Javascript stripped from URL bar?

Question

So with the most recent Facebook phishing scandal¹, Google Chrome (and, I assume, other browsers) disabled the ability to paste javascript directly into your URL bar. Well, it still lets you, but it strips the javascript: part.

I'm trying to find a work around to be able to directly paste javascript into the URL. Test it out for yourself:

javascript: alert('Hello World');

instantly (for me at least) strips the "javascript:" part of the code only in Google Chrome.

---

¹ Facebook Phishing Scandal - It's when people where copy-paste that JavaScript code into their URL and it'd invite all their friends to an event OR post something malicious on every friend's wall.

Answer 1

When coding a little yourself, you may find yourself needing to frequently prepend javascript: into the address bar.

Here are two ways to speed this up:

Add a search engine keyword entry with the keyword j and the URL javascript:%s.

Then you can do:

1. Ctrl+L
2. j
3. Space
4. Ctrl+V

(It also works like a charm, when you already have JS code in the address bar:

1. Home
2. j
3. Space

)

---

Autocompletion can save you a few keystrokes, if you don't want to create a search engine keyword entry.

It requires a quick preparation: Feed javascript into the address bar:

1. Ctrl+L
2. javascript
3. Enter

From then on, this shortcut is available:

1. Ctrl+L
2. j
   (javascript should be proposed as completion. Otherwise repeat submitting javascript in the address bar, until your browser promotes it to default completion for j.)
3. End
4. :
5. Ctrl+V

Answer 2

It is so in any version of Chrome. As I think they are trying to protect you from execution of dangerous code. There are some ways of solving it:

• Paste then type javascript: by hand
• Press F12, open console and execute the code (without javascript:) from there
• Add javascript link to favourites and execute just by clicking
• Make an extension or use some suitable one

Answer 3

Yes. Use normal developer console.

Answer 4

So with the most recent facebook phishing scandal, google chrome(and i assume other browsers) disabled the ability to paste javascript directly into your URL bar. Well it still lets you, but it strips the "javascript: " part.

IE9 and FF added this "protection" too... only Opera holds, for now. Still, it became even easier. Just trick your user to paste code into console. Same effect as with old snippets.