I am looking for a way to take window.location.hostname and end up with the base domain name, regardless of situation. So from all of:
http://example.domain.com
https://www.example.domain.com
https://www.example.domain.com/stuff/index.php
I would end up with:
domain.com
And from: example.domain.co.uk/ would result: domain.co.uk
I have searched many questions on this topic here on SO and it seems like none ever really result in a complete answer. Some involve using complicated regex that it's hard to tell if wouldn't sometimes fail. And other answers only net a result of example.domain.com.
I am utterly floored that there is not just a simple way of getting this value in JavaScript. I am writing a plugin for websites that uses cookies to store user preferences. I am concerned that if a user sets preferences while using the plugin on a page from one hostname, say one.domain.com, on the off chance they go to use the plugin on another page hosted on two.domain.com, they would need to set their preferences all over again. When I set the cookies, I would like to be able to set them site-wide (at the domain.com level). Because this is a plugin, the domain name will not be known and needs to be calculated starting from window.location.hostname.
So is there a standard way of arriving at what I'm looking for? Or am I just approaching this the wrong way? I suppose I could just have a configuration setting for the website owner to input their base domain name and get it that way, but I'd prefer not to go that route if possible. And honestly, I'd still like to know how to do this anyway. Thanks in advance for any suggestions!
window.location.host
will return the domain name. But, in your case it would return "example.domain.com".
Then you need to do some manipulation on it, using split function , to get the desired value.
Related
Could you please help me with a rule that can exclude users that have already been exposed to one of other experiments in Google Optimize?
What is the best approach?
I am thinking about using 1st party cookie variable or some other custom variable that would mark the user as "exposed" so that another experiment will not affect him.
In addition I can use "run custom "JavaScript" in Optimize's visual editor that will create such a cookie. Will that solve the problem?
Also I can't understand how to prevent 2 experiments from running simultaneously. So that user who sees experiment A will not see experiment B or C (free version is limited to 3 experiments). Is there any rules or configuration that can help with that?
Just had to tackle this! The approach by #swapnil-jain seemed to work on the surface level, but unfortunately had some issues.
When Optimize evaluates whether or not a new user should be opted in to a list of experiments, it creates the _gaexp cookie once for all opt-ins, it doesn't create it then update it between opt-ins.
So it looks for the _gaexp cookie, evalutes opt-in for Exp A (does not contain <expBId>) and opts a user in to Exp A. Then it evalutes opt-in for Exp B (does not contain <expAId>), and opts a user in to Exp B. Then it creates a cookie reading something like GAX1.3.<expAId>.<expDate>.<value>.<expBId>.<expDate>.<value>.
The problem now is that on their second visit, the user will be excluded from seeing the variation for either experiment, because they now fail the audience targeting conditions. Their cookie now contains both <expAId> and <expBId>!
I had similar problems trying to target the _gaexp cookie with regex, since the cookie is created all at once for both experiments after the opt-in is decided.
My current working solution is to create a custom JavaScript rule called rand100. For a first time user, it generates a random number 0-100. If that number is below 50, they are evaluated for Exp A, and a cookie is stored containing the rand100 value. If equal to or above 50, they are evaluated for Exp B. For returning users, the cookie is retrieved, and the previous value of rand100 is returned instead of a new one, and so they still meet the targeting conditions for the experiment they've been opted into.
The one cookie is shared between opt-in evaluations, since it runs the custom JavaScript during Exp A eval, and so the cookie is available for Exp B eval. The cookie is set to expire after 90 days, which is the default expiration for Optimize tracking.
I'm running these experiments at 100% traffic, but technically they are only seeing 50% traffic because of rand100. Traffic is split 25%/25%/25%/25% between control/v1/control/v1.
When we create any experiment, google creates an experiment id which we can find in the details section. Also when an experiment is triggered for a user, it sets a _gaexp cookie which contains that experiment id (apart from other identifiers).
So, if you want to run two mutually exclusive experiments, all you need to do is exclude a user from the experiment if _gaexp contains the id of other. Here are the steps:
In audience targeting, add a rule and choose First-party cookie
Create a variable and set it's value to _gaexp
Choose the does not contain option and add other experiment's id in value
Save
Repeat the same steps for the other experiment
This is one of the reasons that I'm still using Google Experiments. It provides a lot more control with its api. With that said, you should be able to achieve the result that you're looking for by setting a cookie in the user's browser. Here is how I see it playing out:
All experiment cookies have same the same name but differing values to avoid creating multiple cookies.
