How do I run a script in HTML without a <script> tag?

Question

How do I run a script in HTML without a <script> tag?

I'm using WaveMaker's low code development platform right now, and it gives you the ability to customize the "markup" of the page (HTML but you can't edit <head>

, it's all weird), Javascript of the page, especially with events like onpageload, etc. , page style (CSS) and page variables (JSON). I'm trying to implement a Formstack of a form, but every time the markup section encounters a tag <script>

, it removes everything after the tag ends. This is what the markup page looks like. I contacted support and they seemed to indicate that it was on purpose. Is there a way to make the HTML version of the script included in a string without being told <script>

? PS: I would be able to implement with iFrames, but for some reason iFrames are not working on the iPhone test program even though they are running on a simulator.

+5

javascript html wavemaker

user8167940 June 15. 17 at 18:52

source to share

3 answers

Aenadon · Answer 1 · 2017-06-15T18:59:19+0000

What you can do is put it in an HTML event attribute.

<body onload="/*your JS here*/">

</body>

If that doesn't work, try attaching onload to another HTML element, or try one of the other event handlers (although I believe they should have taken that into account as well)

Riaz Laskar · Answer 2 · 2017-06-15T19:25:27+0000

How about this:

<body onload="javascript:(function(){
// you can place your code here it should run
alert('ok')
})()">

</body>

DaWe · Answer 3 · 2019-10-04T14:14:06+0000

In Avatao Senior the Career the Path have the Career hacking task to which you want to insert malicious JavaScript code, but the & lt; script & gt; filtered by tags (no other tags). Aenadon's answer gave me one solution:

<body onload="your JS here"> </body>

After submitting, I checked the official solution and found that:

<img src="x" onerror=alert('xss')>

How do I run a script in HTML without a <script> tag?

More articles: