如何在IE 8上向页面注入javascript? [英] How do I inject javascript to a page on IE 8?
问题描述
让我们假设我有以下标记:
Lets suppose that I have the following markup:
<div id="placeHolder"></div>
我有一个JavaScript变量 jsVar
那个包含一些标记和一些JavaScript。
and I have a JavaScript variable jsVar
that contains some markup and some JavaScript.
通过使用Mootools 1.1,我可以将JavaScript内容注入占位符,如下所示:
By using Mootools 1.1 I can inject the JavaScript content into the placeholder like this:
$('placeHolder').setHTML(jsVar);
这适用于Firefox,Opera甚至Safari,结果标记如下:
This works in Firefox, Opera, and even Safari and the resulting markup looks like this:
<div id="placeHolder">
<strong>I was injected</strong>
<script type="text/javascript">
alert("I was injected too!");
</script>
</div>
然而,在IE 8上我得到以下内容:
However, on IE 8 I get the following:
<div id="placeHolder">
<strong>I was injected</strong>
</div>
有没有办法在IE 8上注入JavaScript或安全模型是否禁止我执行此操作完全没有?
Is there any way to inject the JavaScript on IE 8 or does it security model forbid me from doing this at all?
我试过Luca Matteis建议使用
I tried Luca Matteis' suggestion of using
document.getElementById("placeHolder").innerHTML = jsVar;
而不是MooTools代码,我得到相同的结果。这不是MooTools问题。
instead of the MooTools code and I get the same result. This is not a MooTools issue.
推荐答案
这 MSDN帖子专门解决了如何使用innerHTML将javascript插入页面。你是对的:IE确实认为这是一个安全问题,所以要求你跳过某些环节来注入脚本...大概黑客可以读取这个MSDN帖子我们可以,所以我不知道为什么MS认为这个额外的间接层安全,但我离题了。
This MSDN post specifically addresses how to use innerHTML to insert javascript into a page. You are right: IE does consider this a security issue, so requires you to jump through certain hoops to get the script injected... presumably hackers can read this MSDN post as well as we can, so I'm at a loss as to why MS considers this extra layer of indirection "secure", but I digress.
来自MSDN文章:
<HTML>
<SCRIPT>
function insertScript(){
var sHTML="<input type=button onclick=" + "go2()" + " value='Click Me'><BR>";
var sScript="<SCRIPT DEFER>";
sScript = sScript + "function go2(){ alert('Hello from inserted script.') }";
sScript = sScript + "</SCRIPT" + ">";
ScriptDiv.innerHTML = sHTML + sScript;
}
</SCRIPT>
<BODY onload="insertScript();">
<DIV ID="ScriptDiv"></DIV>
</BODY>
</HTML>
如果可能,您可能希望考虑使用 document.write
注入脚本加载标记以提高安全性并减少跨浏览器的不兼容性。我知道这可能是不可能的,但值得考虑。
If at all possible, you may wish to consider using a document.write
injected script loading tag to increase security and reduce cross-browser incompatibility. I understand this may not be possible, but it's worth considering.
这篇关于如何在IE 8上向页面注入javascript?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!