1. |
It's not likely to happen from within the site itself, on any page. The cleared shop descriptions nowadays are often just the word filter catching up with the latest slang for derogatory words, or the result of somebody having their shop reported for whatever reason. The Neopets server subjects all board, lookup, pet page and shop input type="text", select and textarea fields to a filtering routine which removes JavaScript. This prevents users from executing scripts which could hijack your cookies.
Unless someone has copied your cookies from your browser's local database, captured your traffic as you browse, or installed an extension or script-injector, then your cookies are safe. |
2. |
(you need an account to see links) by clicking a link would only be possible if that link could be manipulated to execute code through a JavaScript event. (you need an account to see links) for a user's personal information by tricking them into manually entering their username and password is often associated with clicking a link, which will cause you to navigate to a site that is often disguised to look like the login page of the site you came from. A user may mistake that page as genuine and provide their credentials, resulting in their username and password being stolen. |
3. |
You'd want to look out for any code which is accessing the document.cookie object, then attempting to send that string off-site via an iframe request or postback, WebRTC, WebSocket or XMLHttpRequest. UserScripts can also use GM.xmlHttpRequest or GM_xmlhttpRequest to send data as well.
The trouble with detecting when code is stealing cookies is that a smart developer will (you need an account to see links) their code, which makes it difficult to decipher what it's doing. Furthermore, almost all of the methods mentioned above are used on the Neopets site in some capacity, either by the site itself, or the advertiser content you see as you browse. Attempting to manually identify the good from the bad will be a tedious task. |