[英]cross-site scripting
I have a javascript that sits on my server. 我的服务器上有一个JavaScript。 I want to provide my visitors with javascript code that they can place on their servers in the way that Google Analytics does it.
我想向访问者提供可以以Google Analytics(分析)的方式放置在服务器上的javascript代码。 For example:
例如:
<script type="text/javascript" src="http://www.somedomain.com/script/script.js?id=2001102"></script>
I got everything working up to the point where I need to grab the id. 我已经完成所有工作,直到需要获取ID。 I'm just not sure what to use for that.
我只是不确定该用什么。
I tried both location.href and location.search, but that gives me url + param of the file where the script is embeded, not "script.js?id=XSOMEIDX" 我同时尝试了location.href和location.search,但这使我获得了嵌入脚本的文件的url + param,而不是“ script.js?id = XSOMEIDX”
In script.js I have the following: 在script.js中,我具有以下内容:
function requestContent() {
var script = document.createElement("script");
script.src = "http://www.somedomain.com/script/xss_script.php?id="I WANT TO INPUT ID HERE+"&url="+location.href;
document.getElementsByTagName("head")[0].appendChild(script);
} }
Any how I can take id=XSOMEIDX and put it in xss_script.php?id= ? 有什么方法可以让id = XSOMEIDX放入xss_script.php?id =吗?
Thanks in advance! 提前致谢!
You can use URL rewritting to take id=XSOMEIDX and put it in xss_script.php?id= 您可以使用URL重写将id = XSOMEIDX放入xss_script.php?id =
A mod rewrite rule doing it would look like this : 一个mod重写规则将如下所示:
RewriteRule ^/scripts/([a-zA-Z0-0]+)/script.js$ /scripts/script.php?id=$1
This way you could simply ask the people to include yoursite.com/scripts/{id}/scripts.js 这样,您可以简单地要求人们包括yoursite.com/scripts/{id}/scripts.js
how about setting up the external script tag with a certain attribute? 如何设置具有特定属性的外部脚本标签?
<script data-my-script="my_value" type="text/javascript" src="http://www.somedomain.com/script/script.js?id=2001102"></script>
in modern browsers you can then do 在现代浏览器中,您可以执行
var scripts = document.querySelectorAll("script[src][data-my-script]");
$.each(scripts, function(i, script) { console.log(script.src); });
and iterate over the nodeList... 并遍历nodeList ...
NOTE: querySelectorAll is not working cross-browser NOTE: querySelectorAll is returning an array-like object 注意:querySelectorAll无法跨浏览器工作注意:querySelectorAll返回类似数组的对象
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.