Using complete <script> tag in eval is possible ?
hemant...@gmail.com
I am try'g to send window.location.href to the server script who will
generate dynamic javascript according to the referral name comg in as
param
Now bcz
<script language="javascript" src="NO JAVASCRIPT CAN BE USED HERE" />
So I am see'g If I can use eval todo something what I am doing
I have tried almost everything, following is being last one
<script language="javascript">
eval("a='http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href");
alert(a);//This show alert properly, but it is following line which
make JS to fail
//It gives error, unterminated string literal
eval("</script><script language='javascript' src="+a+">");
//If this is used instead of eval, it also gives same error as above
eval
//document.writeln("</script><script language='javascript'
src="+a+">");
</script>
Now my requirement being that i'll get javascript only when I pass
correct URL in param 'u' I see really no way out, any?
I am totally lost here ...
PS: Pls drop me a personal mail too in cc of reply, also lemme know if
you want to ask some question about this stupid need :-)
--Hemant
http://sp2p.net
David Dorward
> Now bcz
> <script language="javascript" src="NO JAVASCRIPT CAN BE USED HERE" />
* The language attribute is deprecated
* The type attribute is required
* XHTML style self-closing syntax for <script> elements is forbidden by
Appendix C (and will break in IE if served as text/html)
* You can put JavaScript in the src attribute using the data: url scheme.
Browser support is rather weak though.
> //It gives error, unterminated string literal
> eval("</script><script language='javascript' src="+a+">");
You can't eval() HTML!
> //If this is used instead of eval, it also gives same error as above
> eval
> //document.writeln("</script><script language='javascript'
> src="+a+">");
</script> ends the element, even if you quote it.
http://htmlhelp.com/tools/validator/problems.html.en#script
> PS: Pls drop me a personal mail too in cc of reply
This is usenet. Ask here, read the answer here.
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
hemant...@gmail.com
Thanks for reply!
So there is no way to dynamically close to script tag?
I am tryg now this
SCRIPT
<script language="javascript">
eval("a='http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href");
alert(a);
document.writeln("</script><script language='javascript'
src="+a+">");
//eval(a);
</script>
Output:
It simply shows w/e written in browser i.e. following
</script><script language='javascript'
src=http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u=http://localhost:3000/client.html>
There have to be some hack, for this ... ?
Evertjan.
> <script language="javascript">
type='text/javascript'
> eval("a='http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t
> =t001&u='+window.location.href");
Why do you use eval() ???
a='http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t"+
'=t001&u=' + window.location.href
gives the same result.
eval() is evil!
> eval("</script><script language='javascript' src="+a+">");
Eval() executes javascript and the above is not javascript.
ADVICE:
1 If you are not experienced in using eval() DO NOT USE IT.
2 If you are experienced, you don't need to.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
David Dorward
Convention on Usenet is to quote enough of what you are responding to so
that some context is available.
http://www.safalra.com/special/googlegroupsreply/
http://oakroadsystems.com/genl/unice.htm#quote
> So there is no way to dynamically close to script tag?
Yes there is. The link I provided explains how.
> document.writeln("</script><script language='javascript'
> src="+a+">");
That approach might actually work in XHTML (providing it is real XHTML -
i.e. served with an application/xhtml+xml content type, and not XHTML
masquerading as tag soup HTML), but that isn't of much practical use.
Thomas 'PointedEars' Lahn
> hemant...@gmail.com wrote:
>> document.writeln("</script><script language='javascript'
>> src="+a+">");
>
> That approach might actually work in XHTML (providing it is real XHTML -
> i.e. served with an application/xhtml+xml content type, and not XHTML
> masquerading as tag soup HTML), but that isn't of much practical use.
It is unlikely to work there. First, that would have to be XHTML 1.0
Transitional due to the `language' attribute generated. Second, although
document.write[ln]() is specified in DOM Level 2 HTML for XHTML 1.0
documents, too, unfortunately Gecko's XML parser (and I do not know another
reliable XML parser in an XHTML UA) throws an internal exception ("Error:
Object cannot be created in this context = NS_ERROR_DOM_NOT_SUPPORTED_ERR
[...]") even if the resulting markup would be valid, and it does not
generate any markup to date. The reasoning provided in Bugzilla is that
allowing this method to execute allows for generating not well-formed
markup.
