Playing with Javascript

Browsing the internet today, I could read a javascript trick that kept my attention. You can type javascript sentences in the location bar and they can have efect on the current document. That is, you can type something like this (literally, in one line):

javascript:document.forms[0].getElementById('myReadOnlyEntry')
.readOnly=false;void(0);

…and get read-write an original read-only entry whose id=”myReadOnlyEntry”. NOTE: the void(0) is required in order to avoid the submission of the form.

The best of all is that you can define a new “bookmark” that doesn’t link to an ordinary URL, but to a javascript sentence one. By this way, you can do changes over the current web page.

Some other curious things you can do using this technique are to replace a previous given function already present in the document. In this example we redefine a form checking function in the current document:

javascript:formCheck=function(){return true;};void(0);

Those discoverings have frightened me. What if a hacker writes a web page, hidden frame or underlying web page that creates a javascript timer and from time to time it tries to read values from input boxes of other opened web pages? Can it be a phishing threat? Is this technique already being using by crackers? It’s frightening… 🙁