Download ArticleDownload ArticleThis article was co-authored by Jessica Andzouana. Jessica Andzouana is a Software Engineer based in the San Francisco Bay Area. With over five years of professional experience in front-end development, digital art, and design, she is passionate about emerging technologies such as blockchain and AI. Her background as both a programmer and artist, paired with a highly design-conscious mindset, provides her a fresh perspective and unique skill set to produce creative solutions in her field. She works at Alcacruz as a Software Engineer, and received a dual BS/BA degree from Santa Clara in Computer Science and Studio Art.
This article has been viewed 511,649 times.
JavaScript injection is a process by which we can insert and use our own JavaScript code in a page, either by entering the code into the address bar, or by finding an XSS vulnerability in a website. Note that the changes can only be seen by you and are not permanent. This is because JavaScript is a "client-side" language.
Steps
Sample Injections
You must enter the code in the URL address bar of the window. Try these injections:- Note - If you use Firefox, you will have to use another way, like cmd-shift-k on a Mac
- javascript:alert("Hello!");
- To bring up an alert box saying "Hello!":
javascript:alert("Hello"); alert("World");- To bring up 2 alert boxes, the one in the front will say "Hello" and once you click OK, the one saying "World" will appear:
Advertisement![Step 3 javascript:alert(document.forms[0].to.value="something")](https://www.wikihow.com/images/thumb/7/73/Use-JavaScript-Injections-Step-3-Version-2.jpg/aid119966-v4-728px-Use-JavaScript-Injections-Step-3-Version-2.jpg)
javascript:alert(document.forms[0].to.value="something")- To change the value of form [0] to something:
javascript:void(document.bgColor="blue")- To change the background color to blue. You can put any other color in the place of blue to change it to a different color:
javascript:alert("The actual url is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");- To see the real server name of the site you are looking at. You should use it if you think that you are viewing a spoofed website, or anytime just to make sure:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0);- To make pictures fly around. Make sure to find a site like Google Images so there are more pictures!(If you press the refresh button, it goes really fast, but might only work with macOS):
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.cos(R*x1+i*x1+x2)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0);- To spin circle of pictures. It funnels the pictures in a snake-like motion:
javascript:document.body.contentEditable='true';document.designMode='on';void 0- To move things around on the webpage:
![Step 3 javascript:alert(document.forms[0].to.value="something")](https://www.how.com.vn/todo/en/Image:Use-JavaScript-Injections-Step-3-Version-2.jpg)
Community Q&A
- QuestionIs this the equivalent of the JavaScript console?
Community AnswerYes; this is much less limited, though. The JavaScript console in the dev tools has features such as auto-completion and can show your history of executed commands. Additionally, you can check things such as break points for analyzing and debugging your code. - QuestionIn Step 3, how do I select a form? The example specifies forms[0], but how do I actually specify a certain form if the code has several forms within it?
Community AnswerYou can select forms from the website using document.forms. The forms[0] indicates that it is the 1st form on the page, because the collection starts at 0. You can make a form with the HTML form tag, and you can learn more at sites like w3schools.
Video
Tips
- Only you can see the changes.Thanks
- The changes are not permanent. It's a static change that won't affect any server information.Thanks
- If you're using a browser with an address bar that doubles as a search bar (e.g., Google Chrome), make sure that after you type in the JavaScript code, you select your address bar for processing the code, not the search function.Thanks
Expert Interview
Thanks for reading our article! If you’d like to learn more about dealing with html, check out our in-depth interview with Jessica Andzouana.
About This Article
Is this article up to date?
⚠️ Disclaimer:
Content from Wiki How English language website. Text is available under the Creative Commons Attribution-Share Alike License; additional terms may apply.
Wiki How does not encourage the violation of any laws, and cannot be responsible for any violations of such laws, should you link to this domain, or use, reproduce, or republish the information contained herein.
- - A few of these subjects are frequently censored by educational, governmental, corporate, parental and other filtering schemes.
- - Some articles may contain names, images, artworks or descriptions of events that some cultures restrict access to
- - Please note: Wiki How does not give you opinion about the law, or advice about medical. If you need specific advice (for example, medical, legal, financial or risk management), please seek a professional who is licensed or knowledgeable in that area.
- - Readers should not judge the importance of topics based on their coverage on Wiki How, nor think a topic is important just because it is the subject of a Wiki article.