PointedEars
Thomas 'PointedEars' Lahn
> David Dorward wrote:
>> hemant...@gmail.com wrote:
>>> document.writeln("</script><script language='javascript'
>>> src="+a+">");
>>
>> That approach might actually work in XHTML (providing it is real XHTML -
>> i.e. served with an application/xhtml+xml content type, and not XHTML
>> masquerading as tag soup HTML), but that isn't of much practical use.
>
> [...] The reasoning provided in Bugzilla is that allowing this method to
> execute [in XHTML served as application/xhtml+xml] allows for generating
> not well-formed markup.
Like the above :)
Sanjay
> Hello all,
> I am try'g to send window.location.href to the server script who will
> generate dynamic javascript according to the referral name comg in as
> param
> Now bcz
> <script language="javascript" src="NO JAVASCRIPT CAN BE USED HERE" />
I presume that you want to capture window.location.href and send this
information to server which would respond back with a dynamic script
that needs to be executed.
> So I am see'g If I can use eval todo something what I am doing
>
> I have tried almost everything, following is being last one
>
> <script language="javascript">
> eval("a='http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href");
> alert(a);//This show alert properly, but it is following line which
> make JS to fail
>
I dont see why you need to use Eval here.
> //It gives error, unterminated string literal
> eval("</script><script language='javascript' src="+a+">");
>
> //If this is used instead of eval, it also gives same error as above
> eval
> //document.writeln("</script><script language='javascript'
> src="+a+">");
>
> </script>
>
I would do something like this
<script language="JavaScript">
var url =
'http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href';
document.write('<script language=JavaScript" src="' + url + '">
<\/script>');
</script>
Its none of my business to actually ask you where you are using this,
but let me just remind you that this has already been patented.
hemant...@gmail.com
It looks good now ... Indeed hell, Im loving it.
Code looks like this
<script type='text/javascript'>
a='http://localhost:3000/ws/getdojs/8578d42b0edc7afc124f00c03a0d4d2c?t=t001&u='+encodeURIComponent(window.location.href);
alert(a);
document.writeln("<\/script><script type='text\/javascript'
src="+a+">");
</script>
Only issue left is, this thing isn't work in evil M$ IE..., By debuggin
it showslike unbalanced script elements, but once I specify extra
</script> at end, it don't show that prlblem, but don't show what the
script function is writing in document.writeln also
Any1 knows a good tool in IE to see generated Javascript source?
something like "webdeveloper toolbar" in FF.
Thomas 'PointedEars' Lahn
>>hemant...@gmail.com wrote:
>> <script language="javascript">
>>
eval("a='http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href");
>> alert(a);//This show alert properly, but it is following line which
>> make JS to fail
>
> I dont see why you need to use Eval here.
I suppose it is general cluelessness.
>> //It gives error, unterminated string literal
>> eval("</script><script language='javascript' src="+a+">");
>>
>> //If this is used instead of eval, it also gives same error as above
>> eval
>> //document.writeln("</script><script language='javascript'
>> src="+a+">");
>>
>> </script>
>
> I would do something like this
>
> <script language="JavaScript">
Should be
<script type="text/javascript">
> var url =
>
'http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href';
>
> document.write('<script language=JavaScript" src="' + url + '">
> <\/script>');
This is not going to work. String literals cannot extend one line this way.
(They can do other ways, but these are unreliable.)
Furthermore, if this part is corrected, the script still generates invalid
markup, breaks in NN4 due to the NRLB, does not encode the URI component
properly, and there is no guarantee that either script will run anyway.
> </script>
>
> Its none of my business to actually ask you where you are using this,
> but let me just remind you that this has already been patented.
Patented? OMFG.
PointedEars
McKirahan
news:1137229934.9...@g49g2000cwa.googlegroups.com...
> Hello all,
> I am try'g to send window.location.href to the server script who will
> generate dynamic javascript according to the referral name comg in as
> param
[snip]
http://www.aspfaq.com/5003 re microsoft.public.scripting.jscript!
hemant...@gmail.com
page from server, plus few more options, so for tht I have 2 options
a) Download some JS, and go to server and ask how many visitors have
visited this window.location.href, this works smoothly
b) Get dynamic JS which already have some variable tellg how many
visitors have visited it, now this dynamic JS in mycase is generated
by Rails(Ruby) script, which will get one of the param in src as
window.location.href
So option b saves me one iteration of going to server again for gettg
visitor count
I hope you got now why I am try'g to do that, indeed point b is workg
also now(only in firefox) as IE is behaving stupid, though it is gettg
perfect script, but seems some issue in its execution.
Is this thing patented? Hell lot things patented in this world ... who
cares ya?
hemant...@gmail.com
I was usg <\/script> as </script> thus the whole issue, Following are 2
ways which I am using now
1)
<script type='text/javascript'>
var url
var jsi = "<" + "script type='text/javascript'"
jsi += " src='" + unescape(url) + "'></" + "script>";
alert(jsi); // for testing.
document.write(jsi);
</script>
2)
<script type='text/javascript'>
a='http://localhost:3000/ws/getdojs/8578d42b0edc7afc124f00c03a0d4d2c?t=t001&u='+encodeURIComponent(window.location.href);
alert(a);
document.writeln("<script type='text\/javascript'
src="+a+"><\/script>");
//eval(a);
</script>
yes, both are doing same thing, but it jst shows how different u can do
same things in javascript!
Sanjay
> > I dont see why you need to use Eval here.
> I suppose it is general cluelessness.
>
> >> //It gives error, unterminated string literal
> >> eval("</script><script language='javascript' src="+a+">");
> >>
> >> //If this is used instead of eval, it also gives same error as above
> >> eval
> >> //document.writeln("</script><script language='javascript'
> >> src="+a+">");
> >>
> >> </script>
> >
> > I would do something like this
> >
> > <script language="JavaScript">
>
> Should be
>
> <script type="text/javascript">
>
> > var url =
> >
> 'http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href';
> >
> > document.write('<script language=JavaScript" src="' + url + '">
> > <\/script>');
>
> This is not going to work. String literals cannot extend one line this way.
> (They can do other ways, but these are unreliable.)
>
> Furthermore, if this part is corrected, the script still generates invalid
> markup, breaks in NN4 due to the NRLB, does not encode the URI component
> properly, and there is no guarantee that either script will run anyway.
>
I am sorry if I havent understood you, whatever piece of code I gave
works fine with me.
And I just tested the same in
Firefox 1.0
Netscape® Communicator 4.79
IE 6.0
Netscape 7.1
> > </script>
> >
> > Its none of my business to actually ask you where you are using this,
> > but let me just remind you that this has already been patented.
>
> Patented? OMFG.
I am talking about an RPC to server from JavaScript.
>
>
> PointedEars
Thomas 'PointedEars' Lahn
>> Thomas 'PointedEars' Lahn wrote:
>> > I dont see why you need to use Eval here.
>> <script type="text/javascript">
>>
>> > var url =
>> >
>>
'http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href';
>> >
>> > document.write('<script language=JavaScript" src="' + url + '">
>> > <\/script>');
>>
>> This is not going to work. String literals cannot extend one line this
>> way. (They can do other ways, but these are unreliable.)
>>
>> Furthermore, if this part is corrected, the script still generates
>> invalid markup, breaks in NN4 due to the NRLB, does not encode the URI
>> component properly, and there is no guarantee that either script will run
>> anyway.
>
> I am sorry if I havent understood you,
I am sure you have not. Which parts of it?
> whatever piece of code I gave works fine with me.
Are you sure? <URL:http://jibbering.com/faq/#FAQ4_43>
If it worked, then you have definitely not posted what you used, because
newline is not allowed in string literals. There may have been a space
between the start and end tag, otherwise there is no reason why word wrap
would have occured.
> And I just tested the same in
> Firefox 1.0
> Netscape® Communicator 4.79
Test again and again with NN4. The NRLB is a heisenbug, and the last time
I checked, it was still there in NN 4.79.
> [...]
>> > </script>
>> >
>> > Its none of my business to actually ask you where you are using this,
>> > but let me just remind you that this has already been patented.
>> Patented? OMFG.
> I am talking about an RPC to server from JavaScript.
>
> See
>
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/netahtml/search-bool.html&r=2&f=G&l=50&co1=AND&d=pall&s1=javascript.TTL.&OS=TTL/javascript&RS=TTL/javascript
And I was talking about something nonsensical like the above code to be
patented, and the Bad Thing of software patents in general. Hopefully,
this U.S. American nonsense will not spread.
<URL:http://www.nosoftwarepatents.com/>
However, the patent does not apply to what is done here. (IANAL)
PointedEars
P.S.: Please learn to quote.
