admin管理员组文章数量:1431692
Is it possible in some way to hack the behaviour of window.location.replace, to fire a JavaScript function (let's say alert) instead of making the user go to the new location?
I'll give you the example, let's say we have this function:
setTimeout(function(){ window.location.replace("#SOMETHING_HERE#"); }, 900);
this is fired when a user clicks on a specific button; the #SOMETHING_HERE# is a placeholder, the administrator can put there a URL via a configuration panel.
Now, we all know clients are weird, and mine has just asked me to find a way to fire a JavaScript instead of redirect the user, well, I'm stuck. Of course I should modify the function bound to the button, but actually I have no access to the code and the only entry point is that panel I've mentioned before, I can only change the value of #SOMETHING_HERE#.
Do someone has some clues on how I could for example fire an alert("foo"); ? is that possible in some way?
the answer could be also "NO" and I'll simply say them that we have to find a way to change that code.
Is it possible in some way to hack the behaviour of window.location.replace, to fire a JavaScript function (let's say alert) instead of making the user go to the new location?
I'll give you the example, let's say we have this function:
setTimeout(function(){ window.location.replace("#SOMETHING_HERE#"); }, 900);
this is fired when a user clicks on a specific button; the #SOMETHING_HERE# is a placeholder, the administrator can put there a URL via a configuration panel.
Now, we all know clients are weird, and mine has just asked me to find a way to fire a JavaScript instead of redirect the user, well, I'm stuck. Of course I should modify the function bound to the button, but actually I have no access to the code and the only entry point is that panel I've mentioned before, I can only change the value of #SOMETHING_HERE#.
Do someone has some clues on how I could for example fire an alert("foo"); ? is that possible in some way?
the answer could be also "NO" and I'll simply say them that we have to find a way to change that code.
Share Improve this question edited Feb 2, 2016 at 14:02 James Thorpe 32.2k6 gold badges75 silver badges94 bronze badges asked Feb 2, 2016 at 13:49 Matteo Bononi 'peorthyr'Matteo Bononi 'peorthyr' 2,2208 gold badges49 silver badges98 bronze badges 8-
4
If its validation is crappy, try
"); alert("whatever– alex Commented Feb 2, 2016 at 13:52 - 1 en.wikipedia/wiki/Bookmarklet – Kaiido Commented Feb 2, 2016 at 13:53
- Client is not being weird here since I don't think client would have asked you to use ocation.replace at first place. Why can't you invoke location.replace conditionaly? – gurvinder372 Commented Feb 2, 2016 at 13:54
- the code isn't mine and I don't know the workflow and decisions taken when it was first written :( – Matteo Bononi 'peorthyr' Commented Feb 2, 2016 at 13:56
- 1 LOL the only real solution is to inject javascript through a "we-are-lucky-this-allows-xss!" control panel (the first ment here on top)... WOW. Tell client that this is what happens when you don't have a budget for a web application. Hacks will get you nowhere and this is a maintenance nightmare. – Sharky Commented Feb 2, 2016 at 13:58
1 Answer
Reset to default 8You can prefix your string with javascript::
setTimeout(function(){ window.location.replace("javascript:alert('hello world!')"); }, 900);
This works because the spec for location.replace ends up at the definition for "navigate", which says:
- This is the step that attempts to obtain the resource, if necessary. Jump to the first appropriate substep:
...
If the new resource is a URL whose scheme is javascript
Queue a task to run these "javascript: URL" steps, associated with the active document of the browsing context being navigated:
本文标签:
版权声明:本文标题:jquery - Hack the behaviour of window.location.replace, use a javascript instead of URL - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745592385a2665276.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论