Web Reflection: Simulate Script Injection Via Data URI

Wednesday, August 24, 2011

Simulate Script Injection Via Data URI

Well, not only downloads on the fly, the data uri works for almost everything ( only iOS 5 beta does not want to work with inline data uri AUDIO sources .... but this is another story ... ) ... so ...

How To Simulate Script injection

Let's say you want a test but you don't want to bother a server. However, you want to be sure the test is asynchronous and it simulates the server.


var

    head = document.getElementsByTagName("head")[0],

    script = document.createElement("script")

;

head.insertBefore(script, head.lastChild);

script.src = "data:text/javascript;base64," + btoa(

    "alert('Hello World')"

);

How To Simulate JSONP

Same trick, isn't it? ... except:


script.src = "data:text/javascript;base64," + btoa(

    "callback(" + JSON.stringify(dummyData) + ")"

);

How To Drop Server Requests

well, this is the tricky one ...

Surely there is some job to do in the createResponse() function but ... hey, we can stop bothering servers now ;)

3 comments:

check_ca said...: What about not encoding into base64 the script src ?

e.g.:

script.src = "data:text/javascript;,alert('Hello World')";; 24 August, 2011 21:19
Andrea Giammarchi said...: it may have unexpected behavior with non ascii char due attribute restrictions.

Indeed even btoa is not enough, base64.encode(whateverItIs) is much better; 24 August, 2011 21:39
Andrea Giammarchi said...: P.S. btw ... that was kinda *not* the point about the whole post but thanks for pointing it out; 24 August, 2011 21:40