Question

I m了解通过添加<条码>和带的有活力的文字/剪辑;风格和“;或<link>贴在网页上或厅,但一旦下载,将由浏览器执行。我正在考虑其他下载方式,但没有执行javascript/cs代码。首先,我想到的是XMLHttpRequest:

//simple execution received script
var executeScript = function(code){
    eval(code);
};
//create XMLHttpRequest in cross-browser manner
var xhr = createXMLHTTPObject();
//check whether file is loaded
var checkStatus = function(){
    if(xhr.readyState  == 4){
        if(xhr.status >= 200 && xhr.status < 300 || xhr == 304){
            executeScript(xhr.responseText);   
        }
        else {//error
        }
    }
};
//do request
xhr.open( get , http://podlipensky.com/examples/dynamicscript/hey.js , true);
xhr.onreadystatechange = checkStatus;
xhr.send(null);

但是,在这种情况下,由于Same Origin政策,我们只用同一领域的文字加以限制(不过我们可以尝试用.CORS )。

另一种做法是,在网页上添加动态的<条码>iframe,然后在<条码>上添加<条码>>>>>> 符号<>>>>,这样,文字在下载后即予以执行,但在另一页(<条码>>iframe上。

Are there any other ways to download and not execute the script?

UPDATE:

下载但不执行javascript/cs是有用的原因之一,是先上载第三方图书馆,但只需要使用这些图书馆。

Answer 1

You can also use an iframe and use the script/css URL as the src of the frame (so it isn t evaluated/applied at all), although you d want to be sure in that case that the JavaScript/CSS was delivered with Content-Type text/plain to avoid unfortunate things happening with < characters and such. Although you should run into SOP issues with this approach as well, on a decent browser, if the iframe src is from a different origin.

除此以外,我认为你基本上可以选择你们的名单。

Answer 2

仅举出另外一种选择,即使用<代码><object> tag:

<object data="http://podlipensky.com/examples/dynamicscript/hey.js" />

http://www.phpied.com/preload-csjavascript- Without-execution/“rel=”nofollow” 。因此,我只与大家分享我的调查结果,希望这样做将是有益的。

Answer 3

If your script simplty defines a function then it can be executed without actually running anything. Of course, this would require collaboration from both sides ala JSONP

//jsonp
var result = {/*...*/};

//missingnonp
var f = function(){ /**/ };

Answer 4

假设你控制提供该网页的服务器,你想把有关联合材料装上该页面,最容易的方法是将欧洲复兴开发银行的URL送给你的服务器,从该服务器上装载(例如,通过PHP文档——目标——产出(收益)))并由于亚洲复兴开发银行的号召而收回。

友情链接