Upon a new session, check to see if cookie exists
Exists - fire tag to initialize appropriate experiment.
Doesn't Exist - determine which experiment bucket to put user in and fire tag to initialize appropriate experiment.
I know that Optimizely has an algorithm to bucket experiment users in a way that each user can be part of multiple experiment but I don't believe that Google Optimize has that sort of functionality yet.
I'm looking for a javascript that allows me the function described, I would like to get removed the parameter aff_id from any url depending on visitors country:
www.domain.com/join/?language=es&aff_id=3
resulting url: www.domain.com/join/?language=es
(can be this or any other url, what matters is that aff_id=X doesn´t show for that country in particular, but it does for others)
Is this possible? Could anyone show me something similar to what I´m looking for?
Thank you in advance.
First you need to lookup user IP-address in some geoip service (e.g. hostip.info). It can be done client-side. Check out this and this questions to get some ideas on how this can be implemented.
Next you need to substitute a part of URL. That should be simple, e.g. using location.replace.
Before anyone jumps in and says, "Oh!! that's a bad idea", I know it is.
I want to keep both the key and value in the query string to be not easily visible to the end user.
I have something like this google.com/?category=textile&user=user1
I need to make it unintelligible like this: google.com/?kasjdhfkashasdfsf32423
Is there any way to achieve this in javascript. I have already seen this
I have already seen this
and this.
but I don't think encoding will solve the problem. Also, this code is entirely in client side. I know that it is not secure but I just need this is a naive, weak defense.
Please help.
Edit
I apologize if my question was not clear earlier.
The URL google.com/?category=textile&user=user1 is being passed on from a different application.
The values passed in the query string directly controls what is being displayed to the user. As is, anyone with no technical knowledge can easily change the value and view the data corresponding to a different category or user. I need to make this unintelligible so that it is not obvious. If a user is a techie and figures out the encryption used, then it is fine. I need a stop-gap solution till we have a better architecture in place
You can use base64. Javascript has native functions to do that :
alert(btoa("category=textile&user=user1")); // ==> Y2F0ZWdvcnk9dGV4dGlsZSZ1c2VyPXVzZXIx
and to reverse it :
alert(atob("Y2F0ZWdvcnk9dGV4dGlsZSZ1c2VyPXVzZXIx")); // ==> category=textile&user=user1
Be careful to read the doc if you have unicode strings, it's a little different : https://developer.mozilla.org/en-US/docs/Web/API/Window.btoa
If you don't looking for serious strong crypto, you can use ROT13:
http://en.wikipedia.org/wiki/ROT13
This is enough for slightly obfuscate keys/values in the your URLs.
I try to adapt etherpad so it is only accessible if certain params are sent with the request.
For example I want a certain pad just to be displayed if there is a unique id provided like
http://myetherpad.com/thepadid?myparam=blub
Does anyone know where exactly I can parse the params? I searched all the js-files but didn't find exactly what I am looking for.
I found out that there is some kind of request object. You can access it like
request.params.padId
But I also don't know where to search for the implementation of this object.
I hope somebody can help me. Thanks :)
You could probably hack something into the code at https://github.com/ether/pad/blob/master/etherpad/src/etherpad/licensing.js#L153
But if all you need is some kind of password protection, there are easier ways. The easiest would be to use something that is built in to your web server, or to use the built-in pro functionality -- more on that on http://etherpad.org/2010/10/14/241/
(Your idea with using URL-parameters for password could be simplified; just use a complicated pad name and only those with the URL will find it. Having a "nice" pad name and adding a complicated password at the end doesn't protect the pad at all.)
For anyone with the same problem: You can get the GET-parameters via
request.headers['Referer']
It returns the URI the user called. But I still don't know how to do it properly (or get the POST parameters).
I use DropBox and I've had some trouble reaching to my files from other computers:
I not always want to login to anything when I'm in a public computer, but I like being able to reach my stuff from wherever I am.
So I've made a simple application that when put in the public folder, ran and given the right UID, creates (still in your public folder) an HTML of all the content in the folder (including subfolders) as a tree of links.
But I didn't risk loading it anywhere, since there are slightly private things in there (yes, I know that the folder's name is "PUBLIC").
