Thursday, January 12, 2006

toys, toys, toys....

...every time i look around, there's a new toy to play with. for a while now, i've been playing with javascript toys. they're fun. for instance, did you know that you can change the value of something on a page by typing in javascript into the title bar? i call it "javascript injection".

for instance, type this into the title bar:
javascript:alert('hello');

ok, so you can use javascript. How far can you go?
javascript:m='';for(i in document){m+=i+'\n'}alert(m);

ooh, complete access to the dom. nice. why do we want this?
well, how about looping through all of the hidden form elements on a page?
so what? you may say.
how about changing the value of a form field?
so what? you may callously say again.
well, what if that form field was, say, the price of something to be purchased?
depending on how they determined the price on the other end...

0 Comments:

Post a Comment

<< Home