In many browsers you can do something like this:
javascript: alert("...");
Is there any way to bine that with a url? I'm thinking of something like this:
: alert("...");
The effect would be that the javascript would be executed after the page is loaded (same effect as loading the URL and then entering the above javascript statement)
Edit: I can't use window.onload or anything like that because I don't necessarily own the page.
In many browsers you can do something like this:
javascript: alert("...");
Is there any way to bine that with a url? I'm thinking of something like this:
http://example.?javascript: alert("...");
The effect would be that the javascript would be executed after the page is loaded (same effect as loading the URL and then entering the above javascript statement)
Edit: I can't use window.onload or anything like that because I don't necessarily own the page.
Share Improve this question asked Jan 29, 2010 at 4:43 gamedevvgamedevv 3151 gold badge4 silver badges8 bronze badges4 Answers
Reset to default 9No you can't do that. If you could it would represent a security problem as you could run arbitrary Javascript on another domain's page, which is what XSS ("cross-site scripting") is all about.
Basically any Javascript that runs on the new page has to be on the new page.
Edit: The difference between executing Javascript on the current page and on some arbitrary other page is huge. On the current page, by definition you have access to it so you can run anything you want. There is no security risk inherent with that. But what if you could execute arbitrary code on another page?
It would allow you to do this:
- force the user to a banking Website;
- retrieve their cookie on that site (you can do that with JS); and
- redirect that user with to a malicious Website passing the cookie as a query parameter.
That's why you can't.
Why don't you do this
window.onload = function() {
alert("...");
};
in your new page?
Just to clarify:
A URL is not a link; it's a Uniform Resource Locator. When you ask for a "page", you're asking for a resource. That's why "http://mysite./myscript.cgi" can be a valid URL.
A Hyperlink (href) can be a URL, or a location (Anchor) somewhere on the current page, or some local script (not necessarily Javascript).
It sounds as if you're trying to attach some action to an existing page. You might consider framing it (in a FRAME or IFRAME) and put your script in the enclosing page.
You can do it as a bookmark...but not a url per-se.
Have a look at the links specified in http://supergenpass./