Script tags not required

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #58,895 by ChrisR 10/23/02 2:52:30 PM Reply	Script tags not required <html> <head> <title>Hello</title> </head> <body> <img src='javascript:alert("hello")'> </body> </html>
Post #58,902 by admin 10/23/02 3:14:22 PM Reply	Nifty. Well, I've got an HREF scrubber now anyway, so I guess I can add img tags too. But, the question is, can someone put <script>whatever</script> in say 'foo.html' and then do <img src="http://myserver.com/foo.html"> and get it to run... Regards, -scott anderson "Welcome to Rivendell, Mr. Anderson..."
Post #58,914 by ChrisR 10/23/02 3:47:11 PM Reply	Don't think that level of indirection would work The problem seems to arise in the evaluation of the source attribute. I think once it starts loading the source, it doesn't continue the evaluation chain.

Speaking of Signs - (Another Scott) - (35) - Oct. 23, 2002, 12:40:31 AM EDT

Not Beep's sign, originally - (drewk) - (2) - Oct. 23, 2002, 08:22:06 AM EDT

Yup... Jake123's and BOxley's secret love child. -NT - (CRConrad) - Oct. 23, 2002, 08:30:29 AM EDT

Should a remembered Yaz. BP's been The Keeper though. Thnx. -NT - (Another Scott) - Oct. 23, 2002, 09:29:33 AM EDT

I just need the image... -NT - (admin) - (31) - Oct. 23, 2002, 09:17:31 AM EDT

Thought you had it... - (bepatient) - (30) - Oct. 23, 2002, 10:50:03 AM EDT

And now presenting: - (admin) - (29) - Oct. 23, 2002, 11:09:48 AM EDT

Did you know that.. - (bepatient) - Oct. 23, 2002, 11:06:54 AM EDT

About Effing time you.... - (folkert) - (1) - Oct. 23, 2002, 11:14:47 AM EDT

BTW, Greg... - (admin) - Oct. 23, 2002, 11:17:03 AM EDT

Thanks! -NT - (Another Scott) - Oct. 23, 2002, 11:14:53 AM EDT

Dammit - (drewk) - (11) - Oct. 23, 2002, 11:45:57 AM EDT

Re: Dammit - (admin) - (10) - Oct. 23, 2002, 11:57:47 AM EDT

Re: Dammit - (deSitter) - (6) - Oct. 23, 2002, 12:00:34 PM EDT

No. - (admin) - (5) - Oct. 23, 2002, 12:01:28 PM EDT

this it? - (SpiceWare) - (4) - Oct. 23, 2002, 02:23:38 PM EDT

That's the one. - (admin) - (3) - Oct. 23, 2002, 02:46:48 PM EDT

Script tags not required - (ChrisR) - (2) - Oct. 23, 2002, 02:52:30 PM EDT

Nifty. - (admin) - (1) - Oct. 23, 2002, 03:14:22 PM EDT

Don't think that level of indirection would work - (ChrisR) - Oct. 23, 2002, 03:47:11 PM EDT

Testing - (drewk) - (2) - Oct. 23, 2002, 12:11:00 PM EDT

Sure... - (bepatient) - (1) - Oct. 23, 2002, 12:24:47 PM EDT

Speaking of critical ... - (drewk) - Oct. 23, 2002, 01:26:44 PM EDT

ignore - (bepatient) - Dec. 18, 2002, 05:04:32 PM EST

Ok...so why doesn't this work anymore? - (bepatient) - (10) - Dec. 18, 2002, 05:04:01 PM EST

here - (folkert) - (9) - Dec. 18, 2002, 05:24:29 PM EST

Busted? - (ChrisR) - Dec. 18, 2002, 05:29:18 PM EST

So after 3 edits... - (bepatient) - (7) - Dec. 18, 2002, 05:31:34 PM EST

You saw the edits you jerk!!! - (folkert) - (6) - Dec. 18, 2002, 05:50:19 PM EST

Well I never! - (bepatient) - (5) - Dec. 18, 2002, 09:46:42 PM EST

Ha <pause> Haaaa... - (folkert) - (4) - Dec. 18, 2002, 11:30:49 PM EST

Well.. there are some nieces & nephews - (Ashton) - Dec. 19, 2002, 06:41:48 AM EST

Are you serious? - (Arkadiy) - (2) - Dec. 27, 2002, 10:38:01 AM EST

Yep... - (folkert) - (1) - Dec. 27, 2002, 12:55:49 PM EST

Oh well - (Arkadiy) - Dec. 27, 2002, 11:07:57 PM EST

self closing tags - (cforde) - Jan. 19, 2004, 11:48:31 PM EST

You sly ol' iconoclast, you...
88 ms