Adding Javascript to eBay listing code

Have questions about LastPass, or having problems using it? Ask for help here!

Moderators: admin, anatoly_LP, chantieLP, Israel, JoeSiegrist, robyn

Re: Adding Javascript to eBay listing code

Postby fastpass » Sat Aug 04, 2018 1:51 pm

I have had a LastPass support ticket open for probably a year, with much back-and-forth about LastPass injecting Javascript into Ebay listings.

There are a dozen or more threads about this in the Ebay seller forums.

The LastPass Javascript is readily visible in the HTML editor window of the Ebay listing. (I have sent this many times to LastPass.) Ebay used to publish it visibly in listings, but inserted a Javascript checker last year. I routinely get Ebay warnings to clean the LastPass Javascript out of my listings, that's Ebay's fix.

To say the least, this is inconvenient.

To my knowledge, LastPass has done nothing about this. Why the LastPass plug-in chooses to post LastPass Javascript in an Ebay editor window -- I haven't seen this in an authoring window anywhere else -- is known only to LastPass. ( I use Firefox on Mac desktop.)

To me, this is an indication LastPass is not as attentive to security issues as it should be. Why would it want any amount of its coding to be exposed?
fastpass
 
Posts: 12
Joined: Wed Dec 17, 2014 11:29 pm

Re: Adding Javascript to eBay listing code

Postby FlyingHawk » Sat Aug 04, 2018 3:49 pm

fastpass Wrote:To me, this is an indication LastPass is not as attentive to security issues as it should be. Why would it want any amount of its coding to be exposed?

These javascript code are intentionally injected, not accidentally "leaked". As far as LastPass is concerned, it's not a security issue.

Plus, anyone can see all of LastPass extension's javascript code. Exposed code is not a security issue.
FlyingHawk
 
Posts: 706
Joined: Wed Mar 18, 2015 12:04 pm

Re: Adding Javascript to eBay listing code

Postby fastpass » Sat Aug 04, 2018 5:40 pm

Why would LastPass post any kind of code in an Ebay listing? What purpose does this serve for LastPass?

This code is not injected in any other kind of edit window that I've seen.
fastpass
 
Posts: 12
Joined: Wed Dec 17, 2014 11:29 pm

Re: Adding Javascript to eBay listing code

Postby FlyingHawk » Sat Aug 04, 2018 8:03 pm

LastPass inject javascript code into some webpages to help locate username/password fields and achieve autofill. That the code got into the edit window is probably just an unfortunate side effect.
FlyingHawk
 
Posts: 706
Joined: Wed Mar 18, 2015 12:04 pm

Re: Adding Javascript to eBay listing code

Postby fastpass » Sat Aug 04, 2018 10:44 pm

There are no fields to autofill, no username or password field, on an Ebay listing form. The code is injected into an edit window for a listing. LastPass is an uninvited visitor.

As I've said before, the code from LastPass is not injected into edit windows on any other form, including those that appears on pages where there is a username or password field. This behavior is peculiar to LastPass in relation to Ebay only.

You're talking through your hat, as we say.
fastpass
 
Posts: 12
Joined: Wed Dec 17, 2014 11:29 pm

Re: Adding Javascript to eBay listing code

Postby FlyingHawk » Sat Aug 04, 2018 11:27 pm

What part of "unfortunate side effect" do you not understand? I didn't say it's correct behavior.
LastPass injects this code into *every* ebay webpage in order to *find* login fields if any exists. It doesn't know a priori if login fields exist on the page.
It just so happens that in the listing editing page, the code somehow ended up in the edit window.

I was only replying to your question of why LastPass does this, and why it's not a security issue. I was NOT commenting on the more general problem of the code ending up in listings.
FlyingHawk
 
Posts: 706
Joined: Wed Mar 18, 2015 12:04 pm

Re: Adding Javascript to eBay listing code

Postby fastpass » Sun Aug 05, 2018 12:55 pm

Why does LastPass choose Ebay for this behavior? As I said before, it does not appear in any other edit window on any other site or platform.

It is certainly a bug in LastPass that has been ignored for years. Clearly, you're not an Ebay seller or you would know how annoying this is.
fastpass
 
Posts: 12
Joined: Wed Dec 17, 2014 11:29 pm

Re: Adding Javascript to eBay listing code

Postby FlyingHawk » Sun Aug 05, 2018 3:27 pm

Presumably because it's a bit difficult to find and autofill ebay's login fields. Some other sites also have site-specific injected code, e.g. PayPal, Spotify.

Again, I'm only answering technical questions. I'm not commenting on the overall problem. Whether I'm ebay seller or not has no relevance.
FlyingHawk
 
Posts: 706
Joined: Wed Mar 18, 2015 12:04 pm

Re: Adding Javascript to eBay listing code

Postby fastpass » Tue Aug 07, 2018 3:34 pm

FYI, for those who wish to be fully informed about the fields on the Ebay Web page in question instead of piping theories through their nether regions, here's a screenshot of the page https://drive.google.com/open?id=14cH8V ... 5o6CPlsGHx

There are no log-in fields whatsoever on this page. The red arrow indicates the HTML tab of the Edit window, where LastPass deposits its unwelcome Javascript.

As a matter of fact, here it is in this new test listing:

https://drive.google.com/open?id=1OTo0N ... wzrhJ6mA6m
fastpass
 
Posts: 12
Joined: Wed Dec 17, 2014 11:29 pm

Re: Adding Javascript to eBay listing code

Postby FlyingHawk » Tue Aug 07, 2018 3:48 pm

Whether or not there's login fields on the page has no relevance.
As I said before, part of the purpose of the code is to find out whether there's a login field. Injected code is site-specific, not page-specific.
FlyingHawk
 
Posts: 706
Joined: Wed Mar 18, 2015 12:04 pm

PreviousNext

Return to General Support & Troubleshooting

Who is online

Users browsing this forum: Gelphyn and 79 guests