posting URL gets shady looking inclusion

[ericm979]

I just tried posting a URL
(to </title> <link rel="apple-touch-icon" sizes="180x180" href="/static/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/static/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/static/favicon-16x16.p)

When I hit submit there's a huge wad of HTML and javascript included in the url forum tags ([ instead of < for html). I'm not sure it's a feature, bug or the site's been compromised. I don't think it's from my browser.

edit: just posting a string of the form w w w . something . com as above got a couple lines of HTML stuck in there. Mostly links to images that look safe. It looks on purpose but it's disconcerting as that didn't used to happen in a way that I'd see when posting. The first time with the full http it was pages of html and js and had stuff mentioning credit cards.

 

[Roadworthy]

I don't know enough about web stuff to respond intelligently. Many sites now use https instead of http to indicate an additional layer of security. That's not the sum total of my knowledge but it's close.

 

[aczlan]

Hmmm, trying TractorByNet - Compact Tractors & Equipment Resource

Aaron Z

 

[aczlan]

And: </title>
<link rel="apple-touch-icon" sizes="18x18" href="/static/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/static/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/static/favicon-16x16.png">
<link rel="manifest" href="/static/site.webmanifest">
<link rel="mask-icon" href="/static/safari-pinned-tab.svg" color="#6ABECC">
<link rel="shortcut icon" href="/static/favicon.ico" />
<link rel="stylesheet" type="text/css" href="//cloud.typography.com/7883472/69378/css/fonts.css" />
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:3,4">
<link rel="publisher" href="https://plus.google.com/19897784735"/>
<meta name="description" ng-if="$description" ng-attr-content="{$ $description $}"/>



<link rel="stylesheet" type="text/css" href="/static/css/app.min.css?v8.5.3"/>


<script>
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=

'https://www.googletagmanager.com/gtm.js?id='+i+dl;

f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-MNKLC5G');
window.ga = window.ga || function() {(window.ga.q = window.ga.q || []).push(arguments)};
</script>




<script type="text/javascript">
!function(){var r=window.simpo=window.simpo||[];if(!r.initialize&&!r.invoked){r.invoked=!,r.methods=["configure","identify","reset","ready","debug","off","on"],r.generator=function(t){return function(){var e=Array.prototype.slice.call(arguments);return e.unshift(t),r.push(e),r}};for(var e=;e<r.methods.length;e++){var t=r.methods[e];r[t]=r.generator(t)}r.load=function(e){var t=document.createElement("script");t.type="text/javascript",t.async=!,t.src="https://cdn.simpo.io/simpo.js",r.ucid=e;var n=document.getElementsByTagName("script")[];n.parentNode.insertBefore(t,n)},r.SNIPPET_VERSION="2.."}}();
</script>




<script>/*<![CDATA[*/window.zEmbed||function(e,t){var n,o,d,i,s,a=[],r=document.createElement("iframe");window.zEmbed=function(){a.push(arguments)},window.zE=window.zE||window.zEmbed,r.src="javascript:false",r.title="",r.role="presentation",(r.frameElement||r).style.cssText="display: none",d=document.getElementsByTagName("script"),d=d[d.length-1],d.parentNode.insertBefore(r,d),i=r.contentWindow,s=i.document;try{o=s}catch(e){n=document.domain,r.src='javascript:var d=document.open();d.domain="'+n+'";void();',o=s}o.open()._l=function(){var e=this.createElement("script");n&&(this.domain=n),e.id="js-iframe-async",e.src="https://assets.zendesk.com/embeddable_framework/main.js",this.t=+new Date,this.zendeskHost="acrevalue.zendesk.com",this.zEQueue=a,this.body.appendChild(e)},o.write('<body onload="document._l();">'),o.close()}();
/*]]>*/</script>

</head>
<body ng-cloak ng-class="{ 'dropdown-menu-shift': displayPhoneMenu, 'av-pro': isPro }">

<noscript>
<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MNKLC5G&gtm_auth=kLTYYp_JyTrI2ySnlewiNQ&gtm_preview=env-12&gtm_cookies_win=x" height="" width="" style="display:none;visibility:hidden"></iframe>
</noscript>


