Thread: "C'mon, I Want Lolcats" or "how to abuse JS in EPUB3"
View Single Post
Old 06-13-2013, 10:43 AM   #1
AlPe
Digital Amanuensis
AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.AlPe ought to be getting tired of karma fortunes by now.
 
AlPe's Avatar
 
Posts: 727
Karma: 1446357
Join Date: Dec 2011
Location: Turin, Italy
Device: Several eReaders and tablets
"C'mon, I Want Lolcats" or "how to abuse JS in EPUB3"
Just a minimal PoC of how one can "abuse" JS embedded in an EPUB3 ebook to show content not easily detectably by just looking at the files inside the EPUB3 (ZIP) container.

In particular, if loaded in a JS-enabled EPUB3 reading system (e.g.: iBooks, Readium, Kobo iOS app), the user will be presented with a "non-existing" image...

http://www.albertopettarin.it/downloads/lolcats.epub

Enjoy (and/or discuss)

EDIT: a page discussing the above PoC is here: http://www.albertopettarin.it/lolcats.html
Last edited by AlPe; 06-17-2013 at 04:03 AM.
AlPe is offline   Reply With Quote