If your only goal is to send the user to a malicious page with a payload then yo... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

batiste on March 17, 2013 | parent | context | favorite | on: Hacking the <a> tag in 100 characters

If your only goal is to send the user to a malicious page with a payload then you don't need any user action.

Just do: document.location.href = "http://malware.com;

And you are done.

bilawal on March 17, 2013 [–]

Heck, if you're going to do that.. you don't even need JavaScript.

<meta http-equiv="refresh" content="0; url=http://malware.com />

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact