How to put a java script into value html

Question

How to put a java script into value html

Asked 6 years, 8 months ago

Viewed 1,162 times

0

I have some variable:

let variavel = x;

and I have the input:

<input type="text" value="">

There is a pure javascript way to take a variable or some javascript code and put html tags?

In this example it would look like this:

<input type="text" value="<script>variavel</script>">

I know that’s not how it works, but has a similar way of doing this with javascript? Thank you to whom to reply

1

that opens a giant door to XSS Attacks, no ?

– Alex

2018/03/01 at 21:22
I don’t even know...

– Francis Vagner da Luz

2018/03/01 at 21:22
See here

– Alex

2018/03/01 at 21:23
1

Maybe if I explained what you want to do with it, I could give an adequate answer

– Alex

2018/03/01 at 21:24

2 answers

1

Set an id for your html element

<input type="text" id="idUnico">
<script>
    var variavel = x;
    document.getElementById("idUnico").value = variavel;
</script>

If you are using jquery

<script>
    var variavel = x;
    $("#idUnico").val(variavel);
</script>

but this is not "putting javascript" inside the input as asked, but only the value of the variable

– Ricardo Pontual

2018/03/01 at 21:35
Candidate Response to Receive -1.

– Sam

2018/03/01 at 22:58

Browser other questions tagged javascript html

You are not signed in. Login or sign up in order to post.

by David Dias • **995** points · Answer 1 · 2018-03-01T21:37:53+00:00

Complementing the response of Mark:

For you to assign the value, you will use:

document.getElementById("idUnico").value = '<script>alert()</script>'

Already to read the value, you will use:

document.getElementById("idUnico").value

If it’s a function within value, I believe you’ll need to take it and inject it into HTML to make it available.

If your purpose is to make XSS, be more specific so we can respond more effectively.

I believe that this is not a good practice and may make it difficult to maintain its application.

I hope I’ve helped, but I believe there may be a more cohesive way to solve your problem, maybe explaining the context will help us help you.

EDIT1: The contents of the variable is a string, if you have problems using just pass the function or escape the characters. Note that value stores a string, not the JS function. An example of this, is that you could very well convert your function to Base64 and save in variable. In sequence, take the string and do the Decode to have the function cleared.