Skip to content

Instantly share code, notes, and snippets.

@zmmbreeze

zmmbreeze/insertJS.html

Last active December 15, 2015 13:39
Show Gist options
  • Save zmmbreeze/5268911 to your computer and use it in GitHub Desktop.
Save zmmbreeze/5268911 to your computer and use it in GitHub Desktop.
Download ZIP
在只能放HTML的地方插入javascript脚本
Raw
insertJS.html
<img style="position:absolute;left:-9999px;" src="#" onerror="(function() {var s = document.createElement('script');s.src='xxx.js';var head=document.getElementsByTagName('head')[0]; head.appendChild(s);})()" />
<!-- no quote version -->
<img style=position:absolute;left:-9999px; src=# onerror=document.getElementsByTagName('head')[0].appendChild(document.createElement('script')).src='xxx.js' />
@zjjott
Copy link

zjjott commented Mar 29, 2013

喵~ >▽< 。。。。。虽然这种方法我确实在XSS攻击中看到过。。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment