I've been working on a project that basically needs to do some trickery one a page we have no control over. We can only insert some text at the top and add a few extra fields etc. Now, luckily as it doesn't do any HTML escaping I've come up with this solution:
- Script uses W3C DOM to parse the page and work out some bits of information we've cleverly hidden in some white on white text
- Script writes out a <script> tag to load an external Javascript file which is actually a perl script which queries a database and returns some arrays
- Script writes out Javascript which calls a script in the main script that writes some more stuff to the page
Now that's scary, I feel quite dirty now :)
