The JavaScript load event is fired when a web page or a specific element on the page finishes loading. This event is typically used to trigger scripts or functions that depend on the page or element being fully loaded before they can run.
<!DOCTYPE html>
<html>
<head>
<!-- <script src="main.js"></script> -->
</head>
<body onload="alert('We are tracking You')">
</body>
</html>
The body element has an "onload" attribute that triggers an alert pop-up message saying "We are tracking You" when the page is fully loaded in the web browser.
<!DOCTYPE html>
<html>
<head>
<!-- <script src="main.js"></script> -->
<script>
function bad_stuff() {
alert("Something Bad");
}
</script>
</head>
<body onload="bad_stuff()">
</body>
</html>
This is an HTML document with a script tag in the head section defining a function named "bad_stuff". The body section has an onload attribute that calls the "bad_stuff" function when the page is loaded, triggering an alert with the message "Something Bad".
It's important to note that this example is purely for educational purposes, and intentionally creating harmful or malicious code is not acceptable.
There have been instances of abuse of the onload event in the past. One example is a technique called "onload abuse" or "onload hijacking", where malicious actors inject JavaScript code into the onload event of a webpage to perform actions without the user's knowledge or consent.
This technique has been used to distribute malware, steal sensitive information, and perform other malicious activities. As a result, many web browsers now have protections in place to prevent this type of abuse, such as blocking or warning users about suspicious onload scripts.
No comments:
Post a Comment