neo neo - 1 month ago 10
HTML Question

Why can't browser render this simple javascript code?

I was trying to show a simple image in the browser with this piece of code.But it shows error saying:


403 error forbidden.


On more evaluation I found out that the http request sent was sent in the form

http://localhost/test/%22http://graph.facebook.com/4/picture?type=square%22%3E%20%3C/img%3E


which is my local webserver address. Is this a cross-site scripting issue ?

<html>
<head>
<script>
function onclickfunction(){
var a = document.createElement('img');
a.src ='"http://graph.facebook.com/4/picture?type=square"';
document.body.appendChild(a);
}
</script>
<body>
<button onclick= "onclickfunction();"> Click Me!</button>
</body>
</html>

Answer

Try removing the enclosing single quotes from the URL:

a.src ="http://graph.facebook.com/4/picture?type=square";