Skip to content

Instantly share code, notes, and snippets.

@dcadenas

dcadenas/ajaxtest.js

Last active October 22, 2016 02:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dcadenas/49d15389cfe494af0e064f18ff877c4b to your computer and use it in GitHub Desktop.
Save dcadenas/49d15389cfe494af0e064f18ff877c4b to your computer and use it in GitHub Desktop.
Download ZIP
Testing rawgit
Raw
ajaxtest.js
(function(){
var url = 'https://api.ipify.org/?format=json';
var createCORSRequest = function(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
alert(`no cors for gets to ${url}`);
xhr = null;
}
return xhr;
};
var method = 'GET';
var xhr = createCORSRequest(method, url);
xhr.onload = function() {
alert("Your ip is : " + xhr.responseText)
};
xhr.onerror = function() {
alert("error")
};
xhr.send();
})();
Raw
scriptinjecttest.js
(function(){
var start= function($){
$("div").remove()
alert('oops! removed all divs. lol');
}
var withJQuery = function (e, a, g, h, f, c, b, d) {
if (!(f = e.jQuery) || g > f.fn.jquery || h(f)) {
c = a.createElement("script");
c.type = "text/javascript";
c.src = "//ajax.googleapis.com/ajax/libs/jquery/" + g + "/jquery.min.js";
c.onload = c.onreadystatechange = function () {
if (!b && (!(d = this.readyState) || d == "loaded" || d == "complete")) {
h((f = e.jQuery).noConflict(1), b = 1);
f(c).remove()
}
};
a.body.appendChild(c);
}
}
withJQuery(window, document, "3.1.1", function ($, L) {
start($);
});
})();
@dcadenas
Copy link
Author

dcadenas commented Oct 22, 2016
edited 

<a id="bookmarkletscript" href="javascript:( function(){ var imported = document.createElement('script'); imported.type='text/javascript'; imported.src = '//rawgit.com/dcadenas/49d15389cfe494af0e064f18ff877c4b/raw/scriptinjecttest.js'; document.head.appendChild(imported);  } )();">
  Script Inject Bookmarklet
</a>


<a id="bookmarkletajax" href="javascript:( function(){ var imported = document.createElement('script'); imported.type='text/javascript'; imported.src = '//rawgit.com/dcadenas/49d15389cfe494af0e064f18ff877c4b/raw/ajaxtest.js'; document.head.appendChild(imported);  } )();">
  Ajax Bookmarklet
</a>

<!--
Problems:
1) `X-Content-Type-Options: nosniff`
   Solution: use http://rawgit.com
2) `Content-Security-Policy` header in pages like Github. See https://github.com/blog/1477-content-security-policy
   Solution: seems to be impossible with bookmarklets. Investigating with chrome extensions.
-->

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment