-1

I am currently learning some web programming related stuff. I'm a little confused on how I insert some javascript into say a random URL. I'm trying to insert an alert message with an echo payload so I couldn't do javascript:alert("testtestesttest"); which will work.

Should this not work? 

echo?payload=javascript:alert("test");

I am using an older version of my browser so that javascript execution is possible. But for some reason javascript:alert("test"); works by itself but when i add it onto the end of the url with the echo payload it's just echoing the text after the payload.

EDIT: I have found my solution. Sorry.

Adrian Mole
  • 49,934
  • 160
  • 51
  • 83
Dgwrigh58
  • 1
  • 1
  • 3
  • This doesn't seem like a pattern I'd use. What are you trying to achieve? – GalAbra Apr 11 '20 at 08:14
  • I'm trying to echo back an alert window. – Dgwrigh58 Apr 11 '20 at 08:16
  • Why don't you just call the `alert` from your code, rather than its URL? – GalAbra Apr 11 '20 at 08:17
  • I need to create a URL in such a way that the alert will pup up. – Dgwrigh58 Apr 11 '20 at 08:19
  • 1
    Like the answer in the linked question by @bravemaster says: It's not possible. You can't directly run Javascript from an URL. If you edit your question and tell us _why_ you need this, we might be able to provide you with another solution. Otherwise the answer will remain the same. – icecub Apr 11 '20 at 08:21
  • Please don't make more work for other people by vandalizing your posts. By posting on the Stack Exchange network, you've granted a non-revocable right, under the [CC BY-SA 4.0 license](//creativecommons.org/licenses/by-sa/4.0/), for Stack Exchange to distribute that content (i.e. regardless of your future choices). By Stack Exchange policy, the non-vandalized version of the post is the one which is distributed. Thus, any vandalism will be reverted. If you want to know more about deleting a post please see: [How does deleting work?](//meta.stackexchange.com/q/5221) – Adrian Mole Apr 11 '20 at 09:50

2 Answers2

-1

you can do it ) of course everything is possible! Not sure modern browsers will allow this request. Need to check. Buth this approach is usafe from the user prospective.

Imagine that somewone will put tricky code and use your site domain as trusted and will send a spam using this link.

Hey bro here is discount you can get! https://someknownSite.com?javascript::getyourpasswordcode

Serg Shevchenko
  • 662
  • 1
  • 5
  • 21
  • This is not true. If I wanted to run some "evil" javascript on my website, I wouldn't need to use a hyperlink to do it. Besides that, Javascript is client side and doesn't have access to the user's file system. There's really not much "evil" you can do with it. – icecub Apr 11 '20 at 08:28
  • This is what i'm trying to do. I am using an old browser so executing javascript is possible. – Dgwrigh58 Apr 11 '20 at 08:28
-1

Then why do you want to make this happen via URL? Let say you have a page, called "myAlert.php". So what you can do is, you can write a script on this page, which will simply show the alert when somebody with this URL will access this.

Or you can also, write a simple condition that when a request has been made to this URL, you can show the alert box.

But If you are trying to insert the javascript in the URL and expecting the result then it's not possible. Because modern browsers won't let you run a script as the "< >" symbols will be changed.

himanshu
  • 95
  • 1
  • 9