Javascript 执行<;脚本>;使用.innerHTML插入的元素
我有一个脚本,它使用Javascript 执行<;脚本>;使用.innerHTML插入的元素,javascript,dom,eval,innerhtml,Javascript,Dom,Eval,Innerhtml,我有一个脚本,它使用innerHTML将一些内容插入到元素中 例如,内容可以是: <script type="text/javascript">alert('test');</script> <strong>test</strong> 你可以看一看。代码可能如下所示: var actualDivToBeUpdated = document.getElementById('test'); var div = document.createEleme
innerHTML
将一些内容插入到元素中
例如,内容可以是:
<script type="text/javascript">alert('test');</script>
<strong>test</strong>
你可以看一看。代码可能如下所示:
var actualDivToBeUpdated = document.getElementById('test');
var div = document.createElement('div');
div.innerHTML = '<script type="text/javascript">alert("test");<\/script>';
var children = div.childNodes;
actualDivToBeUpdated.innerHTML = '';
for(var i = 0; i < children.length; i++) {
actualDivToBeUpdated.appendChild(children[i]);
}
var actualDivToBeUpdated=document.getElementById('test');
var div=document.createElement('div');
div.innerHTML='alert(“test”);';
var children=div.childNodes;
actualDivToBeUpdated.innerHTML='';
对于(变量i=0;i
不应使用innerHTML属性,而应使用节点的appendChild方法:文档树[HTML DOM]中的节点。这样以后就可以调用注入的代码了
确保您了解node.innerHTML
与node.appendChild
不同。您可能需要花一些时间在Javascript客户机参考上,以了解更多详细信息和DOM。希望以下帮助
样品注入工程:
测试
函数doOnLoad(){
addScript('inject',“function foo(){alert('injected');}”);
}
函数addScript(注入,代码){
var_in=document.getElementById('inject');
var scriptNode=document.createElement('script');
scriptNode.innerHTML=代码;
_in.appendChild(脚本节点);
}
一些内容
试试这个片段:
function stripAndExecuteScript(text) {
var scripts = '';
var cleaned = text.replace(/<script[^>]*>([\s\S]*?)<\/script>/gi, function(){
scripts += arguments[1] + '\n';
return '';
});
if (window.execScript){
window.execScript(scripts);
} else {
var head = document.getElementsByTagName('head')[0];
var scriptElement = document.createElement('script');
scriptElement.setAttribute('type', 'text/javascript');
scriptElement.innerText = scripts;
head.appendChild(scriptElement);
head.removeChild(scriptElement);
}
return cleaned;
};
var scriptString = '<scrip' + 't + type="text/javascript">alert(\'test\');</scr' + 'ipt><strong>test</strong>';
document.getElementById('element').innerHTML = stripAndExecuteScript(scriptString);
函数条带和执行脚本(文本){
var脚本=“”;
var cleaned=text.replace(/]*>([\s\s]*?)/gi,function(){
脚本+=参数[1]+'\n';
返回“”;
});
if(window.execScript){
执行脚本(脚本);
}否则{
var head=document.getElementsByTagName('head')[0];
var scriptElement=document.createElement('script');
setAttribute('type','text/javascript');
scriptElement.innerText=脚本;
head.appendChild(scriptElement);
head.removeChild(scriptElement);
}
返回清洁;
};
var scriptString='alert(\'test\')测试';
document.getElementById('element').innerHTML=stripAndExecuteScript(脚本字符串);
OP的脚本在IE 7中不起作用。在SO的帮助下,以下是一个脚本:
exec_body_scripts: function(body_el) {
// Finds and executes scripts in a newly added element's body.
// Needed since innerHTML does not run scripts.
