2525252Cexp 252525241406724326652396 2525252Ccr 252525243726656551 2525252Cpbid 2525252420459933223 2525252Cv 252525241.0 25252529 25252529 25252526al 2525253D 25252528type 25252524 2525257Btype 2525257D 2525252Ccmnt 25252524 2525257Bcmnt 2525257D 2525252Csubo 25252524 2525257Bsubo 2525257D 25252529 25252526r 2525253D10 25252522 2525252C 25252520 25252522fdb_on 25252522 2525253A 25252520 252525221 25252522 2525252C 25252520 25252522fdb_exp 25252522 2525253A 25252520 252525221406724326652 25252522 25252520 2525257D 252526hasRMX 25253D1&conf w 3D300 26h 3D250 26dest 3Dyom-ad-LREC3-iframe 26fr 3DexpIfr_exp 26pos 3DLREC3 26id 3DLREC3 26clean 3Dyom-ad-LREC3 26rmxp 3D0 26metaSize 3Dtrue 26supports 3Dexp-ovr 253D1 26z 3D10 26wcpx 3D1 26hcpx 3D1 26async 3Dfalse 26css 3D 26size 3D300x250 26flex 3Dnull 26bg 3Dtransparent 26tgt 3D_blank 26fdb 3Dfalse 26meta 3Dtitle 253DBlast 252520in 252520Gaza 252520during 252520CNN 252520live 252520shot 252520sends 252520reporter 25252C 252520crew 252520ducking 252520for 252520cover 252520- 252520Yahoo 252520News 2526url 253Dhttp 25253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html 2526urlref 253D&renderClass expIfr_exp&guid dr__0_1406717185002_78&geom win 253Dt 25253D-4 252526l 25253D-4 252526b 25253D850 252526r 25253D1916 252526w 25253D1920 252526h 25253D854 2526par 253Dt 25253D0 252526l 25253D0 252526r 25253D1905 252526b 25253D854 252526w 25253D1905 252526h 25253D854 2526doc 253Dt 25253D0 252526l 25253D0 252526b 25253D4568 252526r 25253D1905 252526w 25253D1905 252526h 25253D4568 2526root 253Dtrue 2526fixed 253Dnull 2526exp 253Dt 25253D2180.25 252526l 25253D900 252526r 25253D0 252526b 25253D0 252526xs 25253Dfalse 252526ys 25253Dfalse 252526w 25253D0 252526h 25253D0 252526civ 25253D0 2526self 253Dt 25253D2180.25 252526l 25253D900 252526r 25253D1200 252526b 25253D2430.25 252526w 25253D300 252526h 25253D250 252526z 25253D10 252526iv 25253D0 252526xiv 25253D1 252526yiv 25253D0&ckOn true&dm &hf false&flexW false&flexH false&origX 900&origY 2180.25&srcHost http 3A//l.yimg.com&host http 3A//news.yahoo.com&hostURL http 253A//news.yahoo.com/cnn-gaza-blast-live-video-105400574.html&fromURL &proxyID &html5 1&proxyPath ".
  50. [/code]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!