1

I'd like to open another web page from javascript (like default navigating, not fullscreen iframe or window.open) and run some javascript code upon loading it.

Steps:

  1. Define a javascript function
  2. Navigate to another page
  3. Browser runs function in new page context

is there any way to achieve this? the only way I remember would be emulating this by loading the page using ajax, and replacing document.body.innerHtml, then running the function, but that would not change location.href, so e.g. the back button or bookmarks wouldn't work. also relative links had to be rewritten at loading, etc...

PS: I know that would be some ugly XSS, but it's needed for example when writing bookmarklets that load a page and fill in a form automatically.

Improve this question
2
  • If you own that page, then put the script there in the first place. Commented Apr 14, 2013 at 8:49
  • sure, but I don't own it. Commented Apr 14, 2013 at 8:54

4 Answers 4

Reset to default
2

No, you can't do that. That would allow you to do things like steal cookies for session hijacking behind the scenes, so no browsers allow you to do it at all.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

While there could be some legitimate use cases, for security reasons you can't do this unless the new page is on the same domain.

What you can do is to write a browser extension if the target browser has extensions support,

Or tell users to open the target page, and use your bookmarklet on that context.

Improve this answer

3 Comments

so the flow would be 'if(location.href!="..."){alert("Please run me again upon page load");location.href="..."}else{...}'?
would replacing the whole page by an iframe even work, or would the browser ("the browser" being any generic navigator except IE :-P) forbid this because of XSS possibilities?
Browsers don't allow altering iframes with external sources (for security reasons.)
1

You can do all this stuff if you load the other page from your own server:

Say you want to load http://other.com in your site http://mine.org You write a tiny serverside script that you can call like this: http://mine.org/load.php?site1 (with the urls to all the sites you want to load listed inside load.php or in some database)

but now your site has the security problem: javascript embedded in http://other.com is run in your sites context.

Improve this answer

Comments

-1

OK, reserch results:

Impossible methods:

  • using some persistent function to run on the new page (like I suggested in the question)
  • using an iframe replacing the whole page (ugly and forbidden by most browsers)

Overkill methods:

  • write a browser plugin
  • get the remote page owner to accept some GET argument and do the stuff for you

Remaining method 1, requiring user interaction:

(function(){
  if(self.location.href!=targetlocation){
    window.alert("Please run this bookmarklet again upon loading the page.");
    self.location.href=targetlocation;
  }else{
    doSomething();
  }
  return false;
})();

Remaining method 2, doing some nasty proxy stuff:

  • write some php/etc script to "proxy" the target page
  • now you can:
    • use an iframe, because it's not cross-site anymore
    • rewrite the page server-side before delivering to browser (doing "overkill method: GET argument" by yourself)

Example:

<?php //USAGE: ?uri=http://www.google.com&search[0]=L2dvb2dsZS8K&replace[0]=dGVzdAo=
  $page=file_get_contents($_GET["uri"]);
  $count = min(count($_GET["search"]),count($_GET["replace"]),100);
  for ($i = 0; $i < $count; $i++) {
    $page=preg_replace(base64_decode($_GET["search"][$i]),
                       base64_decode($_GET["replace"][$i]), $page);
  }
  echo $page;
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.