//
// Argument body_el is an element in the dom.
function nodeName(elem, name) {
return elem.nodeName && elem.nodeName.toUpperCase() ===
name.toUpperCase();
};
function evalScript(elem) {
var data = (elem.text || elem.textContent || elem.innerHTML || "" ),
head = document.getElementsByTagName("head")[0] ||
document.documentElement,
script = document.createElement("script");
script.type = "text/javascript";
try {
// doesn't work on ie...
script.appendChild(document.createTextNode(data));
} catch(e) {
// IE has funky script nodes
script.text = data;
}
head.insertBefore(script, head.firstChild);
head.removeChild(script);
};
// main section of function
var scripts = [],
script,
children_nodes = body_el.childNodes,
child,
i;
for (i = 0; children_nodes[i]; i++) {
child = children_nodes[i];
if (nodeName(child, "script" ) &&
(!child.type || child.type.toLowerCase() === "text/javascript")) {
scripts.push(child);
}
}
for (i = 0; scripts[i]; i++) {
script = scripts[i];
if (script.parentNode) {script.parentNode.removeChild(script);}
evalScript(scripts[i]);
}
};
@菲达。。。以下是一个非常有趣的解决方案: 所以它看起来是这样的:
scriptNode.innerHTML=code
不适用于IE。唯一要做的是替换为scriptNode.text=code
,它工作正常函数insertHtml(id,html)
function insertHtml(id, html)
{
var ele = document.getElementById(id);
ele.innerHTML = html;
var codes = ele.getElementsByTagName("script");
for(var i=0;i<codes.length;i++)
{
eval(codes[i].text);
}
}
{
var ele=document.getElementById(id);
ele.innerHTML=html;
var code=ele.getElementsByTagName(“脚本”);
对于(var i=0;i,感谢Larry的脚本,它在IE10中工作得非常好,这就是我使用的:
$('#' + id)[0].innerHTML = result;
$('#' + id + " script").each(function() { this.text = this.text || $(this).text();} );
使用jquery$(parent).html(code)
比使用parent.innerHTML=code
更容易:
var oldDocumentWrite = document.write;
var oldDocumentWriteln = document.writeln;
try {
document.write = function(code) {
$(parent).append(code);
}
document.writeln = function(code) {
document.write(code + "<br/>");
}
$(parent).html(html);
} finally {
$(window).load(function() {
document.write = oldDocumentWrite
document.writeln = oldDocumentWriteln
})
}
var oldDocumentWrite=document.write;
var oldDocumentWriteln=document.writeln;
试一试{
document.write=函数(代码){
$(父项).附加(代码);
}
document.writeln=函数(代码){
文件。写入(代码+“
”);
}
$(父).html(html);
}最后{
$(窗口)。加载(函数(){
document.write=oldDocumentWrite
document.writeln=旧文档writeln
})
}
这也适用于使用文档的脚本。编写和通过src
属性加载的脚本。不幸的是,即使这样也不适用于Google AdSense脚本。尝试函数eval()
data.newScript='//我的脚本…'
var元素=document.getElementById('elementToRefresh');
element.innerHTML=data.newScript;
eval(element.firstChild.innerHTML);
这是我正在开发的一个项目的真实例子。
多亏了Larry的扩展,我让它递归地搜索整个块和子节点。
该脚本现在还将调用使用src参数指定的外部脚本。
脚本被附加到头部,而不是插入并按找到它们的顺序放置。因此,特别是顺序脚本被保留。并且每个脚本都是同步执行的,与浏览器处理初始DOM加载的方式类似。因此,如果您有一个从CDN调用jQuery的脚本块,并且下一个脚本节点使用jQuery…否问题是,我根据您在tag参数中设置的内容,用一个序列化id标记了附加的脚本,以便您可以找到此脚本添加的内容
exec_body_scripts: function(body_el, tag) {
// Finds and executes scripts in a newly added element's body.
// Needed since innerHTML does not run scripts.
//
// Argument body_el is an element in the dom.
function nodeName(elem, name) {
return elem.nodeName && elem.nodeName.toUpperCase() ===
name.toUpperCase();
};
function evalScript(elem, id, callback) {
var data = (elem.text || elem.textContent || elem.innerHTML || "" ),
head = document.getElementsByTagName("head")[0] ||
document.documentElement;
var script = document.createElement("script");
script.type = "text/javascript";
if (id != '') {
script.setAttribute('id', id);
}
if (elem.src != '') {
script.src = elem.src;
head.appendChild(script);
// Then bind the event to the callback function.
