发表新帖
发表新帖

Ways to insert javascript into URL?

前端 未结
关注
9 1039
感动是毒
感动是毒 2020-12-17 17:32

Duplicate of:

What common web exploits should I know about?

This is a security question.

What should I

9条回答
  • 盖世英雄少女心
    盖世英雄少女心 (楼主)
    2020-12-17 17:55

    old question that I stumbled into that I believe deserves an update... You can infact execute javascript from the URL, and you can get creative about it too. I recently made a members only area that I wanted to remind someone what their password was, so I was looking for a non-local alert...of course you can embed an alert into the page itself, but then its public. the difference here is I can create a link and slip some JS into the href so clicking on the link will generate the alert.

    here is what I mean >>

    You can have anything

    and so upon clicking the link, the user is given an alert with the info, then they are taken to the new page.

    obviously you could also write an onClick, but the href works just fine when you slip it through the URL, just remember to prepend it with "javascript:"

    *works in chrome, didnt check anything else.

    0 讨论(0)
 看不清?
提交回复
热议问题