<URL:jibbering.com/faq/faq_notes/pots1.html#ps1Post>
Gérard Talbot
> Sanjay wrote:
>
>>> hemant...@gmail.com wrote:
>>> <script language="javascript">
>>>
> eval("a='http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href");
>>> alert(a);//This show alert properly, but it is following line which
>>> make JS to fail
>> I dont see why you need to use Eval here.
>
> I suppose it is general cluelessness.
>
Your comment here is very typical of post coming from you. They are
decorated with pointless, irrelevant remarks, useless,
counter-productive remarks and abrasive remarks.
>>> //It gives error, unterminated string literal
>>> eval("</script><script language='javascript' src="+a+">");
>>>
>>> //If this is used instead of eval, it also gives same error as above
>>> eval
>>> //document.writeln("</script><script language='javascript'
>>> src="+a+">");
>>>
>>> </script>
>> I would do something like this
>>
>> <script language="JavaScript">
>
> Should be
>
> <script type="text/javascript">
>
2 days ago, I spotted 17 occurences of your own failures to do exactly
and preciely that. You used language="JavaScript" yourself during years
and years on your very own site. This would certainly make a lot of
people a lot less abrasive... but not you, obviously.
>> var url =
>>
> 'http://localhost/ws/getdojs/c896ec8408f27942fe4b85f033c3e3af?t=t001&u='+window.location.href';
>> document.write('<script language=JavaScript" src="' + url + '">
>> <\/script>');
>
> This is not going to work. String literals cannot extend one line this way.
> (They can do other ways, but these are unreliable.)
>
> Furthermore, if this part is corrected, the script still generates invalid
> markup,
Really? Invalid markup! How strange, incredible it is coming from you.
Your own website has hundreds of markup errors. It's been like that for
years. And you've been told this several months ago and you never
corrected those errors.
Anyone can verify for himself and by himself my claim here:
http://www.htmlhelp.com/cgi-bin/validate.cgi?url=http%3A%2F%2Fpointedears.de%2F&warnings=yes&input=yes&spider=yes&hidevalid=yes
breaks in NN4 due to the NRLB, does not encode the URI component
> properly, and there is no guarantee that either script will run anyway.
>
>> </script>
>>
>> Its none of my business to actually ask you where you are using this,
>> but let me just remind you that this has already been patented.
>
> Patented? OMFG.
Another idiosyncratic behavior of yours. Everyone has to know or to
search for what these abbreviations (NRLB, OMFG, etc.) actually mean.
It's another aspect of your alienating posts, Thomas 'PointedEars' Lahn.
You're a master of pedantic remarks, abrasive comments and arrogance.
>
>
> PointedEars
Gérard
Sanjay
> >> > document.write('<script language=JavaScript" src="' + url + '">
> >> > <\/script>');
> >>
> >> This is not going to work. String literals cannot extend one line this
> >> way. (They can do other ways, but these are unreliable.)
Please dont think that I would have extended the string literal into 2
seperate lines.
Its probably by the wrapping of texts. Even if it isnt then please dont
comment on such silly things.
Most of us know this point and those who dont know would learn the
copy, paste mistakes.
> >> Furthermore, if this part is corrected, the script still generates
> >> invalid markup, breaks in NN4 due to the NRLB, does not encode the URI
> >> component properly, and there is no guarantee that either script will run
> >> anyway.
> >
> > I am sorry if I havent understood you,
>
> I am sure you have not. Which parts of it?
**breaks in NN4 due to the NRLB, does not encode the URI component
properly, and there is no guarantee that either script will run
anyway.**
This part, would be more than happy to understand what you are talking
about.
> > whatever piece of code I gave works fine with me.
>
> Are you sure? <URL:http://jibbering.com/faq/#FAQ4_43>
>
> If it worked, then you have definitely not posted what you used, because
> newline is not allowed in string literals. There may have been a space
> between the start and end tag, otherwise there is no reason why word wrap
> would have occured.
>
> > And I just tested the same in
> > Firefox 1.0
> > Netscape® Communicator 4.79
>
> Test again and again with NN4. The NRLB is a heisenbug, and the last time
> I checked, it was still there in NN 4.79.
>
For some reason it works like a champ.
As far as I am concerned it works with the list of browsers I have
given you.
Its an internal web site for me, otherwise I would have asked you to
see the same.
>
> And I was talking about something nonsensical like the above code to be
> patented, and the Bad Thing of software patents in general. Hopefully,
> this U.S. American nonsense will not spread.
>
> <URL:http://www.nosoftwarepatents.com/>
>
> However, the patent does not apply to what is done here. (IANAL)
>
I think I really know what I am talking, its your aggressive attitude
or egocentric behavior.
What else do you think the script tag is used here for, isnt it an RPC
to get the visitor values.
Please donot throw up your aggresive attitude on everybody for
everything.
I would be more happy to see all your comments in much lighter words.
Thanks
Sanjay
Thomas 'PointedEars' Lahn
> Thomas 'PointedEars' Lahn wrote:
>> >> Furthermore, if this part is corrected, the script still generates
>> >> invalid markup, breaks in NN4 due to the NRLB, does not encode the URI
>> >> component properly, and there is no guarantee that either script will
>> >> run anyway.
>> >
>> > I am sorry if I havent understood you,
>> I am sure you have not. Which parts of it?
>
> **breaks in NN4 due to the NRLB, does not encode the URI component
> properly, and there is no guarantee that either script will run
> anyway.**
> This part, would be more than happy to understand what you are talking
> about.
You must be kidding, after this:
>> And I was talking about something nonsensical like the above code to be
>> patented, and the Bad Thing of software patents in general. Hopefully,
>> this U.S. American nonsense will not spread.
>>
>> <URL:http://www.nosoftwarepatents.com/>
>>
>> However, the patent does not apply to what is done here. (IANAL)
>
> I think I really know what I am talking, its your aggressive attitude
> or egocentric behavior.
> What else do you think the script tag is used here for, isnt it an RPC
> to get the visitor values.
>
> Please donot throw up your aggresive attitude on everybody for
> everything.
> I would be more happy to see all your comments in much lighter words.
Again, you must be kidding here.
PointedEars, Score adjusted
Sanjay
Well I remember something you told me long back.
***If you do not have something intelligent to say, you should just
shut up.
Unless you deliberately try to make a fool of yourself, of course.
PointedEars ***
Sanjay
Randy Webb
> Thomas 'PointedEars' Lahn wrote:
<snip>
>>PointedEars, Score adjusted
>
>
> Well I remember something you told me long back.
>
> ***If you do not have something intelligent to say, you should just
> shut up.
> Unless you deliberately try to make a fool of yourself, of course.
>
> PointedEars ***
I see that you finally understand PointedEars and his antics/methods.
--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Gérard Talbot
There is a growing number of people in this newsgroup and elsewhere who,
over the years, realized what kind of a person Thomas 'PointedEars' Lahn
really is.
Thomas 'PointedEars' Lahn over the years
- has been making harsch comments, often for no justifiable reasons, to
lots of people
- he does not fear making abrasive comments to anyone or being just
obnoxious
- he loves to nitpick on small details, minor issues, often making his
posts entirely irrelevant, negative, anti-constructive
- he has been the nr 1 poster in this newsgroup trying/striving
relentlessly to domesticate people into trimming quotes, learning how to
quote, learning how to attribe quoted material, etc,etc,..
- he does not fear posting to others to validate their markup, even
though his own website and all of his webpages never actually were using
valid and validated markup code to begin with. I checked myself 4 days
ago and his site had 1102 validation errors out of 100 pages.
- he has been telling others to stay away from frames and framesets but,
at the same time, his own website was using frames and framesets
- he has been relentlessly telling others during years, in dozens of
posts that <script language="JavaScript" should be replaced with <script
type="text/javascript"> while, at the same time, his own website had
during years and years 17 occurences of <script language="JavaScript"
Overall, Thomas 'PointedEars' Lahn does not mind being obnoxious,
unfriendly, irritating, counter-productive, blatantly inconsequent,
blatantly incoherent. I've never seen him say that he's sorry, that he
made a mistake, an honest mistake, that he was wrong, or admit anything
of this sort.
To me, Thomas 'PointedEars' Lahn is either a cheating, lying incompetent
or he is like a "Krusty The Clown", sitting alone in the middle of one
of his Krusty Restaurant, who will refuse to even just taste one of his
very own agressive-tasty, acid Krusty burgers that, nevertheless, he has
been serving to others during years.
Thomas 'PointedEars' Lahn is the kind of person who will do to you
exactly what he will refuse that you do to him or that you do to a
webpage. Thomas 'PointedEars' Lahn is a "double standards" person, a
double face person, a double talk person, a "don't do what I do" person.
Gérard