document.write script errors

[robert.waters]

Hello,
When the following page is executed in IE6, it generates script errors
('object expected') for any function that is declared in an external
..js file. Why is this???? This code works in Firefox 1.07 and 1.5.
(The following code, when the body's onload event is triggered, simply
rewrites the page using documentElement.innerHTML)

//------------test.html--------------------
<html>
<head>
<script src="script.js"></script>
<script type="text/javascript">
function rewritePage(){
alert('rewriting the page');
document.write(document.documentElement.innerHTML);
}
</script>
</head>
<body onload="rewritePage();">
generate a script error with document.write
<script type="text/javascript">
isScriptWorking(); // from script.js
</script>
</body>
</html>
//---------script.js-------------
function isScriptWorking() {
alert('script is working');
}

How can I get around this, if this is the method that I have to use?

 

[Aaron Gray]

document.write(document.documentElement.innerHTML);

Are you trying to make the page eat itself ?

This could be tricky

Aaron

 

[RobG]

Hello,
When the following page is executed in IE6, it generates script errors
('object expected') for any function that is declared in an external
.js file. Why is this???? This code works in Firefox 1.07 and 1.5.
(The following code, when the body's onload event is triggered, simply
rewrites the page using documentElement.innerHTML)

There is no public specification for what innerHTML should do or how it
should do it - so whatever it does is whatever it does and browsers will
vary in that.

For the record, on my machine your page loads twice in Firefox before it
becomes comatose, IE re-loads the page once.


[...]

How can I get around this, if this is the method that I have to use?

Explain what you are trying to achieve and suggestions may be posted...
or not. Why you need to suck the HTML out of a document then simply
write it back again plumb evades me.

It has consequences such as you loss of the DOCTYPE, resulting in an
invalid document and it may cause IE (and perhaps other browsers) to
treat the page differently.

 

[robert.waters]

I see your (doctype/html root element) point - in my particular case, I
am actually using the xmlhttp activex object to slurp the page (for
IE); I tried to use an example that would mirror the effect w/o
displaying a client's code on a public forum.
I am performing a web app vulnerability test; this application has a
semi-public front-end, so input is filtered pretty heavily. I have
already bypassed the filters that disallow scripting of any kind, but
it is rather obvious upon viewing the page source using a browser.
I would like to show that evidence of this type of behaviour can be
further obfuscated: I am attempting, when the body's onload event is
triggered, to use a regex to remove the messy code that I have been
able to inject, and place innocuous-looking payload code elsewhere in
the document.
It works splendidly, except for the case that I'm illustrating.

Thank you for your help,
Robert

 

[VK]

I see your (doctype/html root element) point - in my particular case, I
am actually using the xmlhttp activex object to slurp the page (for
IE); I tried to use an example that would mirror the effect w/o
displaying a client's code on a public forum.
I am performing a web app vulnerability test; this application has a
semi-public front-end, so input is filtered pretty heavily. I have
already bypassed the filters that disallow scripting of any kind, but
it is rather obvious upon viewing the page source using a browser.
I would like to show that evidence of this type of behaviour can be
further obfuscated: I am attempting, when the body's onload event is
triggered, to use a regex to remove the messy code that I have been
able to inject, and place innocuous-looking payload code elsewhere in
the document.
It works splendidly, except for the case that I'm illustrating.

My posts (VK) here should explain you the situation:
<http://groups.google.com/group/comp..._frm/thread/c56aa6ddf79cccf4/eb6a361cb59f6b4d>