I know that we can create a bookmark with javascript: somecodegoeshere;
and we can use it to add some JavaScript for our client side as KickAss does.
But is it possible to create url to some page, e.g. youtube and include in this url script like kickass?
CodePudding user response:
No. What you are asking for is, essentially, an XSS attack.
XSS attacks depend on server vulnerabilities to read the data from the URL and inject it into a page in such a way that the browser executes that data as JavaScript.
They are a major security problem. Browsers do not aim to enable them.
CodePudding user response:
Here You have answer, and also agree with Quentin. Browser will not execute .js from URL.