I've two text box in form
Example:
website address : http://www.domainname.com
email address : example.domainname.in
I want to validate email address domain name is same as web site domain name in javascript
I Have write a below code to validate domain name
var websiteaddress = $('#' + $("[id$=_websiteAdd]")[0].id).val();
var emailaddress = $('#' + $("[id$=_emailaddress]")[0].id).val();
if (websiteaddress != "" && emailaddress != "") {
var emailDomain = emailaddress.replace(/.*#/, "");
var websiteDomain = websiteaddress .replace('http://', '').replace('https://', '').replace('www.', '').split(/[/?#]/)[0];
if (emailDomain != websiteDomain) {
return false;
}
}
return true;
So you can do:
var email = 'something#domainname.com';
var domain = email.replace(/.*#/, "");
You can then compare the domain to the domain of the site.
You can do this using the code over at: http://rossscrivener.co.uk/blog/javascript-get-domain-exclude-subdomain - this is useful if you don't know where the website will be hosted or if the domain changes depending on location. If the website domain won't change then you could just hard code websiteDomain.
var websiteDomain = (function(){
var i=0,domain=document.domain,p=domain.split('.'),s='_gd'+(new Date()).getTime();
while(i<(p.length-1) && document.cookie.indexOf(s+'='+s)==-1){
domain = p.slice(-1-(++i)).join('.');
document.cookie = s+"="+s+";domain="+domain+";";
}
document.cookie = s+"=;expires=Thu, 01 Jan 1970 00:00:01 GMT;domain="+domain+";";
return domain;
})();
So you could then do a check to see if:
domain == websiteDomain
Related
I made this little code using JS to disable cookies:
$(document).ready(function() {
var cookie_settings = getCookie("cookie-settings"); //Main cookie which contains cookie preferences
var cookie_selector = document.getElementById("cookie-selector"); //Modal for cookie selection
var g_recaptcha = document.getElementById("cookie-g-recaptcha"); //Example checkbox cookie
var g_tag_manager = document.getElementById("cookie-g-tag-manager"); //Example checkbox cookie
var messenger_plugin = document.getElementById("cookie-fb-mccp"); //Example checkbox cookie
var g_analytics = document.getElementById("cookie-g-analytics"); //Example checkbox cookie
var cookie_set = document.getElementById("cookie-set"); //Button to save preferences
if (cookie_settings == null) { //Check if main cookie exist
$(cookie_selector).modal({
backdrop: 'static',
keyboard: false
}); //If not exist, open cookie selector modal
} else {
var cookie_settings_raw_values = getCookie("cookie-settings"); //read and save main cookie in var
var cookie_settings_values = cookie_settings_raw_values.split('&'); //save main cookie content in array
if (cookie_settings_values.includes(g_recaptcha.id)) {
//If array contains recaptcha example include it
//for example append in head -> $('head').append('myscript');
}
if (cookie_settings_values.includes(g_tag_manager.id)) {
//same
//for example append in head -> $('head').append('myscript');
}
if (cookie_settings_values.includes(messenger_plugin.id)) {
//same
//for example append in head -> $('head').append('myscript');
}
if (cookie_settings_values.includes(g_analytics.id)) {
//same
//for example append in head -> $('head').append('myscript');
}
//or you can remove else condition and manage this part from php
}
$(cookie_set).click(function() { //on save preferences click
var selected_cookies = [g_recaptcha.id, g_tag_manager.id]; //make array and include required cookies
if (messenger_plugin.checked == true) {
//if messenger plugin example checkbox is checked push it's reference in array
selected_cookies.push(messenger_plugin.id);
}
if (g_analytics.checked == true) {
//same for the other optional checkboxes
selected_cookies.push(g_analytics.id);
}
var expiry_date = new Date();
expiry_date.setMonth(expiry_date.getMonth() + 6); //expiration date 6 months in my case, you can set what you want
document.cookie = document.cookie = "cookie-settings=" + selected_cookies.join('&') + "; expires=" + expiry_date.toGMTString(); //make main cookie with required and optional selected checkboxes (the deadline is 6 months after the creation of the cookie)
location.reload(); //reload page
});
//get cookie by name
function getCookie(name) {
var document_cookie = document.cookie;
var prefix = name + "=";
var begin = document_cookie.indexOf("; " + prefix);
if (begin == -1) {
begin = document_cookie.indexOf(prefix);
if (begin != 0) {
return null;
}
} else {
begin += 2;
var end = document.cookie.indexOf(";", begin);
if (end == -1) {
end = document_cookie.length;
}
}
return decodeURI(document_cookie.substring(begin + prefix.length, end));
}
});
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
My question is it enough to disable third-party cookies?
