使用第三方Javascript 执行文档的Javascript 功能?
[英]Executing document's Javascript function by using third-party Javascript?
问题描述
Say I have localhost/site/index.php with one Javascript function and one button:
假设我有一个 localhost/site/index.php 和一个 Javascript 函数和一个按钮:
<html>
<head>
<meta charset="utf-8" />
<title>Page Title</title>
<script type="text/javascript">
function my_function(){
alert('Hello eveeryone!');
}
</script>
</head>
<body>
<button type="button" onclick="my_function();" />Here is my button</button>
</body>
</html>
Is there a way to execute my_function() without clicking button - by using some kind of bookmarklet or similar kind of in-browser residing Javascript or anything else that not implies clicking on button-default interacting with document's Javascript?有没有办法在不单击按钮的情况下执行my_function() - 通过使用某种书签或类似的浏览器内驻留 Javascript或其他任何不暗示单击按钮默认与文档的 Javascript 交互的东西?
EDIT: Better explanation of problem: can I use localhost/site/script.php to trigger above mentioned my_function that resides in localhost/site/index.php?编辑:更好地解释问题:我可以使用 localhost/site/script.php 来触发上面提到的驻留在 localhost/site/index.php 中的 my_function 吗?
3 个解决方案
解决方案1
0 2012-09-29 18:31:58
您可以使用主体onload功能:
<body onload="my_function();">
解决方案2
0 2012-09-29 18:32:45
You can use jQuery trigger.您可以使用 jQuery 触发器。
$('button').trigger('click')
The button's onclick handler gets called.按钮的 onclick 处理程序被调用。 (Actually ALL buttons' onclick handlers are called. So maybe make a class or id for the specific button to target it) (实际上所有按钮的 onclick 处理程序都被调用。所以可能为特定按钮创建一个类或 id 来定位它)
解决方案3
0 2012-09-29 18:33:15
I'm assuming that the web page is not yours so you can't modify it directly.我假设该网页不是您的,因此您无法直接修改它。 So, if you have a way of executing javascript in the context of the page (bookmarklet or plug-in or something like that) and you know what the name of the click handler function is, then you can just execute the click handler directly with:因此,如果您有一种在页面上下文中执行 javascript 的方法(书签或插件或类似的东西)并且您知道点击处理程序函数的名称,那么您可以直接执行点击处理程序:
my_function()
EDIT: because now it appears from comments that you are actually asking a question about the security of your own web page.编辑:因为现在从评论中看来,您实际上是在询问有关您自己网页安全性的问题。
You cannot prevent the execution of javascript functions in your own web page.您无法阻止在您自己的网页中执行 javascript 函数。 There are numerous ways for people to inject code into your page from their own browser that can call anything in your web page that is globally accessible.人们可以通过多种方式从他们自己的浏览器中将代码注入您的页面,这些方式可以调用您网页中可全局访问的任何内容。 You cannot prevent that.你无法阻止。 It's possible to make it more difficult to directly call event handlers, but this just makes it slightly more work, but does not prevent it.可能会使直接调用事件处理程序变得更加困难,但这只会使其工作稍微多一些,但并不能阻止它。
Security MUST be implemented on your server - it cannot be implemented in a web page.安全性必须在您的服务器上实现 - 它不能在网页中实现。 A browser client web page is NOT a secure environment.浏览器客户端网页不是一个安全的环境。 It can be freely modified.它可以自由修改。 Whatever you are trying to protect from must be implemented on the server.无论您要防止什么,都必须在服务器上实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.