WebApp Sec mailing list archives
Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=...
From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Fri, 14 Oct 2005 20:05:05 +0200
On 14 Oct 2005 at 10:56, Jeremiah Grossman wrote:
Admittedly, I was a bit confused by what your trying to achieve with code. So sticking the question at hand... "Importing large code piece into Javascript context without SCRIPT SRC" ... I take to do not use the HTML syntax... <script src="http://foo/ file.js"></script> Here's an idea.. 1) DOM Programming var js = document.createElement('script'); js.setAttribute('src', 'http://foo/file.js'); document.body.appendChild(js); * same effect, but different style.
Not fair ;-) This will not be allowed (I supposed) by Content-Restrictions that specify no external code (see the link in my original writeup). I think (hope...) that the Content-Restrictions would apply to any JS executed, and to dynamically created HTMLs (such as the above). And there's also a Content-Restriction against creating/modifying HTML nodes. But yes, I suppose I should have clarified this. So thanks! -Amit
Current thread:
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Jeremiah Grossman (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Amit Klein (AKsecurity) (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Jeremiah Grossman (Oct 14)
- RE: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... dpw (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Amit Klein (AKsecurity) (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Jeremiah Grossman (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Amit Klein (AKsecurity) (Oct 14)