// There are several events for cross browser compatibility.
script.onreadystatechange = callback;
script.onload = callback;
} else {
try {
// doesn't work on ie...
script.appendChild(document.createTextNode(data));
} catch(e) {
// IE has funky script nodes
script.text = data;
}
head.appendChild(script);
callback();
}
};
function walk_children(node) {
var scripts = [],
script,
children_nodes = node.childNodes,
child,
i;
if (children_nodes === undefined) return;
for (i = 0; i<children_nodes.length; i++) {
child = children_nodes[i];
if (nodeName(child, "script" ) &&
(!child.type || child.type.toLowerCase() === "text/javascript")) {
scripts.push(child);
} else {
var new_scripts = walk_children(child);
for(j=0; j<new_scripts.length; j++) {
scripts.push(new_scripts[j]);
}
}
}
return scripts;
}
var i = 0;
function execute_script(i) {
script = scripts[i];
if (script.parentNode) {script.parentNode.removeChild(script);}
evalScript(scripts[i], tag+"_"+i, function() {
if (i < scripts.length-1) {
execute_script(++i);
}
});
}
// main section of function
if (tag === undefined) tag = 'tmp';
var scripts = walk_children(body_el);
execute_script(i);
}
exec\u body\u脚本:函数(body\u el,标记){
//在新添加的元素主体中查找并执行脚本。
//需要,因为innerHTML不运行脚本。
//
//参数body_el是dom中的一个元素。
函数节点名(元素、名称){
返回elem.nodeName&&elem.nodeName.toUpperCase()===
name.toUpperCase();
};
函数evalScript(元素、id、回调){
变量数据=(elem.text | | elem.textContent | | | elem.innerHTML | | |“”),
head=document.getElementsByTagName(“head”)[0]||
document.documentElement;
var script=document.createElement(“脚本”);
script.type=“text/javascript”;
如果(id!=''){
script.setAttribute('id',id);
}
如果(elem.src!=''){
script.src=elem.src;
head.appendChild(脚本);
//然后将事件绑定到回调函数。
//跨浏览器兼容性有几个事件。
script.onreadystatechange=回调;
script.onload=回调;
}否则{
试一试{
//不适用于ie。。。
appendChild(document.createTextNode(数据));
}捕获(e){
//IE有时髦的脚本节点
script.text=da
data.newScript = '<script type="text/javascript">//my script...</script>'
var element = document.getElementById('elementToRefresh');
element.innerHTML = data.newScript;
eval(element.firstChild.innerHTML);
exec_body_scripts: function(body_el, tag) {
// Finds and executes scripts in a newly added element's body.
// Needed since innerHTML does not run scripts.
//
// Argument body_el is an element in the dom.
function nodeName(elem, name) {
return elem.nodeName && elem.nodeName.toUpperCase() ===
name.toUpperCase();
};
function evalScript(elem, id, callback) {
var data = (elem.text || elem.textContent || elem.innerHTML || "" ),
head = document.getElementsByTagName("head")[0] ||
document.documentElement;
var script = document.createElement("script");
script.type = "text/javascript";
if (id != '') {
script.setAttribute('id', id);
}
if (elem.src != '') {
script.src = elem.src;
head.appendChild(script);
// Then bind the event to the callback function.
// There are several events for cross browser compatibility.
script.onreadystatechange = callback;
script.onload = callback;
} else {
try {
// doesn't work on ie...
