howa said:
e.g.
<div id="test">
test
</div>
<script>
document.getElementById("test").innerHTML
='<script>alert(1);</sc'+'ript>';
</script>
how to make the code run at the DIV - test ?
There has just been an extensive thread on this very subject, although
the title may not indicate it:
<URL:
http://groups.google.com.au/group/c...42490c301de/f97dcd8d723274f7#f97dcd8d723274f7>
Essentially the most cross-browser way is to strip out the script
elements and eval their content. There are other (possibly better)
methods that may become viable in the future, but for now eval() seems
to be the best bet.
Note that it may have unexpected effects on the scope of declared
variables, ensure you understand what they are before doing anything
non-trivial.
You might like to try the FORK library's Mutate function which does
most of the hard work for you:
<URL:
http://forkjavascript.org/ >
<script type="text/javascript" src="mutate.js"></script>
<div id="test">test</div>
<script type="text/javascript">
FORK.Mutate.insertBottom(
'test',
'<script type="text/javascript">alert(1);<\/script>'
);
</script>