Last active
November 24, 2016 21:24
-
-
Save MichaelErmer/4893549f22081f29a1659376585e5ec3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var d = document, | |
// ID of the TAG (also used in the src) | |
t = 'demo', | |
// get our ad tag as dom element | |
// currentScript works for every browser but IE | |
// in IE we try to get our tag by id | |
p = d.currentScript || d.getElementById(t); | |
// FALLBACK for IE, if no id was set on the tag or tag is "used" | |
if (!p || p.hasAttribute("data-placed")) { | |
var ds = d.getElementsByTagName("script"); | |
for (var i = ds.length; i > 0; --i) { | |
var s = ds[i]; | |
if (s | |
&& s.src | |
&& s.src.match(t) | |
&& !s.hasAttribute("data-placed") | |
) { | |
p = s; | |
break; | |
} | |
}; | |
} | |
// Create Iframe | |
var i = d.createElement("iframe"); | |
// Mark Tag as "used" | |
p.setAttribute("data-placed", t); | |
// Insert Iframe after tag | |
p.parentNode.insertBefore(i, p.nextSibling); | |
var ad = 'some weird html code with a<script>alert("that is executed");</sc'+'ript>'; | |
var frameHTML = '<!doctype html><html><head><title></title></head><body style="margin:0;padding:0">' + ad + '</body></html>'; | |
if (navigator.userAgent.indexOf("MSIE") == -1 && navigator.userAgent.indexOf("Opera") == -1) { | |
i.contentDocument.write(frameHTML); | |
i.contentDocument.close(); | |
} else { | |
if (document.domain != location.hostname) { | |
i.src = "javascript:var d=document.open();d.domain='" + document.domain + "';void(0);"; | |
} | |
i.contentWindow.contents = frameHTML; | |
i.src = 'javascript:window["contents"]' | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment