How to run a javascript code from the site url

Asked

Viewed 1,134 times

1

Hello, all right? I was wondering if someone could help me with something on my series site.

It has no pages, or posts, ie: everything is done from the home page.

To open a series, I use the code:

Abrir_Serie('exemplocode');

And what I wanted to do is kind of:

http://meusite.com/Abrir_Serie('exemplocode');

and automatically the code after the url would run...

But I don’t know how to do it

  • Want a way to run code past the URL? For example: http://meusite.com/Abrir_Serie('alert("foo");');? This is dangerous in terms of safety. In what situation do you think/need to use this technique?

  • If you allow the insertion of scripts by the URL, someone may force your site to execute scripts for other purposes (XSS). However, it is difficult this type of "loophole" to have any utility for anyone who is tempting to attack your site, since the script will not be part of a page content, and will not be displayed to other users.

  • But you do not need to accept and run scripts from the URL, just take only the parameter that you intend to use in this "Open_serie" function. Ex: meusite.com? serie=exemplocode

1 answer

3


Well, you can use hashs in your url, which would be given after the # url.

If your url is for example http://meusite.com.br/home#serie/test , you can take the test value to use in your function as follows:

if(location.hash.search("serie") > -1){
    var serie = location.hash.split("#serie/")[1];
    Abrir_Serie(serie); //valor da variavel serie vai ser igual a teste
}

That way your site wouldn’t be vulnerable to malicious script injection.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.