I want to be able to go onto e.g stackoverflow.com whilst doing alert("hi);
is there a way to do it in the link(e.g. stackoverflow.com&alert("hi");
)?
unfortunately that doesnt work.
when I do that it doesnt even think that it is a valid url,
please try find a way.
also, I am on a chromebook, and cannot use dev tools as my administrator blocked them.
2
Answers
"whilst going onto a web page" is the problem here. You can manually open developer tools with the
F12
hotkey (orCTRL+SHIFT+i
) and paste your code there, but you can’t execute JavaScript the moment that someone clicks a link and a website is open because that would be a really big security hole. Running your own JavaScript whitin a website context could lead to session stealing or user impersonation if your JavaScript is malicious, so making a user click a link and running your own javaScript code included in the link could lead to potential attacks that you want to avoid as an Internet user.That’s why web developers should take care of Cross-site scripting attacks (XSS) when developing websites, although nowadays almost all UI frameworks/libraries take care of them. Back in the days it was easier to have these kind of problems. For example MySpace had this problem.
EDIT:
The are some options:
javascript:alert("asd")
. It will run the code like running it in the developer console. You can also bookmark the JavaScript code. It leads to 2 actions: first open the link, second click the bookmarked JavaScript, but at least you can run your own code. This is the old-school way of having userscripts.You can install a userscript extension like Violentmonkey that can executes scripts on a particular domain pattern.
Just create a userscript that alerts the user when they visit a domain that matches the
@match
config.