Script Through the Url

Script Through the Url
0

#1

I was wondering if you can run a script on the page through the url
like (www.site.com/put the script here)
so if i send it to someone it would work like if the person executed it in the console
like if you translate the code into ASCII format and used the String.fromCharCode and the eval functions then convert the line into url format it would probably work?


#2

Encoding a script in a URL is probably possible, if it’s a small script. It’s up to the server to decode it. I’m not sure why you would want to do this as code is generally sent to the client in the body of an HTTP response.


#3

I saw a security warning on Twitter a few days ago in which scripts passed through the URL were part of the attack, but I don’t have anymore details than this:


#4

Yowza. Here’s an analysis linked to in the comments: https://gist.github.com/timruffles/5c76d2b61c88188e77f6

I didn’t think there was a way to interpret tags from the URL. That is gosh darn crafty.


#5

Also, <3 Tom Scott. :heart::heart::heart::heart: