2014-03-26

> Does it fire on
http://evil.hackademix.net/alert.html
without allowing hackademix.net?

No.

And again, definite behavior difference between NoScript versions.

More of the (a) page:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!--! version 20140204b-133 / MATCH  -->
<!--! request id 2014-03-26-10:07:48:229 (16) -->
<!--! page id PAYMENT_HISTORY -->
<html lang="en-US">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="Description" content="This Bank of America Online Banking page for Bill Pay lists payments you have made." />
<meta name="li" content="en_US" />
<title>Bank of America | Online Banking | Bill Pay | Payments | Payments Overview</title>
<link rel="stylesheet" type="text/css" href="/sbp/0204b//bofa_master_cp.css">

<link rel="stylesheet" type="text/css" href="/sbp/0204b//cf_master_cp.css">

<link rel="stylesheet" type="text/css" href="/sbp/0204b//bofa_win_ns_6_cp.css">
<link rel="stylesheet" type="text/css" href="/sbp/0204b//cf_win_ns_6_cp.css">

<link rel="stylesheet" type="text/css" media="print" href="/sbp/0204b//print_cp.css">

<script language="JavaScript" type="text/javascript" src="/sbp/0204b/jquery/jquery-1.8.3.min.js"></script>
<script language="JavaScript" type="text/javascript" src="/sbp/0204b/cf_cp.js"></script>
<script language="JavaScript" type="text/javascript" src="/sbp/0204b/http_cp.js"></script>

<script type="text/javascript">
var ngshWinWidth       = 780;
var ngshWinHeight      = 580;
var ebillDemoWinWidth  = 775;
var ebillDemoWinHeight = 570;
var helpWinWidth       = 350;
var helpWinHeight      = 450;
var largeHelpWinWidth  = 450;
var largeHelpWinHeight = 500;
function loadHandler() {

}
</script>
<script type="text/javascript">
var SessionTimeout = {
TIMEOUT_WARNING_MESSAGE_1  : "For your safety and protection your Online Banking session is about to be timed out if there is no additional activity.",
TIMEOUT_WARNING_MESSAGE_2  : "If you are still working in your Online Banking session simply click OK to continue.",
TITLE_SIGNOFF              : "Bank of America | Online Banking | Automatic Sign Off Alert",
SECURITY_MESSAGE           : "Security Message",
REDIRECT_NOW               : "Redirect now...",
TIMEOUT_MESSAGE            : "For your safety and protection your Online Banking session has been timed out due to inactivity.\n\nThis timeout provides reassurance for your Online Banking safety.\n\nYou must sign in again to resume using your Online Banking.",
imgPath                    : "/sbp/0204b/images/",
timeoutWarningMilliseconds : 18 * 60000,
timeoutSignoutMilliseconds : 2 * 60000,
timerIdWarning             : null,
timerIdSignout             : null,
signoutUrl                 : "wps?rq=so&timeoutso=y&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e",
resetUrl                   : "wps?rq=timeout&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e",
IFrameTimeObj              : null,
popupBlocked               : false,
timeoutWarningDiv          : null,
//timeoutWarningIFrame       : null,
popupStylePosition         : ""
};
SessionTimeout.init = function() {
if (SessionTimeout.timeoutWarningMilliseconds > 0) {
SessionTimeout.set();
}
};
SessionTimeout.set = function() {
SessionTimeout.timerIdWarning = setTimeout(SessionTimeout.displayWarning, SessionTimeout.timeoutWarningMilliseconds);
SessionTimeout.timerIdSignout = setTimeout(SessionTimeout.signOut, SessionTimeout.timeoutWarningMilliseconds + SessionTimeout.timeoutSignoutMilliseconds);
};
SessionTimeout.reset = function() {
if (SessionTimeout.timerIdWarning) { clearTimeout(SessionTimeout.timerIdWarning); }
if (SessionTimeout.timerIdSignout) { clearTimeout(SessionTimeout.timerIdSignout); }
SessionTimeout.set();
};
SessionTimeout.signOut = function() {
SessionTimeout.timerIdSignout = null;
if (SessionTimeout.popupBlocked && SessionTimeout.timeoutWarningDiv) {
SessionTimeout.closePopup();
}
alert(SessionTimeout.TIMEOUT_MESSAGE);
self.status = SessionTimeout.REDIRECT_NOW;
self.location = SessionTimeout.signoutUrl;
};
SessionTimeout.displayWarning = function() {
SessionTimeout.timerIdWarning = null;
if ((window.navigator.browser.make == window.navigator.browser.BROWSER_CHROME) || // cannot detect pop-up is blocked or not for Chrome. We will assume it is blocked and show the layer.
(window.navigator.browser.make == window.navigator.browser.BROWSER_SAFARI)) // Safari does not have title for pop-ups. So we will have layer for Safari as well.
{
SessionTimeout.popupBlocked = true;
SessionTimeout.firePopup();
return;
}
var blankWindowTemplate = "/sbp/0204b/blank.html";
var timeout_option="toolbar=0"+",location=0"+",directories=0"
+",status=0"+",menubar=0"+",scrollbars=0"
+",resizable=0"+",width=310"+",height=290";
var timeout_win = window.open(blankWindowTemplate,"NewWindow",timeout_option,true);
if (timeout_win == null || typeof(timeout_win)=="undefined") {
SessionTimeout.popupBlocked = true;
SessionTimeout.firePopup();
}
else {
timeout_win.document.write('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">\n');
timeout_win.document.write('<HTML><HEAD><TITLE>'+SessionTimeout.TITLE_SIGNOFF+'<\/TITLE>\n'); //"Bank of America | Online Banking | Automatic Sign Off Alert";
timeout_win.document.write('<link rel="stylesheet" type="text/css" href="/sbp/0204b//bofa_master_cp.css">\n');
timeout_win.document.write('<link rel="stylesheet" type="text/css" href="/sbp/0204b//cf_master_cp.css">\n');
timeout_win.document.write('<link rel="stylesheet" type="text/css" href="/sbp/0204b//bofa_win_ns_6_cp.css">\n');
timeout_win.document.write('<link rel="stylesheet" type="text/css" href="/sbp/0204b//cf_win_ns_6_cp.css">\n');
timeout_win.document.write('<script language="JavaScript" type="text/javascript">\n');
timeout_win.document.write('function submitForm() { window.opener.SessionTimeout.reset(); document.frmTimeout.submit(); window.close();}\n');
timeout_win.document.write('function hover(ref, classRef) { eval(ref).className = classRef; }\n');
timeout_win.document.write('<\/script>\n');
timeout_win.document.write('<\/head>\n');
timeout_win.document.write('<body link="#0000cc" vlink="#ff0000"  alink="#cecece" onload=\'window.setTimeout("this.close()",'+(SessionTimeout.timeoutSignoutMilliseconds-2000).toString()+');\'>\n');
timeout_win.document.write('<div style="margin: 0px; padding: 0px; border: 0px; width: 310px; height: 55px;">\n');
timeout_win.document.write('<img alt="Bank of America" src="/sbp/i0204b/flagscape_banner.gif" border=0 width=310 height=55>\n');
timeout_win.document.write('<h1 class=ada>'+SessionTimeout.SECURITY_MESSAGE+'</h1>\n');
timeout_win.document.write('<div style="margin: 25px 10px 10px 10px; padding: 0px; border: 0px; width: 290px; height: 150px;">\n');
timeout_win.document.write('<p class="text2">\n');
timeout_win.document.write(SessionTimeout.TIMEOUT_WARNING_MESSAGE_1);
timeout_win.document.write('<br><br>\n');
timeout_win.document.write(SessionTimeout.TIMEOUT_WARNING_MESSAGE_2);
timeout_win.document.write('<\/p>\n');
timeout_win.document.write('<\/div>\n');
timeout_win.document.write('<div style="margin: 0px 10px 10px 10px; padding: 0px; border: 0px; width: 290px; height: 20px;">\n');
timeout_win.document.write('<FORM METHOD=POST name=frmTimeout ACTION="'+SessionTimeout.resetUrl+'">\n');
timeout_win.document.write('<table cellpadding="0" cellspacing="0" align="center" border="0">\n');
timeout_win.document.write('<tr><td>\n');
var t = create_button_str("OK", "javascript:submitForm();", "btn1", null, null, null, null, "", null);