script.appendChild(document.createTextNode(data));
} catch(e) {
// IE has funky script nodes
script.text = data;
}
head.appendChild(script);
callback();
}
};
function walk_children(node) {
var scripts = [],
script,
children_nodes = node.childNodes,
child,
i;
if (children_nodes === undefined) return;
for (i = 0; i<children_nodes.length; i++) {
child = children_nodes[i];
if (nodeName(child, "script" ) &&
(!child.type || child.type.toLowerCase() === "text/javascript")) {
scripts.push(child);
} else {
var new_scripts = walk_children(child);
for(j=0; j<new_scripts.length; j++) {
scripts.push(new_scripts[j]);
}
}
}
return scripts;
}
var i = 0;
function execute_script(i) {
script = scripts[i];
if (script.parentNode) {script.parentNode.removeChild(script);}
evalScript(scripts[i], tag+"_"+i, function() {
if (i < scripts.length-1) {
execute_script(++i);
}
});
}
// main section of function
if (tag === undefined) tag = 'tmp';
var scripts = walk_children(body_el);
execute_script(i);
}
document.body.innerHTML = document.body.innerHTML + '<img src="../images/loaded.gif" alt="" onload="alert(\'test\');this.parentNode.removeChild(this);" />';
var setInnerHtml = function(elm, html) {
elm.innerHTML = html;
var scripts = elm.getElementsByTagName("script");
// If we don't clone the results then "scripts"
// will actually update live as we insert the new
// tags, and we'll get caught in an endless loop
var scriptsClone = [];
for (var i = 0; i < scripts.length; i++) {
scriptsClone.push(scripts[i]);
}
for (var i = 0; i < scriptsClone.length; i++) {
var currentScript = scriptsClone[i];
var s = document.createElement("script");
// Copy all the attributes from the original script
for (var j = 0; j < currentScript.attributes.length; j++) {
var a = currentScript.attributes[j];
s.setAttribute(a.name, a.value);
}
s.appendChild(document.createTextNode(currentScript.innerHTML));
currentScript.parentNode.replaceChild(s, currentScript);
}
}
var script = document.createElement('script');
script.innerHTML = 'console.log("hi")';
document.body.appendChild(script);
--> logs "hi"
var script = document.createElement('div');
script.innerHTML = '<script>console.log("hi")</script>';
document.body.appendChild(script);
--> doesn't log anything
var div = document.createElement('div');
div.id = 'test-id';
document.body.appendChild(div);
var script = document.createElement('script');
script.innerHTML = 'console.log("hi")';
document.getElementById('test-id').appendChild(script);
--> logs "hi"
var setInnerHTML = function(elm, html) {
elm.innerHTML = html;
Array.from(elm.querySelectorAll("script")).forEach( oldScript => {
const newScript = document.createElement("script");
Array.from(oldScript.attributes)
.forEach( attr => newScript.setAttribute(attr.name, attr.value) );
newScript.appendChild(document.createTextNode(oldScript.innerHTML));
oldScript.parentNode.replaceChild(newScript, oldScript);
});
}
$0.innerHTML = HTML; // does *NOT* run <script> tags in HTML
setInnerHTML($0, HTML); // does run <script> tags in HTML
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAAZdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjAuMjHxIGmVAAAADUlEQVQYV2P4//8/AwAI/AL+iF8G4AAAAABJRU5ErkJggg=="
onload="var script = document.createElement('script'); script.src = './yourCustomScript.js'; parentElement.append(script);" />
<iframe src='//your-orginal-page.com' style='width:100%;height:100%'
onload="var script = document.createElement('script'); script.src = './your-coustom-script.js'; parentElement.append(script);"
frameborder='0'></iframe>
window.exec_body_scripts = function(body_el) {
// ref: https://stackoverflow.com/questions/2592092/executing-script-elements-inserted-with-innerhtml based on Larry K's answer
// Finds and executes scripts in a newly added element's body.
// Needed since innerHTML does not run scripts.
//
// Argument body_el is an element in the dom.
const
type__Js = 'text/javascript',
tagName__Script = 'script',
tagName__Script__Upper = tagName__Script.toUpperCase();
var scripts = [], script, i;
function evalScript(elem) {
var parent = elem.parentNode,
data = (elem.text || elem.textContent || elem.innerHTML || ""),
script = document.createElement(tagName__Script);
script.type = type__Js;
try {
// doesn't work on ie...
script.appendChild(document.createTextNode(data));
} catch (e) {
// IE has funky script nodes
script.text = data;
}
// Make sure to re-insert the script at the same position
// to make sure scripts that target their position
// in the DOM function as expected.
var parent = elem.parentNode;
parent.insertBefore(script, elem);
parent.removeChild(elem);
};
// Get all scripts (recursive)
if (typeof (document.querySelectorAll) !== typeof (void 0)) {
document.querySelectorAll('script').forEach((scr) => { if (!scr.type || scr.type.toLowerCase() === type__Js) scripts.push(scr); });
}
else {
var children_nodes = body_el.childNodes, child;
for (i = 0; children_nodes[i]; i++) {
child = children_nodes[i];
if (
child.nodeName
&&
child.nodeName.toUpperCase() === tagName__Script__Upper
&&
(
!child.type
||
child.type.toLowerCase() === type__Js
)
) {
scripts.push(child);
}
// Recursive call
window.exec_body_scripts(child);
}
}
for (i = 0; scripts[i]; i++) {
evalScript(scripts[i]);
}
};