How can I load a web page into a new window and in

2019-07-04 06:13发布

站内问答 / JavaScript
610 4 3

Using JavaScript, how can i open a new window (loading, say, http://www.google.com in the process) and inject/insert this code into its body:

<script type="text/javascript">alert(document.title);</script>

I know how to open a new window, but i don't know how to add the script to the new window and run it:

var ww = window.open('http://www.google.com');

4条回答
爱情/是我丢掉的垃圾
2楼-- · 2019-07-04 06:39

No. This would violate the same origin policy implemented by most (all?) browsers to protect their users.

Imagine if this were possible: You could convince users to come to your site, open a new window with, say, their bank's website loaded into it, and inject code to steal their credentials. Then proceed to steal their money, identity, etc...

Not good, eh? So be very, very glad it isn't possible.

See also: Same-origin policy for DOM access in the Browser Security Handbook

查看更多
0人赞 添加讨论(0) 举报
霸刀☆藐视天下
3楼-- · 2019-07-04 06:41

The best approach is having your web-site (the one your script comes from) to act as a proxy and download url in question for you. You can therefore modify response on the server, or locally on the client.

查看更多
0人赞 添加讨论(0) 举报
Viruses.
4楼-- · 2019-07-04 06:46

Your ww var is a reference to the new window object. So ww.window.title would be the title of the window you have opened.

If you wish to manipulate your new window you should do it via your ww var.

查看更多
0人赞 添加讨论(0) 举报
Deceive 欺骗
5楼-- · 2019-07-04 06:59

This worked on the firebug console:

>>> var x = window.open("");
Window opened
>>> x
Window about:blank
>>> x.document
Document about:blank
>>> x.document.write("<script type='text/javascript'>alert('h1');</script>");
Alert popped up
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(3)