Utility iframe from the Lockerz-AddToAny JS [#1694244]

Dear Sirs,

I installed a 'Share on social media' module in my Drupal 7 site called AddToAny. http://drupal.org/project/addtoany

I'm working on customizing my Aqcuia theme and stumbled on the code below hidden in my site right at the top of the html:

iframe id="a2apage_sm_ifr" width="1" height="1" frameborder="0" style="border: 0px none; left: 0px; top: 0px; position: absolute; z-index: 100000; display: none;" transparency="true" allowtransparency="true" src="http://a2a.lockerz.com/menu/sm9.html#type=page&event=load&url=http%3A%2F...">

/iframe

(I took out the enclosing brackets in case it's uncool to send that code out...)

People more technical than I suggest that this is at best unethical and that I should report it to you.

The module does not make it clear that any sort of referral advertising is included with an install.

Comments

Comment #1

killes@www.drop.org CreditAttribution: killes@www.drop.org commented 20 July 2012 at 10:16

Thanks for reporting this.

We've had the same problem with the same module in #851680: Removing and documenting 3rd party tracking pixel on AddToAny.

We had resolved this by adding a remark on the project page.

That notice was removed by the maintainer a few months later.

I have re-added the notice.

Not sure how we should deal with the removal problem.

Comment #2

greggles

he/him

English

Denver, Colorado, USA

CreditAttribution: greggles commented 20 July 2012 at 14:59

Project:	Drupal.org site moderators	» AddToAny Share Buttons
Version:		» 7.x-4.0
Component:	Project problem	» Documentation

I solved the removal problem by making the input format full html.

Moving this issue to the module issue queue so it can be discussed with the maintainer.

Comment #3

SMartin CreditAttribution: SMartin commented 27 July 2012 at 11:32

Guys,

If the maintainer has been warned already and removed the flag from the project page, then surely they should be banned from the site. This sort of thing will only give Drupal a bad name in the long term.

Comment #4

webmestre CreditAttribution: webmestre commented 20 December 2012 at 07:42

Same for me.
How is it possible a so bad code could remain as a Drupal module ? :(((((

Comment #5

micropat CreditAttribution: micropat commented 15 October 2014 at 23:16

Title:	Hidden code in module.	» Utility iframe from the Lockerz-AddToAny JS
Component:	Documentation	» Miscellaneous
Category:	Bug report	» Task
Issue summary:	View changes
Status:	Active	» Closed (fixed)

Resolved a couple years ago. AddToAny isn't affiliated with Lockerz anymore, a link to the privacy policy is in the module description, and the module has a checkbox to disable 3rd party cookies, too.

Worth noting, the utility iframe is what does the cross-domain messaging for AddToAny features and user preferences.