The craziest thing that could possibly happen on my professional life as a Software Engineer happened on August 18th, 2016. That day I discovered that I could perform a massive Rick Roll attempt against the US presidential candidate Donald Trump.
The crazy story begins with an unexpected e-mail from a guy named Shu Uesugi – a San Francisco based Engineer currently working for EdSurge – asking for permission to mention my name and share with the world what he just discovered.
After reading his e-mail and his draft I was like:
The short story is that Donald Trump has a donate page which is using my open-source project jQuery Mask Plugin to guide his visitors on the tricky quest of filling up web forms – so far so good.
The shit hits the fan when the developer of his 2MM dollars website decides to include the minified version of jquery mask plugin file pointing directly to the demonstration page of my project (hosted in github.io). I have 100% control over this file and the developer simply injected the file on the page (instead of saving the file on his servers) and I could just replace or inject something nasty in it to make the most ambitious trolling attempt against the US presidential candidate.
Yet, in shock, I decided to share this with my personal friends on Facebook:
In only MY post I got 714 likes, 139 comments and an impressive 262 shares, hundreds of people randomly sending me friend requests, sending me messages on Twitter, Facebook and e-mails… giving me ideas and warning me about the window of opportunity that I got to do something about Trump. People really liked the possibilities of what Uesugi discovered . At the end of the post I asked for ideas of what each person would do if they were in my position – oh boy… that was fun!
@igorescobar SO. MUCH. POWER.
— Eduardo Shiota (@shiota) August 18, 2016
All of the sudden I became some sort of super-man with a power that could change the world. People were like… DO IT! DO IT! Say something! Make a beautiful rain of penises with wings upon his website! And I was like… Wow… People really want to say something to this guy…
They even opened a hilarious pull request on their own, pure team work, in attempt to do something and hoping I’d merge it (sadly it was deleted).
The discovery was discussed everywhere:
- Hacker News
- Trump’s campaign donation website used open-source code sloppily, risking ridicule and worse
- Donald Trump’s Donation Website Was Easily Hackable
- Facebook post
After watching all this, receiving all those tweets, messages and emails showing nothing but pure
hate love towards Trump. Of course, the bad news spreads fast and in a matter of hours the code on Trump’s website was fixed. People were in tears. e.g:
Then I posted this on twitter:
Yep. At the bottom of your heart you agree with me that this would be wrong. jQuery Mask Plugin is a serious project which took years of hard work and commitment to the community to build its reputation. I can’t just throw it all away for the public’s amusement. To make people laugh. To make a statement against someone – even if this someone is a US presidential candidate like Donald Trump.
The true sad history behind this is that Donald Trump’s website cost 2MM dollars, they are using several open sourced projects like our jQuery Mask Plugin and they don’t even donated 1.00 freaking dollar in our donate page to support its development.
11 thoughts on “I’ve had the chance to troll Donald Trump. But I didn’t.”
Here’s the craic: How was the development team of a U$2m dollars website unaware of potential XSS attacks? They surrely didn’t think twice before consuming code from a third party GitHub repo. Don’t even get me started on linking directly to external resources.
This is not about a clever engineer from the Bay Area publishing an article all over the Internet. This is not about a Brazilian kid claiming to be able to inject explicit images into Trump’s website for his own amusement (No offence. I’m originally from Brazil as well, and I got the news in Portuguese straight from your Facebook timeline). It is about the damage that could have been done otherwise. Tell me about one big fat lawsuit .
“…they don’t even donated 1.00 freaking dollar in our donate page to support its development.”
Which is funny, considering that the plugin is used to ask people to donate to Trump.
Remember kid’s, never use external sources.
They should have donated at least because you saved them a bunch of work by not trolling Trump’s website. lol
Hope you have received some donation from them by now 😉
Thanks for taking the high road, Igor. Nice to be able to rely on your integrity.
Precisa-se de mais pessoas como você Igor.
Estava procurando um plugin para máscara de MAC em input e agora to morrendo de rir de madrugada …kkkkkkkkkkkkkkkk. Muito boa a história. Vai para a minha linha do tempo do facebook.
donated 1 $ bro
Because of your integrity, I will be using your plugin any chance I get.
Omg, after that i will use your plugin any time!