Today, I read an article about "Do not believe...". It mentions javascript injection attack.
Yes, crazy! I do never know this problem.
In the url address input the code:
javascript:alert(window.c=function(){document.getElementById("Type").value = "change hidden value"}())
Test code:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>change hidden value</title>
<script type="text/javascript">
function showValue(){alert("Hidden value: " + document.getElementById("Type").value);}
</script>
</head>
<body>
<form>
<input type="hidden" id="Type" name="Type" value="hidden value" />
<input type="button" onclick="showValue();" value="View Hidden Value"/><br />
<textarea>
javascript:alert(window.c=function(){document.getElementById("Type").value = "change hidden value"}())</textarea>
</body>
</html>
浙公网安备 33010602011771号