Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Javascript stripped from URL bar?

So with the most recent Facebook phishing scandal1, Google Chrome (and, I assume, other browsers) disabled the ability to paste javascript directly into your URL bar. Well, it still lets you, but it strips the javascript: part.

I'm trying to find a work around to be able to directly paste javascript into the URL. Test it out for yourself:

javascript: alert('Hello World');

instantly (for me at least) strips the "javascript:" part of the code only in Google Chrome.


1 Facebook Phishing Scandal - It's when people where copy-paste that JavaScript code into their URL and it'd invite all their friends to an event OR post something malicious on every friend's wall.

like image 458
Evan Hantverk Avatar asked Oct 08 '11 16:10

Evan Hantverk


4 Answers

When coding a little yourself, you may find yourself needing to frequently prepend javascript: into the address bar.

Here are two ways to speed this up:

Add a search engine keyword entry with the keyword j and the URL javascript:%s.

Then you can do:

  1. Ctrl+L
  2. j
  3. Space
  4. Ctrl+V

(It also works like a charm, when you already have JS code in the address bar:

  1. Home
  2. j
  3. Space

)


Autocompletion can save you a few keystrokes, if you don't want to create a search engine keyword entry.

It requires a quick preparation: Feed javascript into the address bar:

  1. Ctrl+L
  2. javascript
  3. Enter

From then on, this shortcut is available:

  1. Ctrl+L
  2. j
    (javascript should be proposed as completion. Otherwise repeat submitting javascript in the address bar, until your browser promotes it to default completion for j.)
  3. End
  4. :
  5. Ctrl+V
like image 151
Aaron Thoma Avatar answered Nov 09 '22 06:11

Aaron Thoma


It is so in any version of Chrome. As I think they are trying to protect you from execution of dangerous code. There are some ways of solving it:

  • Paste then type javascript: by hand
  • Press F12, open console and execute the code (without javascript:) from there
  • Add javascript link to favourites and execute just by clicking
  • Make an extension or use some suitable one
like image 28
Qwertiy Avatar answered Nov 09 '22 05:11

Qwertiy


Yes. Use normal developer console.

like image 37
genesis Avatar answered Nov 09 '22 06:11

genesis


So with the most recent facebook phishing scandal, google chrome(and i assume other browsers) disabled the ability to paste javascript directly into your URL bar. Well it still lets you, but it strips the "javascript: " part.

IE9 and FF added this "protection" too... only Opera holds, for now. Still, it became even easier. Just trick your user to paste code into console. Same effect as with old snippets.

like image 20
c69 Avatar answered Nov 09 '22 05:11

c69