0

I have a link in an email which performs some kind of validation check. I would like to call a Javascript function when this link is clicked. This Javascript function will then perform some ajax call to a php script which performs the actual action (updating stuff in a database).

I would like to know if this poses any security concerns? Is this something that can be done anyway ?(because I'm inside an email, not on the actual website)

Please let me know your thoughts

user765368
  • 19,590
  • 27
  • 96
  • 167
  • 2
    Generally speaking, email reader doesn't support javascript https://stackoverflow.com/a/3054327/6126481 The closest thing you could do is put a link in the email then execute the javascript on the linked page. – Jordan Daigle Jan 24 '20 at 00:40
  • 4
    Literally every email client either doesn't support js or strips it. – CrayonViolent Jan 24 '20 at 00:40

1 Answers1

3

Email readers strip out javascript from the contents so I'm afraid you just can't. You could approach this problem in another way though. For example the link in your email could go on a page on your website which do all the required tasks. As for the values you need to check/pass you can append those to the url, of course they'll be visible.

Jazzpaths
  • 645
  • 5
  • 9