Question 60942 in Javascript Question posted in
A very good W3school tutorial can be found here.

can you run javascript commands whilst going onto a web page?

I want to be able to go onto e.g stackoverflow.com whilst doing alert("hi);

is there a way to do it in the link(e.g. stackoverflow.com&alert("hi");)?

unfortunately that doesnt work.

when I do that it doesnt even think that it is a valid url,

please try find a way.

also, I am on a chromebook, and cannot use dev tools as my administrator blocked them.

Tags:

2

Answers


  1. 0

    "whilst going onto a web page" is the problem here. You can manually open developer tools with the F12 hotkey (or CTRL+SHIFT+i) and paste your code there, but you can’t execute JavaScript the moment that someone clicks a link and a website is open because that would be a really big security hole. Running your own JavaScript whitin a website context could lead to session stealing or user impersonation if your JavaScript is malicious, so making a user click a link and running your own javaScript code included in the link could lead to potential attacks that you want to avoid as an Internet user.

    That’s why web developers should take care of Cross-site scripting attacks (XSS) when developing websites, although nowadays almost all UI frameworks/libraries take care of them. Back in the days it was easier to have these kind of problems. For example MySpace had this problem.

    EDIT:
    The are some options:

    • You can install an extension like Tampermonkey and create your own userscript or
    • There’s a usually forgotten way to run your own JavaScript code: You can first enter the website, and after that write in the URL: javascript:alert("asd"). It will run the code like running it in the developer console. You can also bookmark the JavaScript code. It leads to 2 actions: first open the link, second click the bookmarked JavaScript, but at least you can run your own code. This is the old-school way of having userscripts.
      enter image description here
    Login or Signup to reply.
  2. 0

    You can install a userscript extension like Violentmonkey that can executes scripts on a particular domain pattern.

    Just create a userscript that alerts the user when they visit a domain that matches the @match config.

    // ==UserScript==
// @name          Stack Overflow Greeter
// @namespace     Violentmonkey Scripts
// @match         https://stackoverflow.com/*
// @grant         none
// @version       1.0.0
// @author        Mr. Polywhirl
// @description   Alert "Hi!" on Stack Overflow
// ==/UserScript==
(function() {
  alert('Hi!');
})();
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search