开发者

Any way to execute inline javascript as a URL?

问答 作者:

In many browsers you can do s开发者_开发知识库omething like this:

javascript: alert("...");

Is there any way to combine that with a url? I'm thinking of something like this:

http://example.com?javascript: alert("...");

The effect would be that the javascript would be executed after the page is loaded (same effect as loading the URL and then entering the above javascript statement)

Edit: I can't use window.onload or anything like that because I don't necessarily own the page.

No you can't do that. If you could it would represent a security problem as you could run arbitrary Javascript on another domain's page, which is what XSS ("cross-site scripting") is all about.

Basically any Javascript that runs on the new page has to be on the new page.

Edit: The difference between executing Javascript on the current page and on some arbitrary other page is huge. On the current page, by definition you have access to it so you can run anything you want. There is no security risk inherent with that. But what if you could execute arbitrary code on another page?

It would allow you to do this:

  • force the user to a banking Website;
  • retrieve their cookie on that site (you can do that with JS); and
  • redirect that user with to a malicious Website passing the cookie as a query parameter.

That's why you can't.

Why don't you do this

window.onload = function() {
    alert("...");
};

in your new page?

Just to clarify:

  1. A URL is not a link; it's a Uniform Resource Locator. When you ask for a "page", you're asking for a resource. That's why "http://mysite.com/myscript.cgi" can be a valid URL.

  2. A Hyperlink (href) can be a URL, or a location (Anchor) somewhere on the current page, or some local script (not necessarily Javascript).

It sounds as if you're trying to attach some action to an existing page. You might consider framing it (in a FRAME or IFRAME) and put your script in the enclosing page.

You can do it as a bookmark...but not a url per-se.

Have a look at the links specified in http://supergenpass.com/

继续阅读:javascript

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9