如何执行<script> tag coming in AJAX call, without making any change in client side JS
[英]How to to execute <script> tag coming in AJAX call, without making any change in client side JS
问题描述
[
{
"Book ID": "1",
"Book Name": "UNIX **<script type='text/javascript'>alert('test')</script>**",
"Category": "Computers",
"Price": "113"
},
{
"Book ID": "2",
"Book Name": "Book two",
"Category": "Programming",
"Price": "562"
}
]
This is the JSON I am sending via API I am sharing with multiple people. 
这是我通过API发送的JSON,我与多个人共享。 When I parse the JSON using JavaScript, <script> tag is not executed. 当我使用JavaScript解析JSON时,不会执行<script>标记。 What are the modification should I make in the JS injected into JSON so that <script> tag will be executed without doing any extra work at client side JS. 我应该对注入JSON的JS进行哪些修改,以便在不对客户端JS进行任何额外工作的情况下执行<script>标记。 Is it possible? 可能吗?
2 个解决方案
解决方案1
0 2017-02-09 09:34:40
It is not possible. 这不可能。
If the techniques you are using to insert that code into the document do not trigger the JS, than changing what you are inserting won't fix that. 如果您用于将代码插入文档中的技术没有触发JS,那么更改您要插入的内容将无法解决该问题。
解决方案2
0 2017-02-09 09:36:26
You have two options: 您有两种选择:
Find a flaw in the client page and exploit it, for example, if the client js get's the API answer and prints it in a <label> tag unsanitized, you could send something like </label><script>alert(1)</script><label> so your script would close the label, inject your script and open it again. 在客户端页面中找到一个漏洞并加以利用,例如,如果客户端js得到了API答案并在未经过消毒的<label>标签中打印出来,则可以发送</label><script>alert(1)</script><label>因此您的脚本将关闭标签,注入脚本并再次将其打开。
Or you could do a minimal modification in clientside and get the object from API as this: 或者,您可以在客户端进行最少的修改,然后从API获取对象,如下所示:
{
"Book ID": "1",
"Book Name": "UNIX",
"script": "alert('test')",
"Category": "Computers",
"Price": "113"
},
And then, in clientside run it with: 然后,在客户端运行:
Function(obj.script)();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.