Hello! So basically, what I am trying to achieve is making an executor on a website where I would type in JavaScript on one page, click execute, and it would send and execute that JavaScript into a different tab on Chrome.
I know this might pose a security risk, but I am trying to find a way to do it. Is there a way I can do “cross-site scripting”?
As a reminder bypassing isn’t allowed. But you cannot arbitrarily execute JS across domains.
Try using a bookmark instead, if your intent is to use javascript:
Or you can create a browser extension too. Extensions have more privileges than regular web pages and can interact with multiple tabs. You can create an extension where a user can input JavaScript, and the extension can then run this script on a different tab.
Hmmm, considering that they are allowed to create and open local HTML files on the device, they can write HTML files with embedded JavaScript and open them in the browser…
I really don’t know how US school system works and their restrictions.
I think that would work, considering that I could do that in my Google drive and it work somehow (Chromebooks mount your Google drive kinda like an actual drive)
Not necessarily. DevTools is blocked on my school computers, but bookmarklets weren’t, meaning I could inject Eruda into the page and use it as a mini DevTools.
Sorry for the extremely late replies but my intent is I’m making a javascript executor called “aluminum”, and you type code in the executor and it will execute it into your chrome tab. If I could figure out how to do “cross-tab scripting” or whatever you call it, it could very much work out.