使用完整的< script> eval中的标签是可能的吗? [英] Using complete <script> tag in eval is possible ?
问题描述
大家好,
我试着将window.location.href发送到服务器脚本谁将根据推荐名称comg生成动态javascript b
in as
param
现在bcz
< script language =" javascript" src =" NO JAVASCRIPT可以在这里使用 />
所以我看到了'如果我可以使用eval todo我正在做的事情
我几乎尝试了所有的东西,以下是最后一个
< script language =" javascript">
eval(" a =''http:// localhost / ws / getdojs / c896ec8408f27942fe4b85f033c3e3af?t = t001& u =''+ window .location.href");
alert(a); //这显示警报正确,但是它跟随行
让JS失败
//它给出错误,未终止的字符串文字
eval("< / script> < script language =''javascript''src =" + a +">");
//如果使用此代替eval,它还会给出与上面相同的错误
eval
//document.writeln("</script><script language =''javascript''
src =" + a +">");
< / script>
现在我的要求是我''我会得到javascript o当我通过
param'''中的正确URL时,我看到真的没有出路,任何?
我在这里完全迷失了......
PS:请给我发一封个人邮件给cc回复,也知道你是否想要问一些关于这个愚蠢需求的问题:-)
--Hemant
http://sp2p.net
>
推荐答案
他******* ***@gmail.com 写道:
he**********@gmail.com wrote:
现在bcz
< script language =" javascript" src =" NO JAVASCRIPT可以在这里使用 />
*语言属性已弃用
*需要type属性
*<<<<<脚本>
附录C禁止使用元素(如果作为text / html提供,将在IE中中断)
*您可以使用data:url方案将JavaScript放入src属性中。
浏览器支持相当弱。
//它给出错误,未终止的字符串文字
eval("< / script>< script language =''javascript''src =" + a +">");
你不能eval()HTML!
//如果使用它而不是eval,它也会给出与上面相同的错误
eval
//document.writeln("</script><script language =''javascript''
src =" + a +">");
< / script>结束元素,即使你引用它。
http://htmlhelp.com/tools/validator/...html.en#script
PS:请给我一封个人邮件,以cc回复
Now bcz
<script language="javascript" src="NO JAVASCRIPT CAN BE USED HERE" />
* The language attribute is deprecated
* The type attribute is required
* XHTML style self-closing syntax for <script> elements is forbidden by
Appendix C (and will break in IE if served as text/html)
* You can put JavaScript in the src attribute using the data: url scheme.
Browser support is rather weak though.
//It gives error, unterminated string literal
eval("</script><script language=''javascript'' src="+a+">");
You can''t eval() HTML!
//If this is used instead of eval, it also gives same error as above
eval
//document.writeln("</script><script language=''javascript''
src="+a+">");
</script> ends the element, even if you quote it.
http://htmlhelp.com/tools/validator/...html.en#script
PS: Pls drop me a personal mail too in cc of reply
这是usenet。问这里,请在这里阅读答案。
-
David Dorward< http://blog.dorward.me.uk/> < http://dorward.me.uk/>
Home是〜/ .bashrc的地方
This is usenet. Ask here, read the answer here.
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
David,
感谢您的回复!
所以没有办法动态关闭脚本标签?
我现在尝试这个
脚本
< script language =" javascript">
eval(" a =''http:// localhost / ws / getdojs / c896ec8408f27942fe4b85f033c3e3af?t = t001& u =''+ window .location.href");
alert(a);
document.writeln("& lt ; / script& gt;& lt; script language =''javascript''
src =" + a +"& gt;");
// eval(a);
< / script>
输出:
它只显示w / e写的在浏览器中,即关注
< / script>< script language =''javascript''
src = http:// localhost / ws / getdojs /c896ec8408f27942fe4b85f033c3e3af?t=t001&u=http://localhost:3000/client.html>
有为了这个... <
David,
Thanks for reply!
So there is no way to dynamically close to script tag?
I am tryg now this
SCRIPT
<script language="javascript">
eval("a=''http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u=''+window .location.href");
alert(a);
document.writeln("</script><script language=''javascript''
src="+a+">");
//eval(a);
</script>
Output:
It simply shows w/e written in browser i.e. following
</script><script language=''javascript''
src=http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u=http://localhost:3000/client.html>
There have to be some hack, for this ... ?
于2006年1月14日在comp.lang.javascript中写道 :
wrote on 14 jan 2006 in comp.lang.javascript:
< script language =" javascript">
type =''text / javascript''
eval(" a =''http:// localhost / ws / getdojs / c896ec8408f27942fe4b85f033c3e3af?t
= t001& u =''+ window.location.href");
为什么使用eval()???
a =''http:// localhost / ws / getdojs / c896ec8408f27942fe4b85f033c3e3af?t" ; +
''= t001& u =''+ window.location.href
给出相同的结果。
eval()是邪恶的!
eval("< / script>< script language =''javascript''src =" + a +" >");
<script language="javascript">
type=''text/javascript''
eval("a=''http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t
=t001&u=''+window.location.href");
Why do you use eval() ???
a=''http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t"+
''=t001&u='' + window.location.href
gives the same result.
eval() is evil!
eval("</script><script language=''javascript'' src="+a+">");
Eval()执行javascript,上面不是javascript。
建议:
1如果您没有使用eval()的经验,请不要使用它。
2如果您有经验,则不需要。
-
Evertjan。
荷兰。
(请将x''es更改为我的电子邮件地址中的点数)
Eval() executes javascript and the above is not javascript.
ADVICE:
1 If you are not experienced in using eval() DO NOT USE IT.
2 If you are experienced, you don''t need to.
--
Evertjan.
The Netherlands.
(Please change the x''es to dots in my emailaddress)
这篇关于使用完整的< script> eval中的标签是可能的吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!