<span style="display:none"><svg xmlns="http://www.w3.org/2/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><symbol viewBox=" 14 14" id="svg-icon-acrevalue"><g fill-rule="evenodd"><text font-family="IdealSans-Medium, Ideal Sans" font-size="8" font-weight="4" transform="translate( -2)"><tspan x="1.35" y="8">$</tspan></text><path d="M13.97 8.383V8.5c-.318-6.21-4.254-9.154-.298C3.418 9.63 1.22 7.282 7.682v3.33L6.82 14 14 1.727l-.3-2.344z" /></g></symbol><symbol viewBox=" 12 12" id="svg-icon-add"><path d="M2.975.8C3.892.267 4.89 5.97 s2.78.267 2.995.8c.917.533 1.642 1.258 2.175 2.175.533.917.8 1.915.8 2.995s-.267 2.78-.8 2.995c-.533.917-1.258 1.642-2.175 2.175-.917.533-1.915.8-2.995.8s-2.78-.267-2.995-.8C2.58 1.67 1.333 9.882.8 8.965.267 8.48 7.5 5.97s.267-2.78.8-2.995C1.333 2.58 2.58 1.333 2.975.8c -.917.533 zM4.97 2.97v2h-2v2h2v2h2v-2h2v-2h-2v-2h-2z" fill-rule="evenodd" /></symbol><symbol viewBox=" 12 9" id="svg-icon-arrow"><path d="M6 5.993c-.633.14-1.243.8-1.83.2-.587.12-1.153.293-1.7.52-.547.226-1.37.534-1.47.924-.433.39-.767.84-1 1.353.4-.88.177-1.673.41-2.382.233-.71.578-1.352 1.35-1.928.457-.576 1.7-1.36 1.84-1.38.77-.342 1.675-.54 2.715-.593Vl6 4.525L6 9V5.993z" /></symbol><symbol viewBox=" 5 1" id="svg-icon-arrow-2"><path d="M4.8.2L.2 4.8l4.6 4.4" /></symbol><symbol viewBox=" 1 16" id="svg-icon-arrow_long"><g fill-rule="nonzero" fill="#FFF"><path d="M5 15.12a.63.63 1-.427-.187L1 1.747c-.213-.24-.16-.587.53-.8a.557.557 1 .8.53L5 13.77l3.147-3.68a.557.557 1 .8-.54c.24.214.266.56.53.8l-3.573 4.16A.63.63 1 5 15.12z" /><path d="M5 15.12c-.32 -.56-.24-.56-.56V1.44c-.32.24-.56.56-.56.32 .56.24.56.56v13.12c .32-.24.56-.56.56z" /></g></symbol><symbol viewBox="-.2 8.2 14" id="svg-icon-caret"><path d="M5.7 7L-.2 h2.4L8 7l-5.8 7H-.2" /></symbol><symbol viewBox="-.2 14 14" id="svg-icon-caret-double"><path d="M6.334 7l-5.9-7h2.4l5.8 7-5.8 7h-2.4" /><path stroke="null" d="m11.57474,7l-5.9,-7l2.4,l5.8,7l-5.8,7l-2.4," /></symbol><symbol viewBox="-1 -1 18 18" id="svg-icon-checkbox-back"><rect width="16" height="16" rx="2" /></symbol><symbol viewBox="-4 -7 18 18" id="svg-icon-checkbox-dash"><path d="M h1v4Hz" /></symbol><symbol viewBox="-1 -1 18 18" id="svg-icon-checkbox-mark"><path d="M6 13l8-8-2-2-6 6-2-2-2 2 4 4z" /></symbol><symbol viewBox="-1 -1 18 18" id="svg-icon-checkmark"><path d="M6 13l8-8-2-2-6 6-2-2-2 2 4 4z" /></symbol><symbol viewBox=" 16 16" id="svg-icon-close"><path d="M8 9.992L2.4 16 13.99 6.12 8 1.976 1.958 8 6.2 14.42 16 1.976 9.988 8 16 13.99 13.996 16 8 9.992z" /></symbol><symbol viewBox=" 16 16" id="svg-icon-close-2"><path d="M8 16c4.418 8-3.582 8-8s-3.582-8-8-8-8 3.582-8 8 3.582 8 8 8zm1.255-7.99c1.466-1.485 2.88-2.138 2.89-2.91-.36-.416-.922-.95-1.264-1.367-.742.812-1.665 1.822-2.87 3.5-1.466-1.486-2.68-2.14-2.85-2.95-.43.395-1.25.91-1.427 1.227l3.32 2.93c-1.245 1.28-2.23 2.138-3.32 2.93.382.377 1.4 1.1 1.285 1.327.763-.792 1.46-1.465 2.992-3.5 1.165 1.21 2.18 2.238 2.85 3.7.43-.377 1.65-.97 1.47-1.267-.83-.773-1.446-1.426-3.12-2.99z" fill-rule="evenodd" /></symbol><symbol viewBox=" 11 12" id="svg-icon-clu"><path d="M1 1h9.25v9.5h-4.5l.5-1-2-.5v1.5l-3 .5z" fill-rule="evenodd" /></symbol><symbol viewBox=" 32 32" id="svg-icon-contract"><path d="M6.68 18.865h6.463v6.467l-2.84-2.1L6.293 28 4 25.72l4.765-4.77-2.84-2.85zm16.554-7.816l2.84 2.1h-6.46V6.685L2.94 8.77 25.77 4 28 6.28l-4.766 4.77zm-1.1-4.37v6.463H6.67l2.1-2.84L4 6.293 6.28 4l4.77 4.765 2.85-2.84zm7.817 16.554l-2.1 2.84v-6.46h6.466L23.23 2.94 28 25.77 25.72 28l-4.77-4.766z" /></symbol><symbol viewBox=" 26 24" id="svg-icon-credit_card_icons">

<title>credit card icons

Aaron Z

 

[aczlan]

And: https://www.acrevalue.com/
Aaron Z

I see that now, that is the acrevalue site including something in their HTML site description (which TBN retrieves to have something more user friendly than the web address for the clickable link) that is confusing the TBN link name parser.
If you click on "Go Advanced" and uncheck the "Automatically parse links in text" it may help with that.

Aaron Z

 

[PILOON]

LOL, I for one won't click onto that mess of a link, 'just in case'