By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,712 Members | 2,174 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,712 IT Pros & Developers. It's quick & easy.

trigger remote function from standard event

P: n/a
Hi, I would like to execute code when the body's onload event is
triggered.
No problem to include a one-line script (such as onload="alert()") but
require more complexity. I cannot include this script anywhere else
(the only code that I can touch is in the body's onload event).
Something along the lines of 'onload="http://path-to-remote-script"'.
I cannot use window.open or location.replace, nor can i use an object's
innerHtml property, as they are all filtered. The only thing I have
been able to use is object.insertAdjacentHtml, which is an IE-specific
extension (this won't work for me).

Thank you!

-Robert

Sep 22 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Lee
ro***********@gmail.com said:

Hi, I would like to execute code when the body's onload event is
triggered.
No problem to include a one-line script (such as onload="alert()") but
require more complexity. I cannot include this script anywhere else
(the only code that I can touch is in the body's onload event).
Something along the lines of 'onload="http://path-to-remote-script"'.
I cannot use window.open or location.replace, nor can i use an object's
innerHtml property, as they are all filtered. The only thing I have
been able to use is object.insertAdjacentHtml, which is an IE-specific
extension (this won't work for me).


It sounds like any solution would violate either corporate security
policy or your ISP agreement.

Sep 23 '05 #2

P: n/a


Why the furtiveness, why the restrictions provided you're staff allowed to
edit/add objects? Just contact the server administrator for access to it.
Danny
Sep 23 '05 #3

P: n/a
Thank you everyone. I am performing security analysis of a popular
social networking website, disclosing results to the site admins. I'm
one of the good guys.

Javascript is filtered, for obvious reasons (but not very well,
apparently).

FYI I placed my script in a textarea and
onload=eval(getelement(textarea).value) as the system does not expect
anything executable to be present in a text object.

Thank you very much for your time, and sorry for the noise.

-Robert

Sep 23 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.