-1

I am currently learning some web programming related stuff. I'm a little confused on how I insert some javascript into say a random URL. I'm trying to insert an alert message with an echo payload so I couldn't do javascript:alert("testtestesttest"); which will work.

Should this not work? 

echo?payload=javascript:alert("test");

I am using an older version of my browser so that javascript execution is possible. But for some reason javascript:alert("test"); works by itself but when i add it onto the end of the url with the echo payload it's just echoing the text after the payload.

EDIT: I have found my solution. Sorry.

Improve this question
6
  • This doesn't seem like a pattern I'd use. What are you trying to achieve? Commented Apr 11, 2020 at 8:14
  • I'm trying to echo back an alert window. Commented Apr 11, 2020 at 8:16
  • Why don't you just call the alert from your code, rather than its URL? Commented Apr 11, 2020 at 8:17
  • I need to create a URL in such a way that the alert will pup up. Commented Apr 11, 2020 at 8:19
  • 1
    Like the answer in the linked question by @bravemaster says: It's not possible. You can't directly run Javascript from an URL. If you edit your question and tell us why you need this, we might be able to provide you with another solution. Otherwise the answer will remain the same. Commented Apr 11, 2020 at 8:21

2 Answers 2

Reset to default
-1

you can do it ) of course everything is possible! Not sure modern browsers will allow this request. Need to check. Buth this approach is usafe from the user prospective.

Imagine that somewone will put tricky code and use your site domain as trusted and will send a spam using this link.

Hey bro here is discount you can get! https://someknownSite.com?javascript::getyourpasswordcode

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This is not true. If I wanted to run some "evil" javascript on my website, I wouldn't need to use a hyperlink to do it. Besides that, Javascript is client side and doesn't have access to the user's file system. There's really not much "evil" you can do with it.
This is what i'm trying to do. I am using an old browser so executing javascript is possible.
-1

Then why do you want to make this happen via URL? Let say you have a page, called "myAlert.php". So what you can do is, you can write a script on this page, which will simply show the alert when somebody with this URL will access this.

Or you can also, write a simple condition that when a request has been made to this URL, you can show the alert box.

But If you are trying to insert the javascript in the URL and expecting the result then it's not possible. Because modern browsers won't let you run a script as the "< >" symbols will be changed.

Improve this answer

1 Comment

I am not using a modern browser, this is for my own testing.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.