Script inserted with append not executing?

E

Egor Sabyanin2021-03-14 05:05:16

JavaScript

Egor Sabyanin, 2021-03-14 05:05:16

I entered in the input field , but everything is displayed as text and nothing is executed, how to solve?<script>alert(5)</script>

<!DOCTYPE html>
<html lang="ru">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Hacked</title>
</head>
<body>
    <input id="in" type="text">
    <button id="submit">Отправить</button>

    <script>
        let input = document.querySelector('#in');
        let button = document.querySelector('#submit');

        button.addEventListener('click', () => {
            let p = document.createElement('p');
            p.append(input.value);
            document.body.append(p);
        });

    </script>
</body>
</html>

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexey Dubrovin, 2021-03-14
@EgoSab

Why should it be fulfilled?
append - https://learn.javascript.ru/modifying-document
It adds nodes or strings to the end of a node.

N

Nadim Zakirov, 2021-03-14
@zkrvndm

To execute code from a string you can use eval()
Take text from a field and shove it into eval()

G

GrayHorse, 2021-03-14
@GrayHorse

const script = document.createElement("script");
script.textContent = `alert("#$!");`;
document.body.append(script);