November 2011
Intermediate to advanced
320 pages
10h 18m
English
As should be evident from the earlier discussions in this chapter, there are several ways to execute scripts in the context of the current page. It is probably useful to enumerate some of the most common ones:
Inline <script> blocks
Remote scripts loaded with <script src=...>[34]
javascript: URLs in various HTML parameters and in CSS
CSS expression(...) syntax and XBL bindings in certain browsers
Event handlers (onload, onerror, onclick, etc.)
Timers (setTimeout, setInterval)
eval(...) calls
Combining these methods often seems natural, but doing so can create very unexpected and dangerous parsing chains. For example, consider the transformation that would need to be applied to the value inserted by the server in ...
Read now
Unlock full access