本文介绍了通过地址栏加载远程JavaScript文件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

是否可以从地址栏中加载远程JavaScript文件?

Is it possible to load remote JavaScript files from the address bar?

我一直试图将其放入地址栏中:

I have been trying to put this into the address bar:

javascript:src='http://depot.com/file.js';funcname();

我不是用它来处理坏事。我只是在测试我的网站,仅此而已。如果您想保护自己的网站,那么必须先学会攻击它,对吧?

I'm not using this for bad things. I'm just testing my site, that's all. If you wanted to protect your site you must learn to attack it first, right?

推荐答案

我想您应该可以做到以下内容:

I guess you should be able to do the following:

javascript:(function () {
  var newScript = document.createElement('script');
  newScript.type = 'text/javascript';
  newScript.src = 'http://depot.com/file.js';
  document.getElementsByTagName('body')[0].appendChild(newScript);
})();

这是一个非常有用的示例(将此粘贴在地址栏中):

Here's a very useful example (paste this in your address bar):

javascript:(function () {
  var newScript = document.createElement('script');
  newScript.type = 'text/javascript';
  newScript.src = 'http://cornify.com/js/cornify.js';
  document.getElementsByTagName('body')[0].appendChild(newScript);

  for (var i = 0; i < 5; i++) {
    newScript = document.createElement('script');
    newScript.type = 'text/javascript';
    newScript.src = 'http://cornify.com/js/cornify_run.js';
    document.getElementsByTagName('body')[0].appendChild(newScript);
  }
})();

Voila:

实际上,这就是将远程脚本包含在其书签中。

In fact, this is how cornify.com is including the remote scripts in their bookmarklet.

更新:

为,调用远程脚本中定义的函数并不是那么简单。 Ben为这个问题提出了一种解决方案,但还有另一种解决方案,即玉米粉正在使用的解决方案。如果您查看 http://cornify.com/js/cornify_run.js ,您会发现该文件中只有一个函数调用。您可以像cornify一样将 funcname()调用放在一个单独的JavaScript文件中,因为可以保证脚本块按插入顺序执行。然后,您必须同时包含两个脚本,如以下示例所示:

As @Ben noted in the other answer, it's not that straightforward to call a function defined in your remote script. Ben suggests one solution to this problem, but there is also another solution, the one that cornify are using. If you check out http://cornify.com/js/cornify_run.js you'll see that there's just one function call in that file. You could place your funcname() call in a separate JavaScript file, as cornify are doing, because script blocks are guaranteed to be executed in the order they are inserted. Then you'd have to include both scripts, as in the following example:

javascript:(function () {
  var newScript = document.createElement('script');
  newScript.type = 'text/javascript';
  newScript.src = 'http://depot.com/file.js';
  document.getElementsByTagName('body')[0].appendChild(newScript);

  newScript = document.createElement('script');
  newScript.type = 'text/javascript';
  newScript.src = 'http://depot.com/file_run.js';
  document.getElementsByTagName('body')[0].appendChild(newScript);
})();

其中 file_run.js 仅包含一个调用 funcname()

这篇关于通过地址栏加载远程JavaScript文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-03 04:51