admin管理员组

文章数量:1334162

In many browsers you can do something like this:

javascript: alert("...");

Is there any way to bine that with a url? I'm thinking of something like this:

: alert("...");

The effect would be that the javascript would be executed after the page is loaded (same effect as loading the URL and then entering the above javascript statement)

Edit: I can't use window.onload or anything like that because I don't necessarily own the page.

In many browsers you can do something like this:

javascript: alert("...");

Is there any way to bine that with a url? I'm thinking of something like this:

http://example.?javascript: alert("...");

The effect would be that the javascript would be executed after the page is loaded (same effect as loading the URL and then entering the above javascript statement)

Edit: I can't use window.onload or anything like that because I don't necessarily own the page.

  • javascript
Share Improve this question asked Jan 29, 2010 at 4:43 gamedevvgamedevv 3151 gold badge4 silver badges8 bronze badges
Add a ment  | 

4 Answers 4

Reset to default 9

No you can't do that. If you could it would represent a security problem as you could run arbitrary Javascript on another domain's page, which is what XSS ("cross-site scripting") is all about.

Basically any Javascript that runs on the new page has to be on the new page.

Edit: The difference between executing Javascript on the current page and on some arbitrary other page is huge. On the current page, by definition you have access to it so you can run anything you want. There is no security risk inherent with that. But what if you could execute arbitrary code on another page?

It would allow you to do this:

  • force the user to a banking Website;
  • retrieve their cookie on that site (you can do that with JS); and
  • redirect that user with to a malicious Website passing the cookie as a query parameter.

That's why you can't.

Why don't you do this

window.onload = function() {
    alert("...");
};

in your new page?

Just to clarify:

  1. A URL is not a link; it's a Uniform Resource Locator. When you ask for a "page", you're asking for a resource. That's why "http://mysite./myscript.cgi" can be a valid URL.

  2. A Hyperlink (href) can be a URL, or a location (Anchor) somewhere on the current page, or some local script (not necessarily Javascript).

It sounds as if you're trying to attach some action to an existing page. You might consider framing it (in a FRAME or IFRAME) and put your script in the enclosing page.

You can do it as a bookmark...but not a url per-se.

Have a look at the links specified in http://supergenpass./

本文标签: Any way to execute inline javascript as a URLStack Overflow

版权声明:本文标题:Any way to execute inline javascript as a URL? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742245248a2439101.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。