javascript evaluation possible through DOM 0 event attributes
Hi devs,
would like to leave a note on this, seem interesting and maybe can be
used as an alternative to globalEval.
It turns out that we have another way to evaluate javascript strings
easily, namely by using setAttribute() to assign a string value to
some specific attribute like the DOM 0 (or in-line) event.
So, at first I tried using the standard body "onload" attribute, but I
in IE that didn't work as in FF.
Then I did some test with an image and that worked both in FF and in
IE (believe it works in other browsers too).
var img = document.createElement('img'); // or just new Image();
img.setAttribute("onabort", "function () {}"); // onerror, onload also
works
alert(typeof img.onload); // yeld function instead of string...good.
I was thinking to this while thinking to Air, Caja and similars.
Evil...good...useful ?
Your thoughts appreciated.
--
Diego Perini