Hijacking Opera’s Native Page using malicious RSS payloads
Whitelisted HTML Tags Definition – Opera Feed Subscription Page (Source – DragonFly)
HTML Tag Sanitizer/Filter Function – Opera Feed Subscription Page (Source – DragonFly)
So, here is an example PoC exploit code which executes the opera.feeds.subscribeNative function to automatically register a feed in Opera browser without user consent.
(Tested on Opera 10.00 Stable Build 1750)