Request for a script injection program in java language

public class ScriptInjector {

public static void main(String[] args) {

System.out.println("puts 'Hello world'");

}

}

Now compile this and execute it anywhere you wish to inject some script.

Good Luck

Lee

tsitha at 2007-7-29 14:13:10 >

thanks for ur reply

i want to use script injection in servlets

my program is

import java.io.*;

import javax.servlet.*;

import javax.servlet.http.*;

public class demo extends HttpServlet

{

public void service(HttpServletRequest req,HttpServletResponse res)

throws ServletException,IOException

{

try

{

PrintWriter out=res.getWriter();

String vuname=null;

vuname=req.getParameter("uname");

System.out.println("uname="+vuname);

out.println("hai"+vuname);

}

catch (Exception ex)

{

System.out.println(ex);

}

}

}

i want to inject the script in username field

plz give me some other information

shankar_la at 2007-7-29 14:13:10 >

> i want to inject the script in username field

Then in the output you send to the browser client, instead of sending simple text like this:

> out.println("hai"+vuname);

you'd send appropriate script tags like this:

out.println("<script language='javascript'>alert('hai'" + vuname + "');</script>");

warnerjaa at 2007-7-29 14:13:10 >

thanks for ur reply

but its not working

out.println("<script language='javascript'>alert('hai'" + vuname + "');</script>");

plz help me

shankar_la at 2007-7-29 14:13:10 >

> There is no way to make a browser execute a script

> unless the browser first makes a request, and then

> decides to evaluate some portion of the response as a

> script. This is the basic nuts & bolts of http. If

> I'm guessing right about what you want to do, then

> basically what you need is:

>

> Somepage.html

> > ..HTML Document header...

> <head>

> ...

> <script language="javascript" type > "text/javascript">

> function askForAScript() {

>targetURL = "http://myserver/myservlet";

> myRequest = new XMLHttpRequest();

>myRequest.open(targetURL);

> myRequest.setRequestHeader('Content-Type',

> 'application/x-www-form-urlencoded; charset=utf-8');

>

>myRequest.send();

> myScript = myRequest.responseText;

>eval(myScript);

> window.onload = askForAScript;

> </script>

> </head>

> <body>...</body>

>

>

> then, on the server side, in the 'MyServlet' class

> > import java.io.*;

> import javax.servlet.ServletException;

> import javax.servlet.http.*;

> public class MyServlet extends HttpServlet {

>public void

> doGet(

> HttpServletRequest request,

> HttpServletResponse response

>)

> throws ServletException, IOException

>{

>response.setContentType("text/xml");

>PrintWriter out = response.getWriter();

> out.println("alert(\"This is a pushed

> script.\");");

>out.close();

> }

>

>

> of course, all of this code is an approximation. But

> it should give you the basic idea...

Well that's a bunch of baloney. Web sites deliver client-side scripts all the time as part of their output from a request, without the client having to go thru any hoops to get it or evaluate it like you're suggesting.

For example, a web page could simply contain something like:

<html><body><script language="javascript">alert('Hey!');</script></body></html>

and if you request that page via a normal browser, and don't have script disabled, it will execute the script when it gets delivered to you.

warnerjaa at 2007-7-29 14:13:10 >

Actually, a fairer objection would be that I'm bastardizing the XMLHttpRequest object, as I'm not sending XML from the servlet, and I'm not evaluating the response as XML. Also, I'm lying about my MIME type...

dcaudella at 2007-7-29 14:13:10 >