I was doing some research with emails and I believe I found an interesting technology, perhaps something very powerful from a cyber-security perspective.
If you open a Yahoo email in Google Chrome and click "Forward", you can do so with the javascript console.
You get the element by its classname or id and use the .click(), for instance after you open an email write this in your console
let x = document.getElementsByClassName("r_P u_b C_Z2aVTcY b_0 P_0 M_0 H_6Nds A_6EqO y_Z2hYGcu I_T C4_Z29WjXl ir3_1JO2M7 it3_dBP")[2];
x.click();
However there is no way to add your input programmatically and it makes me wondering how this is even possible.
In the image above, you can click on the "To" parameter and it will work. However THERE IS NO WAY to set your input from the javascript console in Google Chrome and then press the Send Button because it will simply not work. Don't believe me? Try it.
I noticed that one of the inputs has a "value" attribute which changes to the email you write as seen in the next picture
I did everything to set the right input, including the following commands:
let x = document.querySelectorAll('[id=message-to-field]')[0]
x.setAttribute("value","fakeemail@yahoo.com");
The email sets up correctly however when I click "Send" I get the error that no email was set
Other things I tried worth mentioning
- Set up the email with a ; at the end like fakeemail@yahoo.com;
x.value = "fakeemail@yahoo.com"; // this sets the internal value, not the value attributex.parentElement.innerText = "fakeemail@yahoo.com";
I now have two questions:
- How is this possible in terms of technology? Does Yahoo constantly control client-side inputs and at what expense (e.g resources, loading time, etc.) ?
- Assuming there is a way, how can we set up the email input using the Javascript console in Google Chrome?
