How to cause utter chaos on Facebook

It all began when a user pasted the value of the <i>jsText</i> variable in the address bar. The script create a new <i>script</i> DOM element and append it to <i>head</i> injecting the malicious links (so that there is no more need to run the bookmarklet-like link.)<p>The problem here is that the (old) Facebook prompt_page.php page:<p><a href="http://www.facebook.com/connect/prompt_feed.php" rel="nofollow">http://www.facebook.com/connect/prompt_feed.php</a><p>doesn't sanitize feed_info[action_links][0][href] allowing <i>javascript:</i> links.

Can someone post an image of what the "Remove this app" picture actually looks like? does it show as part of the newsfeed?

It seems as though she is more the victim of some asshole that may or may not know her, that is now trying to extract some revenge by making her life a miserable hell while this mess gets sorted out.

seems like a better way to cause a dns attack on the file hosters machine no? better title: dns attack from facebook.

Makes a vulgar post on a users wall, if the user clicks "Remove this app" it then post it to all your friends walls.<p>Reddits reaction thus far <a href="http://www.reddit.com/r/reddit.com/search?q=nicole+santos" rel="nofollow">http://www.reddit.com/r/reddit.com/search?q=nicole+santos</a><p>Edit: I think facebook has already taken it down, it lasted about 30 minutes.

Great, you found a script injection. However, I think you misunderstand "Hacker News"