Uncovering hidden features of Campfire

29 March, 2011 § 8 Comments

Tonight I spent some time with one of my coworkers, Eric, who is working on a Campfire extension for Google Chrome.

While perusing through the JavaScript of 37Signal’s Campfire, Eric came across a couple of undocumented features: Emoji, and the complete list of sounds.

To place an Emoji in a message, simply surround one of the following with colons, like


Here is the complete list of Emojis that you can use:

Emoji: [ 'sunny', 'zap', 'leaves', 'lipstick', 'cop', 'wheelchair', 'fish',
'hammer', 'moneybag', 'calling', 'memo', 'mega', 'gift', 'pencil', 'scissors',
'feet', 'runner', 'heart', 'smoking', 'warning', 'ok', 'tm', 'vs', 'new', 'bulb', 'zzz',
'sparkles', 'star', 'mag', 'lock', 'email', 'fist', 'v', 'punch', '+1', 'clap', '-1' ]

Now for the sounds. To use these, type /play followed by one of the sound names:

It’s always fun digging through JavaScript and finding unpublished features. Our software team regularly uses Campfire for discussions, so the more expressive we can be the better. Does your team use a chat room like Campfire or IRC to communicate?

JavaScript at MSU

28 March, 2011 § Leave a comment

This coming Thursday I’ll be giving a talk at the monthly MSU Student Web Authoring Team meeting.

A JavaScript Workshop
Thursday, March 31st
317 Bessey Hall, Michigan State University

I’ll be covering the JavaScript language and its interactions with the DOM from a beginners to intermediate perspective. This will be a hands-on workshop style with a short presentation at the beginning.

Bring your laptop and a good spirit and hopefully you’ll walk away with some new knowledge and appreciation for JavaScript.

I will try to record the presentation portion and make that available here on my blog for those that are unable to attend.

Updated on 4/4/2011: I have uploaded a video of the presentation for your viewing pleasure.

JavaScript Injection proof of concept

26 February, 2011 § Leave a comment

Following up from my previous post about XSS Session Hijacking in Google Gruyere, I decided to write a post covering a JavaScript injection vulnerability.

The color attribute on profiles lack input validation, and thus are susceptible to JavaScript injection. Simply put, this means that a user can edit their profile and insert code that will run on the computers of other users.

Some of the possible uses of this attack would be to:

  • Spam the user with advertisements
  • Increase visits to another website
  • Spread malware

In this proof of concept, I used the following as the “color” setting for my profile:

red' onmouseout='window.open("http://www.msu.edu/~weinjare/ad.html", "", "height=220,width=450");return false;

The JavaScript for the onmouseout event handler will launch a new popup window that could include spam. This code will be executed if the visitor moves their mouse over my username.

I’ll try to explain the source code above. The HTML that is generated for the page uses single quote characters to specify attributes. Adding a single quote to the setting, appearing after the word “red”, allows arbitrary HTML to be injected within the page. The following code is treated as another attribute for the element, adding an event handler for when a mouse moves on to the element and then leaves the element.

The value of the attribute starts with a single quote and lacks an ending quote. This is because the generation of the HTML will append a single quote to the value. This will allow the generated HTML to remain valid.

To show this in action, I created the following video:

My first public Chrome extension – “Multiple Monitor Full Screen”

26 December, 2010 § 3 Comments

Yesterday I published “Multiple Monitor Full Screen“, my first public extension to Google Chrome.  I just wrapped up shooting a simple walkthrough video of the extension:

Try it out and let me know what you think of it. Within the first day of the extension being published, there were 7 downloads and over 100 views of the inaugural demo video.

The extension uses JavaScript to resize the Flash player of the video to be the dimensions of the browser window. It uses HTML5 LocalStorage to keep track of the previous dimensions of the player so the user can revert back cleanly.

Right now the extension only works on non-embedded videos hosted by YouTube and Vimeo. I looked in to adding support for Hulu but they appear to be doing some funny things to restrict this. In the near future I would like to add support for embedded YouTube/Vimeo videos.

A First Shot At Using Google Closure Tools

26 November, 2009 § 1 Comment

Just recently, Google made public their Google Closure Tools. The Google Closure Tools are a set of three tools that can be used to write fast loading and executing JavaScript, animated UI elements, templated DOM structures, and more. The three tools are: Closure Library, Closure Templates, and Closure Compiler.

I recently wrote a Pearson Correlation calculator in Python and decided to port it to JavaScript for use on a webpage. I thought this would be a good opportunity to try out some of the Closure Tools.

I used the Closure Library and the Closure Compiler for this little exercise.

After the development was completed, I used the Google Closure Compiler to reduce the size of the JavaScript. The pre-compiled JavaScript size was 634kb. The compiled JavaScript size is a mere 33.96kb.

I am very impressed with the tools. First, the documentation is superb, and I am amazed at the number of demos that are available for most of the UI components. Second, there is finally a way to evaluate JavaScript in a ‘compile-time’ fashion.

These two alone make these tools worth checking out. I hope to gain more experience with the Library soon, and should have more to post about it.

Where Am I?

You are currently browsing entries tagged with javascript at JAWS.