如何通过URL栏将JavaScript注入网站? [英] How to inject JavaScript into a website through the URL bar?
问题描述
以下是我在页面中注入的JavaScript代码:
$ b
javascript:{document。 head.innerHTML + ='< script>函数inject(){alert(hello);}< / script>';
document.body.innerHTML + ='< button onclick =inject()>运行< / button>';}
在URL栏中运行这些代码后,我会检查网站的源代码。按钮和函数定义都存在,但按下按钮不会像预期的那样运行警报。
有什么问题?
-
有些浏览器不再接受javascript:直接从地址栏中获取,他们需要您调用脚本从一个小书签
-
你的语法有着一厢情愿的气息。你在这里尝试的方式永远不会这样工作
这个语法:
javascript:(function(){var s = document.createElement(script); s.src =somejsurl.js; document.getElementsByTagName(head) [0] .appendChild(s)})()
可能是更好的开始
为了执行此操作,您需要创建一个带有
< a href =javascript:(function(){var s = document.createElement('script'); s.src ='somejsurl.js'; document.getElementsByTagName('head')[0] .appendChild(s )})()> Exec的< / A>
在href代码中使用单引号并加载并将Exec拖放到书签
测试中,Chrome和Firefox有一个可以使用的命令行
如果您想创建脚本并且不加载它需要在你创建的按钮中嵌入脚本:
javascript:(function(){var b = document .createElement(button); b.onclick = function(){alert('hello')}; b.innerTHML ='Hello';})()
Here is the JavaScript code I inject into the page:
javascript:{document.head.innerHTML+='<script>function inject(){alert("hello");}</script>';
document.body.innerHTML+='<button onclick="inject()">Run</button>';}
After running this code in the URL bar, I inspect the source code of the website. Both the button and the function definition are present, however pressing the button does not run the alert as one would expect.
What could be the problem?
some browsers no longer accept javascript: directly from the location bar, they need you to call the script from a bookmarklet
your syntax smells of wishful thinking. What you try here would never work that way
This syntax:
javascript:(function() { var s = document.createElement("script"); s.src="somejsurl.js";document.getElementsByTagName("head")[0].appendChild(s)})()
might be a better start
To get this to execute, you would need to create an html page with
<a href="javascript:(function() { var s = document.createElement('script'); s.src='somejsurl.js';document.getElementsByTagName('head')[0].appendChild(s)})()">Exec</a>
using single quotes inside the href code and load and drag the "Exec" to the bookmarks
While testing, Chrome and Firefox has a command line you can use
If you want to create the script and not load it, you would need to inline the script in the button you created:
javascript:(function() { var b = document.createElement("button"); b.onclick=function() { alert('hello')}; b.innerTHML='Hello';})()
这篇关于如何通过URL栏将JavaScript注入网站?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
