I’ve had the chance to troll Donald Trump. But I didn’t.

The craziest thing that could possibly happen on my professional life as a Software Engineer happened on August 18th, 2016. That day I discovered that I could perform a massive Rick Roll attempt against the US presidential candidate Donald Trump.


The crazy story begins with an unexpected e-mail from a guy named Shu Uesugi – a San Francisco based Engineer currently working for EdSurge – asking for permission to mention my name and share with the world what he just discovered.

After reading his e-mail and his draft I was like:

The short story is that Donald Trump has a donate page which is using my open-source project jQuery Mask Plugin to guide his visitors on the tricky quest of filling up web forms – so far so good.

The shit hits the fan when the developer of his 2MM dollars website decides to include the minified version of jquery mask plugin file pointing directly to the demonstration page of my project (hosted in github.io). I have 100% control over this file and the developer simply injected the file on the page (instead of saving the file on his servers) and I could just replace or inject something nasty in it to make the most ambitious trolling attempt against the US presidential candidate.

Yet, in shock, I decided to share this with my personal friends on Facebook:

In only MY post I got 714 likes, 139 comments and an impressive 262 shares, hundreds of people randomly sending me friend requests, sending me messages on Twitter, Facebook and e-mails… giving me ideas and warning me about the window of opportunity that I got to do something about Trump. People really liked the possibilities of what Uesugi discovered . At the end of the post I asked for ideas of what each person would do if they were in my position – oh boy… that was fun!

All of the sudden I became some sort of super-man with a power that could change the world. People were like… DO IT! DO IT! Say something! Make a beautiful rain of penises with wings upon his website! And I was like… Wow… People really want to say something to this guy…

They even opened a hilarious pull request on their own, pure team work, in attempt to do something and hoping I’d merge it (sadly it was deleted).

The discovery was discussed everywhere:

After watching all this, receiving all those tweets, messages and emails showing nothing but pure hate love towards Trump. Of course, the bad news spreads fast and in a matter of hours the code on Trump’s website was fixed. People were in tears. e.g:

Screen Shot 2016-08-21 at 11.21.18 PM

Then I posted this on twitter:

Screen Shot 2016-08-21 at 11.18.18 PM

Yep. At the bottom of your heart you agree with me that this would be wrong. jQuery Mask Plugin is a serious project which took years of hard work and commitment to the community to build its reputation. I can’t just throw it all away for the public’s amusement. To make people laugh. To make a statement against someone – even if this someone is a US presidential candidate like Donald Trump.

Screen Shot 2016-08-21 at 11.22.27 PM

The true sad history behind this is that Donald Trump’s website cost 2MM dollars, they are using several open sourced projects like our jQuery Mask Plugin and they don’t even donated 1.00 freaking dollar in our donate page to support its development.

11 thoughts on “I’ve had the chance to troll Donald Trump. But I didn’t.

  1. Here’s the craic: How was the development team of a U$2m dollars website unaware of potential XSS attacks? They surrely didn’t think twice before consuming code from a third party GitHub repo. Don’t even get me started on linking directly to external resources.

    Think about it… What if instead of broadcasting the vulnerability someone decided to exploit it and, say, collect information about Trump’s campaign donors? Heck, there is a billion reasons not to include untrusted external minified Javascript code in a high profile website.

    This is not about a clever engineer from the Bay Area publishing an article all over the Internet. This is not about a Brazilian kid claiming to be able to inject explicit images into Trump’s website for his own amusement (No offence. I’m originally from Brazil as well, and I got the news in Portuguese straight from your Facebook timeline). It is about the damage that could have been done otherwise. Tell me about one big fat lawsuit .


  2. “…they don’t even donated 1.00 freaking dollar in our donate page to support its development.”

    Which is funny, considering that the plugin is used to ask people to donate to Trump.


  3. They should have donated at least because you saved them a bunch of work by not trolling Trump’s website. lol
    Hope you have received some donation from them by now 😉


  4. Estava procurando um plugin para máscara de MAC em input e agora to morrendo de rir de madrugada …kkkkkkkkkkkkkkkk. Muito boa a história. Vai para a minha linha do tempo do facebook.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: