Sample method interpretation for executing arbitrary HTML code in javascript

  • 2020-03-30 01:04:20
  • OfStack

Today I came across a situation in my code where the javascript eval () function cannot execute HTML code, such as:
 
<script>eval('<li>hehe</li>')</script> 

The code will not be executed, but it can be executed by changing it to the following:
 
<script>eval('</script><li>hehe</li><script>')</script> 

Related articles: