The following code in my free nodelet loaded and executed code from my scratchpad:
<h5>embeddingtest</h5> <!-- <script> function evalFrame(iframe) { var html =iframe.contentDocument.body.innerHTML; html=html.replace(/^<pre>/,""); html=html.replace(/<\/pre>$/,""); eval(html) } </script> <iframe name="embed" height=30 width=150 onload="evalFrame(this)" styl +e="display:none" src="index.pl?abspart=1;displaytype=displaycode;node +_id=708739;viewmode=public;part=1"></iframe>
(my example code changes the title of the window, without stopping the build up of the page like alert() does)
just some notes:
1. With my method I needed to truncate some html-code, now I realize that it's the browser who inserted this code by itself.
2. "viewmode=public;" was necessary for me because sometimes the server choosed my private scratchpad instead.
3. The extra request slows down the browser and server.
4. IMHO you don't need jQuery for XmlHttpRequests, why do you think so?
Why do you consider sharing JS-code as a risk? An intruder can only manipulate pages within the perlmonks sandbox not my online banking. IMHO using opensource software is a much higher risk...
Cheers Rolf
In reply to Re^2: Sharing JS-Code on perlmonks.org
by LanX
in thread Sharing JS-Code on perlmonks.org
by LanX
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |