4

Alright... I've been searching for an hour now... How does one get the innerHTML of a script tag? Here is what I've been working on...

<script type="text/javascript" src="http://www.google.com" id="externalScript"></script>
<script type="text/javascript">
function getSource()
 {document.getElementById('externalScript').innerHTML;
  }
</script>

I've been trying to work on a way to call another domain's page source with the script tag. I've seen a working example, but cannot find it for the life of me...

Yoshiyahu
  • 41
  • 1
  • 2
  • Do you want to have an `iframe`? The first line of your code is definitely not right... ` – Felix Kling Nov 08 '10 at 23:22
  • I do not think that you can use id attribute with script tag, at least w3schools say that script does not support any standard attributes http://www.w3schools.com/tags/tag_script.asp – Olga Jan 20 '12 at 08:58
  • @Olga I have been told several times not to refer to W3schools.com due to lack of credibility and security. – CMS_95 Oct 28 '13 at 12:52
  • @CS_STEM I guess I was mislead myself =) http://www.w3.org/html/wg/drafts/html/master/scripting-1.html#the-script-element according to spec, global attributes are ok at least in html5. But I'd still wouldn't want to tie my scripts (javascripts) to tags (script tag) via id, it will proove inconvinient when you need to move this or that. – Olga Oct 28 '13 at 13:37
  • @Olga I should have said do not refer to it on stack overflow because some people don't like it for reasons but I would still encourage using it for quick tag references and code snippets because some times it is helpful. – CMS_95 Oct 31 '13 at 00:06

5 Answers5

3

You can't do that. There is no innerHTML....all you can do is pull down the file view XMLHttpRequest to get to its contents....but of course, that is limited by same-origin policy, but script tags are not. Sorry.

rob
  • 9,933
  • 7
  • 42
  • 73
  • You *can* get the contents of some script tags, just not those from other domains. – Pointy Nov 08 '10 at 23:25
  • Pointy, I'm not aware of how you can get their contents, except via XMLHttpRequest. Can you elaborate? – rob Nov 08 '10 at 23:29
  • You can use `.innerHTML` on a plain script tag, but maybe only if the content is inline - I'd have to play with it but I know it's possible - see the jQuery template stuff for example. – Pointy Nov 08 '10 at 23:36
  • 2
    Ok, yeah on an inline script tag you can. – rob Nov 09 '10 at 02:16
0

I'm guessing you want one of two things:

  1. To make a JavaScript file global (so that other pages can call it)

  2. To get the script that is currently in the file

Both of those can be solved by moving your script to a .js file, and then using the tag

<script src="[path-to-file]"></script>
ilarsona
  • 436
  • 4
  • 13
0

actually, there is a way to get the content, but it depends on the remote server letting you get the file without valid headers and still fails a lot of the time just because of those settings. using jQuery since it's the end of my day and I'm out the door....

$.get($('#externalScript').attr('src'), function(data) {
    alert(data);
});
FatherStorm
  • 7,133
  • 1
  • 21
  • 27
  • 1
    I don't see how this could work - to the best of my knowledge, using $.get is susceptible to the same-origin policy just like anything else, which is exactly what the OP is trying to circumvent. – nitwit Dec 18 '11 at 15:42
-1

You can't do this. It would be a massive security problem if you could.

Script content can include any number of things. Consider this: a script loaded from a URL on your bank's website might contain all sorts of things, like your account number, your balance, and other personal information. That script would be loaded by your bank's normal pages to do what they want to do.

Now, I'm an evil hacker, and I suspect you may be a customer of Biggo Bank. So on one of my own pages, I include a <script> tag for that Biggo Bank script. The script may only load if there's a valid Biggo Bank session cookie, but what if there is? What if you visit my hacker site while you're logged in to Biggo Bank in another browser tab? Now my own JavaScript code can read the contents of that script, and your money is now mine :)

Pointy
  • 405,095
  • 59
  • 585
  • 614
  • 1
    Curious...how is that a security problem? You can run scripts from other domains....why would it be a problem to be able to read them in as a string and do stuff? (FWIW I'm not challenging you, I'm genuinely curious) – rob Nov 08 '10 at 23:31
  • 1
    Because it's always possible that a script could contain sensitive information. It may not be just simple Javascript - the server may have generated it dynamically. – Pointy Nov 08 '10 at 23:34
  • However there isn't a security problem with reading your OWN domain's externally referenced script files. That is a case that surely should be allowed. – csuwldcat May 24 '11 at 20:18
  • 1
    -1 a simple statement like this without further explanation is not very helpful. And I honestly don't see where the security problem is (we're just talking about reading the content of a tag, not running anything). – Christophe Jul 07 '12 at 19:13
  • 1
    If the script from another server contains sensitive data about the visitor on your page (say your dynamically generated password), you could potentially load that script on your website and capture that data without the visitor knowing (the data in the third-party script would be generated for that visitor, since it's their session it will be using.) – Kevin Lamping Sep 28 '12 at 03:10
  • @Christophe there's no telling what might be embedded in a ` – Pointy Sep 28 '12 at 04:02
  • @Pointy thx for the clarification. Trying to take my downvote back but it won't let me... – Christophe Sep 28 '12 at 05:32
  • @Christophe don't worry about it :-) – Pointy Sep 28 '12 at 13:36
-2

You can Use Html Parsers:

jsoup » jsoup: Java HTML Parser jsoup: Java HTML Parser

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods.

refer this: http://jsoup.org/

Dgan
  • 10,077
  • 1
  • 29
  • 51