timeout_win.document.write(t+'\n');
timeout_win.document.write('\n<\/td></tr>\n');
timeout_win.document.write('<\/table>\n');
timeout_win.document.write('<\/form>\n');
timeout_win.document.write('<\/div>\n');
timeout_win.document.write('<\/div>\n');
timeout_win.document.write('<\/body>\n');
timeout_win.document.write('<\/html>\n');
timeout_win.document.close();
}
};
SessionTimeout.firePopup = function() {
if (!SessionTimeout.timeoutWarningDiv) {
// The popup layer is only created once.
SessionTimeout.createPopup();
SessionTimeout.timeoutWarningDiv = document.getElementById('timeout_warning_div');
//SessionTimeout.timeoutWarningIFrame = document.getElementById('timeout_warning_iframe');
// What is the position style of the popup? How to find out depends on the browser. The outcome "fixed" or "absolute" also depends on the browser (see style sheets).
if (SessionTimeout.timeoutWarningDiv.currentStyle) {
// IE
SessionTimeout.popupStylePosition = SessionTimeout.timeoutWarningDiv.currentStyle.position;
}
else if (window.getComputedStyle) {
// W3C
SessionTimeout.popupStylePosition = window.getComputedStyle(SessionTimeout.timeoutWarningDiv, null).position;
}
}
SessionTimeout.positionPopup();
setSelectBoxVisibility(false);
SessionTimeout.timeoutWarningDiv.style.display = "";
if (SessionTimeout.popupStylePosition == "absolute") {
// Register scroll handlers for absolutely positioned popup. Needs to be repositioned to the center of the viewport if user scrolls.
if (document.addEventListener) {
document.addEventListener("scroll", SessionTimeout.positionPopup, false);
}
else if (window.attachEvent) {
window.attachEvent("onscroll", SessionTimeout.positionPopup);
}
}
};
SessionTimeout.createPopup = function() {
makeDom(document.body, ['div.session_timeout', {id:"timeout_warning_div"},
['img', {src:SessionTimeout.imgPath+"flagscape_banner.gif", alt:"Bank of America", border:"0", width:"310", height:"55"}],
['div',
['table', {width:"100%", cellSpacing:"0", cellPadding:"0", border:"0", summary:""},
['tbody',
['tr',
['td', {width:"100%"},
['div', {style:"width: 1px; height: 19px; font-size: 0px;"}]
]
],
['tr',
['td', {vAlign:"top", style:"padding: 0px 7px 0px 8px; height: 157px;"},
['p.text2',
SessionTimeout.TIMEOUT_WARNING_MESSAGE_1,
['br'],
['br'],
SessionTimeout.TIMEOUT_WARNING_MESSAGE_2
]
]
],
['tr',
['td', {vAlign:"top", align:"center"},
['table', {cellSpacing:"0", cellPadding:"0", border:"0", summary:""},
['tbody',
['tr',
['td',
['div.btn1',
['a.btn1', {href:"javascript:SessionTimeout.resetPopup();"}, "OK"]
]
]
]
]
]
]
],
['tr',
['td', {width:"100%"},
['div', {style:"width: 1px; height: 27px; font-size: 0px;"}]
]
]
]
]
]
]
);
};
SessionTimeout.closePopup = function() {
SessionTimeout.timeoutWarningDiv.style.display = "none";
setSelectBoxVisibility(true);
//SessionTimeout.timeoutWarningIFrame.style.display = "none";
SessionTimeout.popupBlocked = false;
};
SessionTimeout.positionPopup = function() {
if (SessionTimeout.popupStylePosition == "absolute") {
// Absolute positioned popup layer (IE).
// Absolute positioned elements are positioned with respect to the containing block, which in this case is the document.
SessionTimeout.timeoutWarningDiv.style.top = document.body.scrollTop + (document.body.clientHeight-280)/2+"px";
SessionTimeout.timeoutWarningDiv.style.left = document.body.scrollLeft + (document.body.clientWidth-312)/2+"px";
}
else {
// Fixed positioned popup layer (W3C).
// Fixed positioned elements are positioned with respect to the viewport.
SessionTimeout.timeoutWarningDiv.style.top = (document.body.clientHeight-280)/2+"px";
SessionTimeout.timeoutWarningDiv.style.left = (document.body.clientWidth-312)/2+"px";
}
//SessionTimeout.timeoutWarningIFrame.style.width = SessionTimeout.timeoutWarningDiv.offsetWidth;
//SessionTimeout.timeoutWarningIFrame.style.height = SessionTimeout.timeoutWarningDiv.offsetHeight;
//SessionTimeout.timeoutWarningIFrame.style.left = SessionTimeout.timeoutWarningDiv.offsetLeft;
//SessionTimeout.timeoutWarningIFrame.style.top = SessionTimeout.timeoutWarningDiv.offsetTop;
};
SessionTimeout.resetPopup = function() {
SessionTimeout.reset();
SessionTimeout.closePopup();
HTTP.getText(SessionTimeout.resetUrl, SessionTimeout.callback);
};
SessionTimeout.callback = function() {
return false;
};
// Initialize the timeout after the page has loaded.
if (window.addEventListener) {
window.addEventListener("load", SessionTimeout.init, false);
}
else if (window.attachEvent) {
window.attachEvent("onload", SessionTimeout.init);
}
</script><script type="text/javascript">
var fsdNavClientOptions = {
"clientName": "fiserv",
"clientBorneo": false,
"locale": "en-US",
"clientActiveTab": "billpay",
"searchSourceSite": "olb",
"searchSourceDir": "/login",
"searchSourceTitle": "Bank of America | Online Banking",
"entryURL": "wps?&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e",
"helpURL": "wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=payments_overview_help.htmlt",
"helpWindowName": "largeHelpWin",
"pipadDomainUrl":"https://secure.bankofamerica.com","PSDUrl":"https://safe.bankofamerica.com","headerDM":"247","fsdSSK":"ZHh1b0x6M0FrMnk=","sourceApplication":"billpay","multipleBillPayOption":"false"
};
</script>
<script language="JavaScript" type="text/javascript" src="https://secure.bankofamerica.com/pa/components/utilities/top-nav-util/1.1/script/topnav.js"></script>
<style>
#olb-globals-header-container .olb-header-module-fsdnav-skin .fsdnav-header ul.fsdnav-header-links .fsdnav-profile-settings a.fsd-locale-set,
#olb-globals-footer-container .olb-footer-module-fsdnav-skin .fsd-footer-links .fsd-locale-li,
#olb-globals-footer-container .olb-footer-module-fsdnav-skin .fsd-footer-links a.fsd-locale-set {
display:none !important;
}
</style>

