<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>伪造Ajax</title>
</head>
<body> <input type="text">
<form id="f1" action="/fakeajax/" method="post" target="ifr">
<iframe name="ifr" id="ifr"></iframe>
{# 当iframe加载时,也就是有返回值的时候 执行loadiframe() 模拟回调函数#}
<input name="user" type="text">
<a onclick="submit_form()">提交 </a>
</form>
</body>
<script>
function submit_form() {
document.getElementById('f1').submit()
document.getElementById('ifr').onload=loadiframe#绑定事件
}
function loadiframe() {
var return_values=document.getElementById('ifr').contentWindow.document.body.innerHTML
console.log(return_values)
}
</script>
</html>

iframe提交数据

要用ID去找不然前台报错

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body> <form id="f1" action="/fakeajax" method="post" target="ifr">
{% csrf_token %}
<iframe name="ifr" id="iframe"></iframe>
<input name="user" type="text">
<a onclick="submit_form()">提交</a>
</form> <script>
function submit_form() {
document.getElementById('f1').submit()
document.getElementById('iframe').onload=loadiframe
}
function loadiframe() {
var return_values=this.contentWindow.document.body.innerHTML
var obj = JSON.parse(return_values)
if(obj.status){ alert(obj.status);
}
}
</script> </body>
</html>

详细:https://www.cnblogs.com/sss4/p/7137032.html

05-06 07:27