A colleague of mine has a weird issue with web intents. When he loads a web intent link (retweet, favorite…), eg this one from the @twitter account:
Then the formulary is automatically approved! After close inspection, it appears than we he does the query, a wild code block is injected, right before the “begin Google analytics” tag:
Does anyone encountered this before? Where does it come from, a local malware, or a condition in the template that generates the page?
What is surprising is that is very “accurate” (a match on the ‘retweet_btn_form’ id. It’s not a random guess or mistake, the rogue script really wants to auto-retweet without asking for user’s permission)
He tested and has the issue on Chrome (no plug-ins) and Firefox, both on Windows.
Personally I tried to reproduce it on my machine (with my own user account) but without success.