问题
Let's say that a user on my site has a cookie from another site and I know the cookie's name. Basically what I am trying to do is to give users a link to the address bar, and with it a Javascript code which will activate that cookie's value(lets call that cookie "Joe"). For example:
My site will give the user this link: Examplesite.com/page=(here is the code which will activate a specific cookie value with javascript or something)
the output will have to be something like this after reading the value: Examplesite.com/page=54 (lets say that the cookie's value was 54).
I can't do it with normal scripting, since I can't control Examplesite.com cookies (I do not own that website). So I figured, why not give the users a link which the browser will think that the user requested to accsses those cookies(and thats actually true, since he is pasting it), and not some random website. Then all the user will have to do is to paste the it into the address bar, and the address bar will activate it... I am not sure this is even possible. Any answer will be appreciated.
回答1:
Before the days of Firebug and other browser development tools, I used to type the following into the URL bar to see the sites cookies:
javascript:alert(document.cookie)
So, I just went to google.com, then tried this with Firefox 19, Chrome 26 and Safari 6 on my Mac (OS X 10.8).
Chrome let me type javascript:alert(document.cookie), but when I paste it into the URL bar, it stripped the javascript: and just pasted alert(document.cookie), which ran a google search.
Safari alerted the cookies on paste, but Firefox would not allow pasting, nor typing.
Those results were direct user input, and had mixed results. With a link from another site, and all the "cross domain" security issues, this is not going to work. If you think of it, this is really another form of a Cross-site scripting (XSS) attack.
来源:https://stackoverflow.com/questions/16135529/accessing-a-cookies-value-through-the-address-bar