Created
August 4, 2018 13:04
-
-
Save jamesmcallister/c3fd8aaf0ff43942f83464da719cbcec to your computer and use it in GitHub Desktop.
eval js code in an iframe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <meta http-equiv="X-UA-Compatible" content="ie=edge"> | |
| <title>Document</title> | |
| </head> | |
| <body> | |
| <script> | |
| window.addEventListener('message', event => { | |
| if (event.origin !== (window.location.protocol + "//" + window.location.host)) | |
| return; | |
| const mainWindow = event.source; | |
| let result; | |
| try { | |
| result = eval(event.data); | |
| } catch (err) { | |
| result = 'eval() threw an exception.'; | |
| } | |
| mainWindow.postMessage(result, event.origin); | |
| }); | |
| </script> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <meta http-equiv="X-UA-Compatible" content="ie=edge"> | |
| <title>Document</title> | |
| </head> | |
| <body> | |
| <textarea id='code'>let camel = 'duck'; camel</textarea> | |
| <button onclick='handelSubmit()'>click</button> | |
| <iframe sandbox='allow-scripts' id='targetFrame' src='iframePage.html' style="display: none;"></iframe> | |
| <pre><code id='code-result'></code></pre> | |
| <script> | |
| function handelSubmit() { | |
| let code = document.getElementById('code').value; | |
| document.getElementById('targetFrame') | |
| .contentWindow.postMessage(code, '*') | |
| }; | |
| window.addEventListener('message', event => { | |
| let codeResult = document.getElementById('code-result'); | |
| if (event.origin === "null" | |
| || (event.origin === (window.location.protocol + "//" + window.location.host) | |
| && eevent.source === unsandboxedFrame.contentWindow)) { | |
| codeResult.innerHTML = event.data | |
| } | |
| }); | |
| </script> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment