开发者

how to inject javascript code in url to insert iframe in existing page

问答 作者:

I am able to get the following JS to create IFRAME and add it to the page.

The issue is if I create JS method on the page and ivoke it on a button click it works. But when I try to inject the same JS into the page url via setting the location.href it does not work the right way , rather it replaces the existing page with a new iframe.

Here is my code:

location.href =开发者_Go百科 "javascript:ifrm = document.createElement('IFRAME');ifrm.style.width = 60+'px';ifrm.style.height = 40+'px';document.body.appendChild(ifrm);";

You have to wrap it in a function...

location.href = "javascript:(function () {ifrm = document.createElement('IFRAME');ifrm.style.width = 60+'px';ifrm.style.height = 40+'px';document.body.appendChild(ifrm);})()";

...although you can simply replace the location.href change with the actual code:

ifrm = document.createElement('IFRAME');
ifrm.style.width = 60+'px';
ifrm.style.height = 40+'px';
document.body.appendChild(ifrm);

What Casey said... Or you could put a "void 0;" at the end of the script...

location.href = "javascript:ifrm = document.createElement('IFRAME');ifrm.style.width = 60+'px';ifrm.style.height = 40+'px';document.body.appendChild(ifrm); void 0;";

(I assume you're not actually doing this with location.href, but actually by typing/pasting into the url bar, or creating a bookmarklet... I used to get hit with this a lot when typing javascript into the url bar...)

Anyway, the key thing to note is that if you set the location (by any of those three methods) to a javascript url, and the last statement returns something, the document body is set to that object. In your code, the last line is document.body.appendChild(ifrm) and appendChild() returns the ifrm object. In my suggested answer, the last statement is a void, so the document body isn't replaced. In Casey's suggestion, the function doesn't have a return statement, so it's a void function, and the document body is also not replaced.

To get an idea of what's happening, try this instead:

location.href = "javascript:ifrm = document.createElement('IFRAME');ifrm.style.width = 60+'px';ifrm.style.height = 40+'px';document.body.appendChild(ifrm); 'Hello world';";

or for some variability in the outcome

location.href = "javascript:ifrm = document.createElement('IFRAME');ifrm.style.width = 60+'px';ifrm.style.height = 40+'px';document.body.appendChild(ifrm); confirm('Pick one');";

Assuming the string is saved in the variable mystring:

Method 1:

eval( mystring.replace("javascript:", "") );

Method 2 (if you want to keep the "javascript:"):

function clickLink(link) {
    var cancelled = false;

    if (document.createEvent) {
        var event = document.createEvent("MouseEvents");
        event.initMouseEvent("click", true, true, window,
            0, 0, 0, 0, 0,
            false, false, false, false,
            0, null);
        cancelled = !link.dispatchEvent(event);
    }
    else if (link.fireEvent) {
        cancelled = !link.fireEvent("onclick");
    }

    if (!cancelled) {
        window.location = link.href;
    }
}

var link = document.createElement("a");
link.src = mystring;

clickLink(link);

继续阅读:javascript

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9