Executing JS code @ location.href

R

Ry Nohryb

I'm not sure if this is of any utility, but it seems that you can run
JS code -apparently at the global scope- by doing this:

location.href="javascript: alert(document.body.innerHTML);"

and the page won't be navigated away (as long as the result is ===
undefined). I've tried -evilnessly- to use it to bypass the SOP and
inject some code in an iframe, but it only works in Safari, and only
when the main page's protocol is file://.

I wonder if there's any useful application for this rather ugly thing.
 
D

David Mark

I'm not sure if this is of any utility, but it seems that you can run
JS code -apparently at the global scope- by doing this:

location.href="javascript: alert(document.body.innerHTML);"

No kidding. You can type it in the browser's address box as well. ;)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top