Home > security > Javascript injections in a select-option form.

Javascript injections in a select-option form.

August 22, 2010 Leave a comment Go to comments

Many resources are available concerning Javascript injections.

However, most of these suggest one uses something such as:

javascript:alert(document.forms[0].to.value=”something”)

This will not work correctly on a form such as the one below:

<form action="" method="post">
 <select name="name">
 <option value="apple">A</option>
 <option value="banana">B</option>
 <option value="coconut">C</option>
 </select>
 <input type="submit" value="Letter" />
</form>

In order to change the values of a form which uses the <select> and <option> format. In order to access these elements using Javascript, try the following:

javascript:alert(document.forms[0].name.options[0].value=”peach”)

That will make it so that submitting the form with letter ‘A’ selected will submit a value of “peach”, instead of “apple” as the original code would have.

Advertisement
Categories: security Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.