Run and load javascript within href?

JavaScript and client side scripting.

Moderator: General Moderators

Post Reply
cohq82
Forum Commoner
Posts: 43
Joined: Mon Apr 21, 2008 8:38 pm

Run and load javascript within href?

Post by cohq82 »

Hi, I would like to do this trick and was not sure if possible. Let say website http://www.aaa.com is someone else site. If I post a link on there, I would like when people click the link, instead of going to the url in href, it will popup a IFRAME or DIV on top of current page. How to do something like that? I would imagine using something like "javascript:function()" in the href but that must load the .js file somewhere, right? There was this company called Polyvore using this technique below in the href:

Code: Select all

javascript&#058;(function(){function t(d){var w=window;if(w.PolyvoreClipper){w.PolyvoreClipper.run();}else{var s=d.createElement("script");w._polyvoreMode="prod";s.src="http://polyvore.cachefly.net/rsrc/clipper.js?"+Math.floor((new Date()).getTime()/86400000);d.body.appendChild(s);}}try{t(document);}catch(e){}for(var i=0;i<frames.length;++i){var f=frames[i];try{if(f.frameElement.tagName=="IFRAME"){continue;}if(f.innerWidth<400||f.innerHeight<400){continue;}t(f.document);}catch(g){}}})();
However, that only works if the link is in the bookmark of browser. It loads clipper.js. Is there a way to do this without making a link a bookmark first on client side?

Thanks.
User avatar
php_east
Forum Contributor
Posts: 453
Joined: Sun Feb 22, 2009 1:31 pm
Location: Far Far East.

Re: Run and load javascript within href?

Post by php_east »

those codes only confuse the quest. you can do a

Code: Select all

<script type="text/javascript>
function pop_up()
{
}
 
before your codes.

then do a <a href="popup(url)".
if you want wc3 compliance hide the javascript in a js file and link it in. either way works.
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Re: Run and load javascript within href?

Post by kaszu »

Let say website http://www.aaa.com is someone else site. If I post a link on there
If it's not your site then it's XSS.

Adding a link in to the bookmarks allows to execute javascript when user clicks that bookmark, but this JS is not in the page. But to make this JS run every time anyone visits that site you need to put JS in the source of the page and since it's not your site, then it is XSS and
9. Warez, copyright violation, or promotion of any other illegal activity may NOT be linked or expressed or posted in any form.
cohq82
Forum Commoner
Posts: 43
Joined: Mon Apr 21, 2008 8:38 pm

Re: Run and load javascript within href?

Post by cohq82 »

@kaszu, do you have sample using XSS for the same purpose?
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Re: Run and load javascript within href?

Post by kaszu »

It may and may not be possible to inject your javascript into someones else page, depends if on that page they are escaping those links correctly. Even if they aren't and XSS exists, it doesn't mean you should use it and I think you can be held liable for doing any damage to their website.
Answer: No, i don't want to provide any samples.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Run and load javascript within href?

Post by pickle »

This is XSS - which is not something we like to promote. While you may not necessarily be trying to do something nefarious, it is exactly this technique that others use to do nefarious things. It's best if we don't discuss it.

Please PM me if you disagree.

Locking topic.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply