Prev: HTML tags in textarea
Next: Find all event listeners on a link, including delegated listeners?
From: Ry Nohryb on 26 May 2010 13:08
I'm not sure if this is of any utility, but it seems that you can run
JS code -apparently at the global scope- by doing this:

location.href="javascript: alert(document.body.innerHTML);"

and the page won't be navigated away (as long as the result is ===
undefined). I've tried -evilnessly- to use it to bypass the SOP and
inject some code in an iframe, but it only works in Safari, and only
when the main page's protocol is file://.

I wonder if there's any useful application for this rather ugly thing.
--
Jorge.
From: David Mark on 26 May 2010 20:55
On May 26, 1:08 pm, Ry Nohryb <jo...(a)jorgechamorro.com> wrote:
> I'm not sure if this is of any utility, but it seems that you can run
> JS code -apparently at the global scope- by doing this:
>
> location.href="javascript: alert(document.body.innerHTML);"
>

No kidding. You can type it in the browser's address box as well. ;)
 | 
Pages: 1
Prev: HTML tags in textarea
Next: Find all event listeners on a link, including delegated listeners?