Prepare!

In an attempt to avoid Facebook clickjacking attempts, such as that mentioned here:

http://blog.kotowicz.net/2009/12/new-facebook-clickjagging-attack-in.html

...I present the following UserJS script to confirm external Facebook links prior to navigating to them:

To download, click here

if (document.domain.match(/^(www\.)?facebook\.com$/) || document.domain.match(/\.fbcdn\.net$/)) {
   
   window.opera.addEventListener("AfterEvent", function(e1) {
      for (var i=0,l; l = document.links[i]; i++) {
         if (l.patched) continue;
         if (!l.href) continue;
         if (!l.href.match(/^http(s)?\:\/\/(www\.)?facebook\.com\/l\.php\?u\=http/)) continue;
         l.addEventListener("click", function(e2) {
            var a = e2.srcElement;
            while (a && a.tagName != "A") a = a.parentElement;
            if (!a || !a.href) return true;
            var href = a.href;
            if (!href.match(/^http(s)?\:\/\/(www\.)?facebook\.com\/l\.php\?u\=(http[^\&]+)\&/)) return true;
            var target = unescape(decodeURI(RegExp.$3));
            if (confirm("Are you sure you want to open this content?\r\n\r\n" + target)) return true;
            e2.returnValue = false; 
            e2.preventDefault(); 
            return false; 
         }, 0);
         l.patched = 1;
      }
   }, 0);
   
}

This script enumerates all links on a Facebook page looking for a specific URL pattern identified by Facebook's external link (l.php?u=) script. When found, it adds a new onclick event handler which prompts users to confirm external links prior to navigating to it.

For those of you who visit a lot of external links on Facebook, this script may be too noisy (ala Vista UAC prompts). However, if you prefer to confirm and investigate sites beforehand (eg, on McAfee's SiteAdvisor, Norton's SafeWeb, Google's Safe Browsing, or Malware Domain List), then this script may be useful.

Enjoy.