javascript - Content not appear in body -


i have file a.html, has following content:

<script> var x=document.url.substring(document.url.indexof('#')+1); document.write(x);   alert(document.body.innerhtml); </script> <body>  </body>

when browsing a.html#somevalueh;alert(1)</script>, why "somevalueh;alert(1)" not </script> portion appeared inside body?

i using chrome btw.

this happening because </script> tag has special meaning browser , has opening tag, silently droping it.

try escaping url hint this: 

<script> var x=document.url.substring(document.url.indexof('#')+1); document.write(escape(x));   alert(document.body.innerhtml); </script> <body>  </body>

this give output: 

somevalueh%3balert%281%29%3c/script%3e

escaping special characters.

update:
may want try this. using html change somevalueh;alert(1)</script> somevalueh;<script>alert(1)</script>

and inspect page, must see <script></script> in body tag.


Comments

Post a Comment

Popular posts from this blog

How to group boxplot outliers in gnuplot -

i have large set of data points. try plot them boxplot, of outliers exact same value , represented on line beside each other. found how set horizontal distance between outliers in gnuplot boxplot , doesn't much, apparently not possible. is possible group outliers together, print 1 point , print number in brackets beside indicate how many points there are? think make more readable in graph. for information, have 3 boxplots 1 x value , times 6 in 1 graph. using gnuplot 5 , played around pointsize, doesn't reduce distance anymore. hope can help! edit: set terminal pdf set output 'dat.pdf' file0 = 'dat1.dat' file1 = 'dat2.dat' file2 = 'dat3.dat' set pointsize 0.2 set notitle set xlabel 'x' set ylabel 'y' header = system('head -1 '.file0); n = words(header) set xtics ('' 1) set [i=1:n] xtics add (word(header, i) i) set style data boxplot plot file0 using (1-0.25):1:(0.2) boxplot lw 2 lc rgb '#8b0000...
Read more

cakephp - simple blog with croogo -

i not problem, made simple blog in croogo, problem is not adding or modifying or delete, because arabic language ?? function add in controller `public function admin_add() { $this->set('title_for_layout', __('add part')); if (!empty($this->request->data)) { $this->part->create(); if ($this->part->save($this->request->data)) { $this->session->setflash(__('the part has been saved'), 'default', array('class' => 'success')); $this->redirect(array('action' => 'index'));//, $this->part->id)); } else { $this->session->setflash(__('the part not saved. please, try again.'), 'default', array('class' => 'error')); } } }` => model `class part extends appmodel { public $name = 'part'; var $belongst...
Read more