Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
how can i run any javascript in double quotes ?
For example:
<input type="text" value="" />
i would like to execute an alert or any other code in the value = “” (double quotes). Like:
<input type="text" value="<script> onmouseover=alert(0);</script>" />
the code show as a string on page. So is there anyway to execute script in double quotes ?
Ah, I see, you probably want to do something like this:
That inline script will attempt to execute what’s in its value attribute every time the tag is changed (and you blur out of the element). The
try catchblock is so that anything that would normally not work won’t get executed. Theevalfunction parses a string and runs it as Javascript code.You leave yourself open to many forms of attacks when you use
eval, so unless this is for purely educational or in house purposes, I would advise you don’t use this.