Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: View hidden link destinations Internet
Tiger only hintWhile looking at websites for trojan removers for Windows, I came across several pages (such as this one) that do not allow you to see the destination of a given link on the page. You can't control-click at all, and if you do a View Source, you won't see the source to the complete page.

The way around this is to hit Command-A to select everything on the page, then copy/paste it to TextEdit (in RTF mode). Then you can control-click on a link and choose Edit Link, which will allow you to see where you would be redirercted. This process comes from my untrusting nature with being redirected to fake sites from within a hijacked page. I tried this on Panther and it does not work, so it must be just in Tiger.
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[12,742 views]  

10.4: View hidden link destinations | 11 comments | Create New Account
Click here to return to the '10.4: View hidden link destinations' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: View hidden link destinations
Authored by: simonpie on Jul 05, '05 10:53:09AM

Your perfectly right for Safari, but Firefox will show you the link at the bottom of the window when you hover you mouse over the link. It will not give you the full code for the web-page though.



[ Reply to This | # ]
10.4: View hidden link destinations
Authored by: webzone on Jul 05, '05 11:04:23AM

The website is simply in a frame. If you control-click on the page in Firefox and select This Frame > View Frame Source you will get access to the full source code of the website. Or you could just control-click on the link and select Copy Link Location.

To be able to right-click on the page, just go into Firefox's Preferences in the Web Features section. Click the Advanced button right after "Enable JavaScript" and uncheck the box "Disable or Replace context menus". Then, close the two dialog boxes by clicking OK.

If you are using Deer Park (Firefox 1.1 Developer Preview) or a Firefox nightly, go to the Web Content tab (I think) and check "Disable common annoyances" (or something similar).



[ Reply to This | # ]
10.4: View hidden link destinations
Authored by: LC on Jul 05, '05 04:18:37PM

Also, I believe that many sites hide the display of their link destinations, by modifying (masking or changing) the status bar text. There's another option in the Advanced (Javascript) preferences, for allowing sites to change the status bar text. But I agree with you that being able to access the context-sensitive menu is really important here. I also wonder how often sites assign an onclick action (only) and whether in those cases we resort to view source (or similar); Larry.



[ Reply to This | # ]
10.4: View hidden link destinations
Authored by: eforiv on Jul 06, '05 10:21:31PM

Have a look at the DOM inspector in FireFox it will reveal more.

What you see at first is a set of frames 2 frames one set to 100% with the page and another for nothing just to mess things up... The framed page ALSO has a set of frames and so on. it's got multiple nested frames. dig deep the javascript i deep into the last set of frames.

you don't get to see any of the following javascript within the view source of that first frame... there is more but I figure this is enough to give an idea.


//if(window.location.protocol.indexOf("file")!=-1){
//location="about:blank";

//}



//if(document.domain.toLowerCase().replace("www.","")!="mysite.com".toLowerCase().replace("www.","")){
//alert("Invalid Domain");
//location="about:blank";

//}


if(document.all){ _fc='<'+'div style="position:absolute;left:-1000px; top:-1000px; width:60px; height:35px; z-index:1"> '+'<'+'input type="button" name="_xqq" value="" onClick=_ccd() style="visibility:hidden"> <'+'/div> ';
document.write(_fc);
function _ccd(){
clipboardData.clearData()
} ;

function _cce(){
_xqq.click();
setTimeout("_cce()",300)
} ;

setTimeout("_cce()",1000);

}


function _ng(){
if (document.all) for (i = 0;
i< document.images.length;
i++){
z = document.images(i);
z.galleryImg = 'no'
}

}
_ng();



function _np1(){
for(wi=0;
wi<document.all.length;
wi++){
if(document.all[wi].style.visibility!="hidden"){
document.all[wi].style.visibility="hidden";
document.all[wi].id="gwp"
}

}

} ;

function _np2(){
for (wi=0;
wi<document.all.length;
wi++){
if(document.all[wi].id=="gwp")document.all[wi].style.visibility=""
}

}
;
window.onbeforeprint=_np1;
window.onafterprint=_np2;



[ Reply to This | # ]
Easier method
Authored by: EddEdmondson on Jul 05, '05 11:04:28AM

Click and drag and you'll see the link. Just release it afterwards still over the window.



[ Reply to This | # ]
10.4: View hidden link destinations
Authored by: ChaChi on Jul 05, '05 11:41:20AM

FYI,
I noticed that (in "Safari") if you move the mouse around while hovering over one of the links the status bar will try to show you the link address. You can see it enough to figure out if you really want click on it or not.



[ Reply to This | # ]
10.4: View hidden link destinations
Authored by: VPH on Jul 05, '05 12:46:31PM

Much as it pains me to say it, Word will display the links. Copy the page (not the source), and paste it into Word. Hovering over the link will bring up a popup showing the actual link. Select the text (be careful not to click on it -- it's live) and do a Cmd-K, "Hyperlink," which will display the link text in a dialog box.



[ Reply to This | # ]
10.4: View hidden link destinations
Authored by: eforiv on Jul 05, '05 09:20:04PM
You shouldn't have to jump through that many hoops to figure out the page is trying to exploit the browser... I registered to this forum just now because this is unacceptable of any browser. A page pulling of this type of exploit should at the least cause some sort of warning to be displayed. Any page linking to any executable file should not be allowed to conceal it's inner working but to the avg person the inner workings mean nothing... so again at the least the browser should display a warning... If you know how to look for it you can get to the javascript by navigating the DOM tree... I find this extremely concerning! A PAGE SHOULD NOT BE ALLOWED TO MAKE UNKNOWN CHANGES TO YOUR CLIPBOARD!!!!!!!!!!!

if(document.all){ _fc='<'+'div style="position:absolute;left:-1000px; top:-1000px; width:60px; height:35px; z-index:1"> '+'<'+'input type="button" name="_xqq" value="" inClick=_ccd() style="visibility:hidden"> <'+'/div> '; 
document.write(_fc); 
function _ccd(){ 
[b]clipboardData.clearData() [/b]
} ; 

function _cce(){ 
_xqq.click(); 
setTimeout("_cce()",300) 
} ;
 
setTimeout("_cce()",1000); 

} 
and here's what keeps you from control clicking

function _nrcie(){ 
return false 
} 
function _nrcns(e){ 
if(e.which==2||e.which==3)return false 
} 
if(document.layers){ 
document.captureEvents(Event.MOUSEDOWN); 
document.onmousedown=_nrcns 
} 
document.oncontextmenu=_nrcie; 
I don't know how you can allow legit functionality while blocking the exploits... maybe a point system like spam control... x+y+z exploits on one page and warnings are displayed or if X and Y disable XYZ javascript functionality. I used to feel safe being on a mac always being able to see the source always having my control click. Apple MUST address this potential exploit. think about it... that exe it linked to could have been a dashboard widget that waits for you to activate it. or some other yet to be found OS X exploit. As a web developer I would never have reason to convolute a page as much as that one does nor would i expect ANY web developer to need to. Knowing this I would say it's safe for apple to make changes to the browser to control exploits like this. You just need checks and balances that a person isn't trying to overly conceal the inner workings of a page... as in multiple nested frames AND javascript to control viewing source ugh sorry to rant but this is highly frustrating.

[ Reply to This | # ]
10.4: View hidden link destinations
Authored by: aranor on Jul 06, '05 12:26:12AM

I agree that it's annoying, but I think you're blowing it waaay out of proportion. If you can't tell where a link goes, don't click on it. And even if you do, the worst it can do is make you download something you didn't intend to download. And so what? It shows up in your downloads window, you can see it, you can cancel the download or select the file in the Finder and trash it. It's no big deal. And especially not for downloading applications and the like, because Safari will prompt you if you really want to download it.



[ Reply to This | # ]
10.4: View hidden link destinations
Authored by: eforiv on Jul 06, '05 07:19:57AM

as a web developer it just aggravates me since there is no reason to go to those lengths under any normal circumstance to obfuscate your code to that degree.

multiple nested frames, nested divs and spans, javascript to hide code, javascript to eliminate control click, javascript to clear the clipboard . that many twists and turns should cause the browser to pop some sort of warning.

and while apple has made changes to keep from auto loading dashboard widgets like it used to just from a simple link click... you don't know what OS X exploits haven't been found yet or are going to be in the future.

I feel taking steps to keep the browser *in check* ahead of the problem is sane sense.



[ Reply to This | # ]
Stupid
Authored by: karnat10 on Jul 06, '05 10:21:24AM

The owner of this site obviously attempts to hide from the visitor the fact the he/she is offering an executable file to download. If the executable serves a legit purpose, why would one have to do that?

While it is an interesting hint, I think dubious sites like this should be ignored consequently.

By the way, if your browser can display a page, you can always look at the source code. In this case, the real source code is hidden behind three nested framesets, which is a quite stupid thing to do. It seems to work, however.



[ Reply to This | # ]