Alternative to "javascript:" in URL bar

Hello! This is a REALLY random question, but I have been trying to find alternatives to “javascript:” or “javascript://” in the URL bar.

Basically, how it works is when you do “javascript:” in the URL bar of chrome, followed by your javascript code, it would execute it, Like this:

javascript:alert(“Hello!”); void 0

This would essentially execute an alert that says Hello on the webpage. However, I am trying to find an alternative to that, because my school blocked it for no reason whatsoever.


If they spend the time to block it, they have a reason to do it, any method that allows the execution of JavaScript in the browser comes with potential security risks.

You can try using the WebDeveloper Tools of each browser to try run those things but be aware if you keep trying various methods the school network may be watching over and that can be a way to get you into a problem.


There’s also a semi-misleading article about it that I suspect a bunch of schools saw about it:

Tbh, the only people using the bookmarklets know what they are doing, and are unlikely to be executing untrusted stuff, rather they’re running stuff like adding eruda to a page to help with dev or smth.


I meant to say that they could had something like an incident in the past and that’s why they came up with the reason to block it.

But my main reason is that if op decided doing that and the school (finds out) decides to punish him even if what he did lead to nothing (I saw this happening in the past).

1 Like

AFAIK, nothing happened in my district, but they blocked it anyways.


The only reason I can think of why they blocked it was because they saw me having fun :laughing:

Jokes aside, that article is misleading. “screw up school sites” it’s just javascript.


Yeah. Even the comments on that article state some legitimate use cases. (Dark mode, auto login, etc)


If execution of Javascript could be prone to security risks, whats stopping glitch or replit users making repls full of malicious javascript?

1 Like

I just read the article, and 85% of the information being provided in the article is false. The part where you can “embed any game to any webpage” is false because it’s exactly like just visiting the website, and their example is blocked by 99% of school districts for obvious reasons. And just like you said, everyone who is using bookmarklets knows what they are doing.

For the part where it says “bypass school restrictions”, I have only ever used 1 “proxy” bookmarklet, and all that it did was load a Google Translate version of the website, which inherently unblocked the page. However, it was very slow, and you couldn’t go to any other page on the site.

For the part where it said “Young students do not know what they are doing”, that is very broad, as they are saying all young students do not know what they are doing with bookmarklets.

I wish the person writing the article researched what they were posting.


Repls without a HTML component run on Replit’s machines rather than on yours, meaning your machine is safe. For Repls with a HTML component, it is entirely possible that someone makes a malicious Repl, although generally on the cover page and in the Repl editor you’re safeish since iframes restrict JavaScript functionalities.


Just a note that the only way to do that is to fork a Repl now, and you could certainly have the Repl prompt to be opened in a new tab to be displayed properly. (Which could both have malicious and non-malicious intent. Malicious: Bad script that can’t run in an embed, Non-Malicious: It won’t display properly on a smaller window, or some JS it runs malfunctions in an iframe)


Oh, okay, that makes sense. Thanks for letting me know. I won’t run into any malicious repls that could do damage.


I’d be surprised if this works, but you could try creating a Selenium script and then sneak it into the school device, e.g. through onedrive/google drive. You can compile it into an executable using cython --embed


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.