cross site scripting using script tag ,change src of a script tag, can we use id for script tag
<body>
<!-- some html code -->
<script src='some.js'></script>
<!-- some html code -->
</body>
The script some.js loads a form. when i press update in that form i do not submit the form inste开发者_JAVA百科ad i form a query string and want to send it as some.js?key=value
Now i need to change the src of the script tag.
If we change the src will it work by again requesting a new content? Can we use ID for script tag and if so will it be supported by all browsers?
when the new content is received i will clear the old content displayed by this script. i think it is better to have a div and put all the contents inside that div. i am rewriting script.js to script.php in my htaccess just show the users that it is just a javascript access or no problem for me if i give a .php.
The above is the basic requirement.
What we need is just to use a script tag which will fetch content from another site and should update here.
you can give suggestions to use this in a standard way which will included updating the content from the x site.
so this is what people tell as cross site scripting, on demand javascript and please add more terminologies if any so that i will update myself.
any kind of response will do good.
According to W3C (http://www.w3.org/TR/REC-html40/interact/scripts.html#h-18.2.1) 'script' tag doesn't support any standard attributes (which includes 'id'), however it will work in most browsers. Instead of replacing 'script' tag 'src' attribute I would suggest removing the tag and adding new one - that’s more reliable. I would strongly suggest reading about JSONP and Cross-Origin Resource Sharing (http://www.w3.org/TR/cors/) - those are standards which should help you achieve what you want.
As @tpeczek mentioned, to change the script src attribute is not enough, some browsers will not reload the script.
Use the following to replace the tag:
var oldScript = document.getElementById('someID');
var script = document.createElement("script");
script.setAttribute("type","text/javascript");
script.setAttribute("id","someID");
script.setAttribute("src",url);
if (oldScript == null) {
document.body.appendChild(script);
} else {
document.body.replaceChild(script, oldScript);
}
couldnt you go the old fashioned way and walk through all script elements and check the src to find some.js?
UPDATE:
As a global attribute, id
appears to be supported for script tags in HTML5.
精彩评论