</head>
<body onload="loadHandler();">

<div class="ada" ><a href="wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=help_screen_readers.htmlt" target="largeHelpWin" onfocus="window.status='Tips For Screen Readers'" onblur="window.status=''" onClick="this.href='javascript:popRemoteLarge(\'wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=help_screen_readers.htmlt\')';this.target=''">Tips For Screen Readers</a><br /><a href="#skipnav" onfocus="window.status='Skip navigational links'" onblur="window.status=''">Skip navigational links</a><img src="https://secure.bankofamerica.com/myaccounts/sec-redirect/ssopingback.go?source=billpay&pingbackToken=wbp&pts=20140326140748243" width="1" height="1" alt="" border="0" class="noprint"></div><table style="margin-left:12px" class="printonly" summary="" width="575" border="0" cellspacing="0" cellpadding="0"><tr><td valign="top"><img src="/sbp/i0204b/olb_masthead_nonav_575x83.gif" hspace="0" vspace="0" border="0" alt="Online Banking"></td></tr><tr><td><img src="/sbp/i0204b/clr.gif" width="575" height="20" hspace="0" vspace="0" border="0" alt=""></td></tr></table><div id="olb-globals-header-container" style="height:111px;" class="noprint"></div>
<table id="table_main" width="972"  border="0" cellspacing="0" cellpadding="0" summary="">
<tr>
<td>
<div class="spacer" style="height: 8px;"></div>
<div class="pagelabel" style="width:960px" >

<table width="960"  border="0" cellspacing="0" cellpadding="0" summary="">
<tr>
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0" summary="">
<tr valign="top">

<td style="padding-top:9px;"><a name="skipnav"></a><h1 class="title1 noprint">Payments Overview </h1><h1 class="title1print printonly">Payment Activity</h1></td>

</tr>
</table></td>
<td align="right" valign="top" style="padding-top:0px" nowrap>
<div style="vertical-align:top" class="text1"><span class="nav3-on">
Payments Overview
</span>
  <span class=blue-dot-nav3>•</span>  
<a href="wps?rq=apov&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e" title="" class="nav3-off">
Automatic Payments<span class="ada"> Overview page</span></a>
  <span class=blue-dot-nav3>•</span>  

<a href="wps?rq=selp&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e" class="nav3-off" title="">Make a Single Payment</a><img class="noprint" border="0" height=1 alt="" width="10" src="/sbp/i0204b/clr.gif"></div>
</td>
</tr>
</table>
<div class="spacer noprint" style="height: 8px"></div>
<div class="rulegrey3" style="width:960px"><img src="/sbp/i0204b/pixel.gif" border="0" alt="" width="1" height="1"></div>
<div class="spacer noprint" style="height: 13px"></div>
<noscript>
<table width="100%" style="border: 1px solid #D4001A;" border="0" cellspacing="0" cellpadding="0" summary="">
<tr>
<td valign="top" style="padding: 10px"><a name="error"><img src="/sbp/i0204b/icon_alert_info_27x27.gif" alt="Enable JavaScript to refresh this page"></a></td>
<td width="95%" valign="top" style="padding: 10px 120px 10px 0"><p class="text1">Your JavaScript is currently disabled. To continue, please adjust your browser settings to activate JavaScript and <a href="javascript:location.reload(true);" class="linkblue" title="Enable JavaScript to refresh this page">refresh</a> this page.</p></td>
</tr>
</table>
</noscript>
<div id="div_main" style="display: none;"><script type="text/javascript">document.getElementById("div_main").style.display = "";</script>

<table width="960" cellspacing="0" cellpadding="0" border="0">
<tr>
<td width="735" valign="top">
<table width="735" border="0" cellspacing="0" cellpadding="0" summary="">
<tr><td></td></tr>
<tr><td><span class="ada"><a name="top"></a><a class="ada" href="#search" title="Search for Payments">Search for Payments</a> <a class="ada" href="#activity" title="Payment Activity">Payment Activity</a></span></td></tr>
<tr><td></td></tr>
</table>
<form class="noprint" id="pmtSearch" name="pmtSearch" method="get" action="wps" style="margin:0px">
<input type="hidden" name="sp" value="8109">
<input type="hidden" name="oss" value="504cadaef3fc8866573e2934ee906d9e">
<input type="hidden" name="seasurf" value="00f532d5108cb41a322306e81774fea07b8286c910066d28fd9b6a6ad5a998fa">

<input type="hidden" name="rq" value="phq">
<input type="hidden" name="pgnum" value="">
<input type="hidden" name="pgtok" value="">
<input type="hidden" name="sort" value="">

<table width="100%" cellspacing="0" cellpadding="0" border="0" summary="">
<tr>
<td width="100%">
<table width="100%" cellspacing="0" cellpadding="0" border="0" summary="">
<tr>

<td class="module1title5" valign="middle" nowrap><h2>Search for Payments</h2></td>

<td class=module1title5 valign="middle" nowrap ><a title="Search for Payments help" href="wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=payments_overview_search_module.htmlt" target="largeHelpWin" onclick="this.href='javascript:popRemoteLarge(\'wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=payments_overview_search_module.htmlt\')';this.target=''"><img src="/sbp/i0204b/icon_help_12x12.png" alt="Search for Payments help" width="12" height="12" border="0" style="margin-left: 10px;"></a></td>
<td class="module1title5" valign="middle" align="right" width="90%" style="padding-right: 10px;"><span class="text2"><a id="showLink0" style="display: none" title="" href="javascript:showOpen0()" class="linkblue">Show the Search for Payments section</a><a id="hideLink0" style="display: none" title="" href="javascript:showClosed0()" class="linkblue">Hide the Search for Payments section</a></span></td>
</tr>
</table>
</td>
</tr>
<tr><td class=mod2-brdr2-hs><img src="/sbp/i0204b/clr.gif" width="1" height="1" alt="" border="0"></td></tr>
<tr><td class=mod2-brdr-hs><img src="/sbp/i0204b/clr.gif" width="1" height="1" alt="" border="0"></td></tr>
<tr>
<td>
<table width="100%" cellspacing="0" cellpadding="0" border="0" summary="">
<tr>
<td width="1" class="mod2-brdr-hs"><img src="/sbp/i0204b/clr.gif" width="1" height="1" border="0" alt=""></td>
<td>
<table width="100%" cellspacing="0" cellpadding="0" border="0" summary="">
<tr valign="top">

<td style="padding:15px 8px 20px;">

<a name="search"></a>
<div id="div_search_collapsed" style="display:none">
<span class="text1">To search for payments, click
<a title="" href="javascript:showOpen0()" class="linkblue">Show the Search for Payments section</a>.
</span>
</div>
<div id="div_search_expanded" style="display:none">
<table cellspacing="0" cellpadding="0" summary="">
<tr>
<td rowspan="9"><div style="width: 30px;" /></td>
<td valign="top" align="right"><span style="font-weight: bold" class="text2">Date:</span><span class="ada"> Use the date options to filter your payments by all dates or a date range</span></td>
<td><div style="width: 10px;" /></td>
<td>
<table cellspacing="0" cellpadding="0" summary="">
<tr>
<td></td>
<td valign="top" align="right"><input type="radio" id="all" name="dateRange" value="all"  style="margin: 0px; width: 18px; height: 14px;"></td>
<td colspan="5" valign="top"><label for="all"><span style="font-weight:bold;" class="text2">All dates</span><span class="ada"> Select this option to filter by all dates</span></label></td>
</tr>
<tr>
<td valign="top" style="padding-top: 3px;"></td>
<td valign="top" style="padding-top: 5px;"><input type="radio" id="range" name="dateRange" value="range" checked style="margin: 0px; width: 18px; height: 14px;"></td>
<td valign="top" style="padding: 5px 3px 0 0;"><label for="range"><span class="ada">Range of </span><span class="text2" style="font-weight: bold; ">Transactions from</span></label></td>
<td valign="top"><label for="fromDate"><span class="ada"> start date of </span></label><input type="text" size="6" value="02/27/2014" maxLength="10" id="fromDate" name="fromDate" class="date" onkeypress="document.pmtSearch.dateRange[1].checked=true"></td>
<td valign="top" style="padding: 5px 3px 0 3px;"><span style="font-weight: bold; " class="text2">to</span></td>
<td valign="top"><label for="toDate"><span class="ada"> end date of </span></label><input type="text" size="6" value="03/26/2015" maxLength="10" name="toDate" id="toDate" class="date" onkeypress="document.pmtSearch.dateRange[1].checked=true"></td>
<td valign="top" style="padding: 5px 0 0 3px;"><span class="text1a" style="">mm/dd/<span class="lowercase" title="4 digit year">YYYY</span></span></td>
</tr>
</table>
</td>
</tr>

Show more