So I've came up with the idea to make it a simple login page, given the right password, the rest of the page should load. brilliant!, but how?
If I did this by redirecting to other HTML on the same folder, I'd still put the html link in the web history and the "url's accessed" history of the administrator. So I should generate itin the same page.
I've done it:
alt text http://dl.dropbox.com/u/3045472/validate.png
And currently the page is a textbox and a button, and only if you type in the right password (defined in the generator) the rest of the page (with the link-tree) loads. The fault is that everything (password, URL's) is easily reachable through the source code.
Now, assuming I only want to avoid silly people to get it all too easily, not make a bulletproof all-content-holding NSA certified website, I though about some ways to make these information a bit harder to get.
As you may have already figured, I use a streamwritter to write an html file (head, loop through links, bottom), then it's extremely configurable, and I can come up with a pretty messy-but-working c# code, though my javascript knowledge is not that good.
Public links in DropBox look like this:
Summarizing: How do I hide the URL's ande the password to show them (MAINLY the password, of course) in my source-code so that no that it should require some effort on reading ?
P.S.: It's not that personal, if someone REALLY wants it, it could never be 100% protected, and if it was that important, I wouldnt put it in the public folder, also, if the dude really wants to get it that hard, he should deserve it.
P.S. 2.: "Use the ultra-3000'tron obfuscator!!11" is not a real answer, since my javascript is GENERATED by my c# program.
P.S. 3.: I don't want other solutions as "use a serverside application and host it somewhere to redirect and bla bla" or "compress the links in a .RAR file and put a password in it" since I'm doing this ALSO to learn, and I want the thrill of it =)
Update 1:
The one answer so far gives a perfect way (according to this question) to hide my password.
Now I want a good way to hide the URL's, maby a code snippet of the example URL I gave being composed, and if it's too tricky, maby how to generate it in C#, or anything ?
Update 2:
I thought about maybe making three "obfuscating methods" and choosing them randomly in the runtime. So anyone who figures out how to read one XML, could only read about one third of them, and maybe having a hard time finding the other rest of this third..
Update 3:
Just thought about REGEX, the URL could be neatly crowded by dummy not-url-allowed characters added randomly that would be removed by something like:
regex.replace(url, ^[^\w\d/:-\.%]+$,"")
So the nosy dude should have to be pretty advanced into programming somehow, eh? could anyone tell me if it would work or not ?
Well, as it seems you already know, this is a rather poor choice of security mechanism, but if you insist...
Don't store the actual string in the source. Store, for example, its MD5 hash. Then, when the user types in a password, compute its MD5 hash and compare it with the expected one.
Check out:
MD5 in JavaScript
MD5 in C#
To elaborate on miorel's idea, you can also encrypt the whole page, using password as a key. Basically, encode all content into one big string, ask for the password and decrypt that string. If the password is wrong, it will show loads of rubbish, that is it. Like
content = "encrypted string"
function decrypt(str, key) { your algorithm of choice here }
document.write(decrypt(content, prompt('Password?')))
The only thing you need is a decrypt implementation in javascript - but that's easy to google out, for example here or here.
This also renders the separate 'login' page useless.
Granted, this is akin to asking how you can strip in public without people seeing you, but given that, I'm assuming that the password you are trying to store is the one to DropBox. I suppose you could obfuscate the password and store it in a cookie. That would at least prevent someone from simply viewing the source to see the password, but obviously wouldn't stop someone running something like Fiddler and seeing it.
[snipped server side suggestion]
EDIT: To munge the Urls, why don't you simply build the urls on the fly and have the links call a javascript function to get the url? Your server-side code would populate an array in this function with obfuscated urls and the calling code would simply pass an index into the array. Thus, on viewing the source, there would be no instances of "http" anywhere other than static unsecure links.
ADDITION Ok. now that I have a better bead on the problem, it is easier to devise solution. There are libraries for doing encryption on the net in javascript (e.g. http://point-at-infinity.org/jsaes/) but the problem comes down to key management. Since its javascript, it is going to be public but there are hoops you can devise to make it harder to determine the key. In general, those tricks involve indirection. For example, store a lengthy stream of random characters (e.g. 40-50 or more) that is generated by your C# code and stored in the HTM file. In addition, the C# code would would store into your javascript function an array numeric values that represent pointers into the long stream of text that were used by the C# code to encrypt the passwords (or just the whole url).