堆栈内存溢出
  简体   繁体   English

JavaScript - 是否可以在出错后强制执行代码?

[英]JavaScript - is it possible to force code execution after an error?

 原文  2011-07-14 12:28:26       javascript

问题描述

I'm trying to make a PoC of reflected Cross-Site Scripting on a website that I'm testing right now.我正在尝试在我现在正在测试的网站上制作反射跨站点脚本的 PoC。 I've found a place inside of a Javascript code where commands can be injected, however the trouble is that there the previous block of code throws a 'not defined' error and therefore (at least I think so) my injected code is not executed.我在 Javascript 代码中找到了一个可以注入命令的地方,但是问题是前面的代码块会引发“未定义”错误,因此(至少我认为是这样)我注入的代码没有被执行. Is there any chance to execute the code anyway?有没有机会执行代码?

Here is the code:这是代码:

UndefinedObject.Init({
  Var1:"a",
  Var2:"b",
  Var3:"can_be_injected_with_JS_code")}

I can't inject any HTML tags as these are filtered by the application.我无法注入任何 HTML 标签,因为这些标签已被应用程序过滤。

Many thanks!非常感谢!

4 个解决方案

解决方案1
 1  2011-07-14 12:30:51

Wrap them under try catch block.将它们包裹在 try catch 块下。

解决方案2
 1  2011-07-14 12:33:42

In a sequence of execution, if the code fails, the remaining part will not be executed.在一个执行序列中,如果代码失败,剩下的部分将不会被执行。 Javascript errors ("Exceptions") can be caught using try...catch (if you are able to inject this try - catch also).可以使用try...catch 捕获Javascript 错误(“异常”)(如果您能够注入此 try - catch 也可以)。

If there is a different flow (via another event), the code will continue.如果有不同的流程(通过另一个事件),代码将继续。

解决方案3
 1  2011-07-14 12:34:15

You can either try using a try-catch, or if that won't help, try using window.onerror您可以尝试使用 try-catch,或者如果这没有帮助,请尝试使用window.onerror

解决方案4
 1  2011-07-14 12:48:24

Generally the right way of doing that is using try-catch-finally or try-finally :通常正确的做法是使用try-catch-finallytry-finally

If you make something about the error - log or do something else.如果您对错误有所了解 - 记录或执行其他操作。 Catch may be also used to execute your code, but not a good practice. Catch 也可用于执行您的代码,但不是一个好习惯。 You can do nothing about the error if you want, that`s why finally is used.如果你愿意,你不能对错误做任何事情,这就是使用finally的原因。

Finally is used when it is important to execute a piece of code, no matter if an error is thrown or not. finally在执行一段代码很重要时使用,无论是否抛出错误。 For example in C++ or other language when you work with files inside finally the file is closed ( you can not leave it opened ).例如,在 C++ 或其他语言中,当您处理内部文件时,文件最终关闭(您不能将其打开)。 Look here for some examples.在这里查看一些示例。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JavaScript:带来顺序以强制执行代码后事件 - JavaScript: Bringing sequential order to force the execution of code AFTER Event 使用JavaScript错误强制执行PhantomJS - Force PhantomJS execution with JavaScript error 如何在用JavaScript输入后强制执行函数 - How to force function execution after input with JavaScript Javascript错误会停止代码执行 - Javascript error stops code execution 同步ajax后执行javascript代码 - Execution of javascript code after synchronous ajax javascript中的代码执行应该是一个接一个的 - Execution of code in javascript should be one after another Javascript:ajax错误后继续执行 - Javascript : Continue execution after ajax error 如何强制顺序Javascript执行? - How to force Sequential Javascript Execution? 是否可以在 JavaScript 的执行堆栈末尾放置一段代码 - Is it possible to put a piece of code at the end of execution stack in JavaScript 使用 CURL PHP 在 javascript 执行后获取 HTML 代码 - Get HTML code after javascript execution using CURL PHP
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM