I tried required attribute of input tag in HTML. When user inputs empty value, browser should pop up a warning Please fills out this field.
It works fine in Chrome browser, but when I use Firefox (version 53.0), the pop up seems like immediately disappear. Here is my test code:
<!DOCTYPE html>
<html>
<head>
<title>Testing</title>
</head>
<body>
<form>
<input type="text" required />
<button type="submit">Submit</button>
</form>
</body>
</html>
Do you know how to fix it? And if can't be fix, can you explain why Firefox doing it?
Update 1: It works on Firefox on Windows. But it still doesn't work on Firefox on Ubuntu (16.04).
I have your code work successfully in Firefox (53.0.2) but could you please try this:
<!DOCTYPE html>
<html>
<head>
<title>Testing</title>
</head>
<body>
<form>
<input type="text" name="somename" required>
<button type="submit">Submit</button>
</form>
</body>
</html>
I made two changes:
In HTML, the tag has no end tag but in XHTML.
Add name attribute because of some possible dependencies.
Related
I'm trying to make a paging using this again. Mind you that I already tried this code line on a different project and it works flawlessly, but now it refuses to do anything when I click at it. All it did was refresh the page, there's no error in the console, there's no error on the code, there's nothing else I can think of.
<button class="page" onclick="window.location.assign('?PageGet=<?= $phpValue?>')">Go To</button>
The issue MUST lie elsewhere. If you consider this very basic emulation of your problem you will find that this works 100% OK
<?php
$phpValue='?ca=1&sc=2&st=3&p=4';
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset='utf-8' />
<title></title>
</head>
<body>
<button class="page" onclick="window.location.assign('?PageGet=<?= $phpValue?>')">Go To</button>
</body>
</html>
I am trying to learn about XSS vulnerabilities and am having some issue grasping the concept. I have a test site http://mytestpage/index.html and am trying to launch an alert box via xss from a secondary page http://xsstest.html. I can not seem to get the alert to occur. I think my issue is that the code from my xsstest page is not injecting into my mytestpage/index.html page. I am trying to use innerhtml as the posts I read seemed to leverage this in XSS testing. I am fairly certain that I am not using the innerhtml correctly or pehaps it is not the right "tool for the job" and i am running down the wrong path. Any suggestions would be appreciated.
My code for the XSS test is as follows:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>XSS TEST PAGE</title>
</head>
<body>
<body onload="document.forms[0].submit()">
<form method="POST" id="test" onsubmit="test()" action="http://mytestpage/index.html" >
</form>
</body>
<script>
function test(){
alert("Hiya buddy!");
}
document.getElementById().innerHTML = test();
</script>
</html>
The test homepage code is as follows:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>My Test Home Page</title>
</head>
<body>
<form method="post">
<label>Enter Your Name:</label>
<input type="text" name="myname">
<button class="btn" type="submit" name="action" value="submit">Submit</button>
</form>
</body>
</html>
This right here is no bueno:
<script>
function test( ){
alert("Hiya buddy!");
}
document.getElementById().innerHTML = test();
</script>
document.getElementById() requires you pass it the ID of an element. So, for example, if there's a div on the page with the ID of #alert, you'd do document.getElementById('alert').
You also can't assign a function to the inner HTML of an element. You need to create a script element and then append it to the document or another element. Instead, try:
<script>
let myTest = document.createElement('script')
myTest.text = `
function test() {
alert('Hiya buddy!')
};
test();
`
const body = document.querySelector('body')
body.appendChild(myTest)
</script>
You are not doing XSS. You are simply displaying alert upon form submission. That too has error that document.getElementById() requires a id to select the element.
XSS is done where you have some input to enter. SO you cannot do XSS in XSStest page but you can do it from test home page code by changing it as
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>My Test Home Page</title>
</head>
<body>
<form method="post" action="some page url">
<label>Enter Your Name:</label>
<input type="text" name="myname">
<button class="btn" type="submit" name="action" value="submit">Submit</button>
</form>
</body>
And Suppose the page whose url you have given in action attribute is like
<!DOCTYPE html>
<HTML>
<body>
Name is: <%=request.getParameter("myname")%>
</body>
</HTML>
I have assumed you are using jsp here.
Now when you enter XSS payload in inputbox in this page and submit it the page whose url you have given will open up and display the alert as you have not sanitized the input value before using it in second page.
Here is my simple html file, I ran on firefox 47; the autocomplete attribute does not have any effect.
I'm expecting press "down" arrow will show my history. However, it does not work. Why?
Note1: I've checked Firefox | Options | Privacy | Firefox will: Remember History; I've also disabled all add-ins and restarted Firefox; still not work.
Note2: these code are just running on client browser, I don't need a form to submit to server. All I need is to click the button, then retrieve the text from input and do something in JavaScript.
<!DOCTYPE html>
<html>
<head>
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
<script type="text/javascript">
function runCommand(command_str) {
};
</script>
</head>
<body>
<input id="command_text" type="text" autocomplete="on" size="80" >
<button onclick="runCommand(document.getElementById('command_text').value)">Run Command</button>
</body>
</html>
This happens because you have not wrapped your inputs in a form.
Please wrap it in a form like below and autocomplete attribute to the form too. Also name your parameter.
<form autocomplete="on">
<input id="command_text" type="text" autocomplete="on" name="command_text" size="80" >
<button onclick="runCommand(document.getElementById('command_text').value)">Run Command</button>
</form>
I'm working in ORMB and have an input element like this
<input id="charVal" class="oraInput" oraField="charVal">
I want to dynamically add an oraSearch attribute using Javascript but it's not working
document.getElementById("charVal").setAttribute("oraSearch","CM_SR_CHAR");
Though if I try with other attributes, it's working fine. Also if I add the oraSearch statically like below, then also it's working
<input id="charVal" class="oraInput" oraField="charVal" oraSearch="CM_SR_CHAR">
I believe the problem is in the DOM path for the JavaScript code.
I tried to put the script from the <head> and it didn't work, like this:
<!DOCTYPE html>
<html>
<head>
<script>
document.getElementById("charVal").setAttribute("oraSearch","CM_SR_CHAR");
</script>
</head>
<body>
<input id="charVal" class="oraInput">
</body>
</html>
But, if you put it in the body, it works fine:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<input id="charVal" class="oraInput">
<script>
document.getElementById("charVal").setAttribute("oraSearch","CM_SR_CHAR");
console.log(document.getElementById("charVal"));
</script>
</body>
</html>
Note: if you are taken the script from another file put the <script></script> inside the <body>
I'm newbie with jQuery and I my facing the following problem.
I'm trying to use a mask, but the script doesn't work. At all.
The code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="js/jquery.maskedinput.js" type="text/javascript"></script>
<script>
$( document ).ready(function() {
$("#date").mask("99/99/9999",{placeholder:"mm/dd/yyyy"});
$("#phone").mask("(999) 999-9999");
$("#tin").mask("99-9999999");
$("#ssn").mask("999-99-9999");
});
</script>
</head>
<body>
<input type="text" id="date">
<input type="text" id="phone">
<input type="text" id="tin">
<input type="text" id="ssn">
</body>
</html>
What's wrong?
I'm using the plugin from this site: http://digitalbush.com/projects/masked-input-plugin/
I checked the code. And I used this latest jQuery Mask Plugin. It works.
Here are some examples , they might help.
Only change I did is
<script src="jquery.mask.min.js" type="text/javascript"></script>
You may have put your files in wrong location.
You can check those using the built in inspect element functionality (right click and you can see it) in Google chrome. If the console indicate missing .js files you can correct them.
There are ways for other browser to check those also.
It looks like maskedinput.js either not be found or there is something wrong in this script
change from
<script src="js/jquery.maskedinput.js" type="text/javascript"></script>
to
<script src="http://digitalbush.com/wp-content/uploads/2013/01/jquery.maskedinput-1.3.1.min_.js" type="text/javascript"></script>