Read about issues with ZeroClipboard: http://seclists.org/fulldisclosure/2013/Feb/103
Results from scanning URL: htxp://urlx.at/sample-public-front-page.php?format=simple&action=shorturl&url=
Number of sources found: 2
Number of sinks found: 17
Results from scanning URL: htxp://urlx.at/js/ZeroClipboard.js?v=1.5
Number of sources found: 8
Number of sinks found: 10
Results from scanning URL: htxp://urlx.at/js/ZeroClipboard.js?v=1.5
Number of sources found: 2
Number of sinks found: 10
Re: http://xss.cx/2011/09/07/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report-09072011-03.html
Bitdefender flags: blacklisted link: urlx.at/javascript:void(location.href%3D
Code hick-up: html5shim.googlecode dot com/svn/trunk/html5.js benign
[nothing detected] (script) html5shim.googlecode dot com/svn/trunk/html5.js
status: (referer=urlx dot at/43oi)saved 2429 bytes 3c7b369485cadd585d24be44701e459c8aa54d60
info: [decodingLevel=0] found JavaScript
suspicious:
For typekit consider to load asynchronously: http://blog.typekit.com/2011/05/25/loading-typekit-fonts-asynchronously/
pol