Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent execution of javascript from a browser's address bar?

Tags:

javascript

If I go to this page and then delete the url from my browser's address bar, and then enter

javascript:document.getElementById('rsidebar').value='dsf';

The whole part refreshes. How can I prevent a page from refreshing when executing javascript from the address bar?

Also, are there any other techniques to manipulate a page without having access to the page source like the above method?

like image 801
cometta Avatar asked Aug 18 '09 14:08

cometta


2 Answers

No, you cannot stop the user from manipulating the DOM.

You don't need to worry about people manipulating the DOM from the client-side. These changes only effect their local experience. They aren't actually affecting your site for other users.

You can easily manipulate the DOM using tools like Firebug, IEDeveloperToolbar, or Greasemonkey (Javascript engine).

like image 88
Sampson Avatar answered Oct 05 '22 03:10

Sampson


  1. When you do javascript:stuff(); and stuff() produces a return value, the whole page is replaced by it. You can prevent that by using javascript:void(stuff()); or javascript:stuff();void(0);
  2. Already answered by others :)
like image 37
Havenard Avatar answered Oct 05 '22 02:10

Havenard