Not including the scripts if the user does not accept cookies, do the stored ones become useless? Does the site comply with the GDPR?
If not, do you have any other valid alternative to propose that is not the use of third party codes?
Most of the websites, which are trying to be GDPR compliant are not loading any of these scripts by default (as you probably do). First they show a popup, if a user wants to load e.g. tracking cookies and if the user agrees they will be loaded. The configured setting which services should be loaded / what the user has selected will then be stored either in a cookie or e.g. the localStorage.
So yes, your site seems to be GDPR compliant when we take a look at the approach how you load the external scripts.
If you’re talking about deleting them, set it again with the expiry date before today.
I want two types of domain redirects on the same site (if else statement etc):
If user has cookie:
And url subdomain is amazon then redirect to url xxxxxx
And url subdomain is ebay then redirect to url xxxx
If user has no cookie:
And url subdomain amazon then first forward to ebay subdomain and back to amazon subdomain once (currently creates a loop) and display background xxxx with href link xxxx
And url subdomain ebay then first forward to amazon subdomain and back to ebay subdomain once (currently creates a loop) and display background xxxx with href link xxxx
Synchronise user cross-domain click for a new pop-up for href xxxxx - ie if user has come on site by clicking on link on another site then see asynchronise click to open another pop-up (200 sec rule)
Currently site already has below which I still need, so cookie redirect shouldn't set a redirect to site outside because of the code below but only if user is genuinely a returning user
var subdomain = window.location.hostname.split('.')[0];
if (!document.cookie == null && subdomain === "amazon") {
window.location = "http://www..com";
} else if (!document.cookie == null && subdomain === "ebay") {
window.location = "http://www.tutorialspoint.com";
} else if (document.cookie == null && subdomain === "amazon") {
var oLinksArray = [];
oLinksArray[0] = 'http://www.ebay.com';
oLinksArray[1] = 'http://www.amazon.com';
for (var x = 0; x < 2; x++) {
var openWindow = window.open(oLinksArray[x]);
setTimeout(function() {
openWindow.close();
}, 2000);
}
} else if (document.cookie == null && subdomain === "ebay") {
var oLinksArray = [];
oLinksArray[0] = 'http://www.amazon.com';
oLinksArray[1] = 'http://www.ebay.com';
for (var x = 0; x < 2; x++) {
var openWindow = window.open(oLinksArray[x]);
setTimeout(function() {
openWindow.close();
}, 2000);
}
} else {}
You don't need to transfer cookie with redirection. Cookie has a property called domain. You should add website's domains to give access permission to them.
In Javascript
var cookieName = 'HelloWorld';
var cookieValue = 'HelloWorld';
var myDate = new Date();
myDate.setMonth(myDate.getMonth() + 12);
document.cookie = cookieName +"=" + cookieValue + ";expires=" + myDate
+ ";domain=firstDomain.com,nextDomain.com;path=/";
In PHP
setcookie('mycookie','mydata1',time() + 2*7*24*60*60,'/','www.firstDomain.com,nextDomain.com', false);
I'm using TypeForm to handle my lead generation forms. The form I'm using has been embedded on the home page of my site. This embedding creates an iframe showing the popup every time the home page is loaded, even if the 'X' is clicked.
Having contacted TypeForm, I have been told that I would need to set a cookie to prevent the popup loading each time. In fact their reply was "To ensure the Typeform only appears once you will have to add cookies to your site in order to ensure a user only sees it one time. This isn't a feature we currently have but hopefully with more requests it's something we could add!"
Embed Code:
<a class="typeform-share button" href="https://example.typeform.com/to/fbPnzs" data-mode="drawer_left" data-auto-open=true target="_blank" style="display:none;"></a>
<script>
(function() {
var qs, js, q, s, d = document,
gi = d.getElementById,
ce = d.createElement,
gt = d.getElementsByTagName,
id = "typef_orm_share",
b = "https://embed.typeform.com/";
if (!gi.call(d, id)) {
js = ce.call(d, "script");
js.id = id;
js.src = b + "embed.js";
q = gt.call(d, "script")[0];
q.parentNode.insertBefore(js, q)
}
})()
</script>
The embed URL is example.typeform.com whereas the website where the form is to be embedded is not the same. Does consideration need to be made about same-origin?
What do I need to implement in terms of code to the functions.php file of my WordPress site to add a cookie that allows the popup to show only once and/or never show again if the 'X' is clicked?
Thank to Nicolas for his answer!
Having checked over the SDK, I've adapted Nicolas' snippet to cater to the left draw popup. This checks if a cookie exists, if it does not, it should set it and display the left draw TypeForm popup; if the cookie does exist, it won't show.
var url = "https://demo.typeform.com/to/njdbt5" // Update with your TypeForm URL
let params = new URLSearchParams( location.search );
url += "?utm_source=" + params.get( 'utm_source' ); // Replace with the hidden values you want to pass
var displayed = getCookie( "typeform_displayed" ); // Check for the cookie typeform_displayed
if ( displayed ) {
null
} else if ( !displayed && displayed === "" ) {
setCookie( "typeform_displayed", true, 365 ); // Set typeform_displayed cookie with a value of true and an expiry of 365 days
showEmbed();
}
//
function showEmbed() {
window.typeformEmbed.makePopup( url, {
mode: 'drawer_left',
autoOpen: true,
hideHeaders: true,
hideFooters: true,
} )
}
// Cookie Manipulation
// Source: https://www.w3schools.com/js/js_cookies.asp
function setCookie( cname, cvalue, exdays ) {
var d = new Date();
d.setTime( d.getTime() + ( exdays * 24 * 60 * 60 * 1000 ) );
var expires = "expires=" + d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}
function getCookie( cname ) {
var name = cname + "=";
var decodedCookie = decodeURIComponent( document.cookie );
var ca = decodedCookie.split( ';' );
for ( var i = 0; i < ca.length; i++ ) {
var c = ca[ i ];
while ( c.charAt( 0 ) == ' ' ) {
c = c.substring( 1 );
}
if ( c.indexOf( name ) == 0 ) {
return c.substring( name.length, c.length );
}
}
return "";
}
I think this is totally doable using Typeform Embed SDK.
You will need to check if the cookie is already set. And depending on the value display or not the embed typeform.
I made a working example on Glitch, you can look at it here.
In code the logic would look like this:
var displayed = getCookie("displayed_typeform");
if (displayed){
embedElement.innerHTML="<h2>Typeform already displayed once.</h2>"
} else if (!displayed && displayed === "") {
setCookie("displayed_typeform", true, 365);
showEmbed();
}
Hope it helps :)
The problem:
I need to start with a URL with a query string containing a URL of a second page - http://www.firstURL.com/?http://www.secondURL.com. On the target page of the first URL, the query string is parsed to extract the second URL and the browser is re-directed to the second URL. This is done on $(document).ready so that it's automatic. This all works fine, but of course falls in a hole if the user hits the back button on the second URL. Here's the basic code:
$(document).ready(function() {
var s = location.search;
if(s != '') {
var split = s.split('?');
var loc = split[1].replace('?', '');
location.href = '' + loc + '';
} else {
//do something else on the target page..
}
});
I've tried creating a conditional case where, if the referrer is the 2nd URL (loc in the code above), the re-direction doesn't execute, but it seems that in the case of a re-direction, the back button doesn't return the referrer.
I have to do all this client side - I have no access to the server.
Is there some way to prevent the re-direction triggering on a back button click? Thanks.
Once you hit the second page, set a cookie in your browser indicating that the second page has been visited.
In the first page, before doing the redirection always check whether the cookie is not present.
Instructions on setting a cookie:
<script type="text/javascript">
document.cookie="secondpagevisited=43yj0u3jt;path=/"; //execute this line in the head of second page.
</script>
In first page, check for cookie presence:
<script type="text/javascript">
if(document.cookie.indexOf("secondpagevisited=43yj0u3jt")==-1){
/*do redirection here*/
}
</script>
EDIT: Assuming you control only the first page and not the second page, try this:
<script type="text/javascript">
if(document.cookie.indexOf("secondpagevisited=43yj0u3jt")==-1){
document.cookie="secondpagevisited=43yj0u3jt;path=/";
/*do redirection here*/
}
</script>
I gave Ashish the point for putting me on the right track, but this is my solution which goes one step further:
var s = location.search;
if(s != '') {
var split = s.split('?');
var loc = split[1].replace('?', '');
if (document.cookie.indexOf('redirected=' + loc + '') == -1) {
document.cookie = 'redirected=' + loc + '';
location.href = '' + loc + '';
} else {
var url = location.href.replace('' + s + '', '');
document.cookie = 'redirected=; expires=Thu, 01 Jan 1970 00:00:00 GMT';
history.pushState(null, null, '' + url + '');
}
If the cookie is there, the re-direction doesn't occur, the cookie is removed (in case the user returns to the site that had the original link and clicks it again), and the URL is tidied up by removing the query string.
Thanks for the guidance.
I know that it's possible to allow other domains to read our domain cookie as long as they're sub domains of the same parent domain.
For example, intranet.abc.com and extranet.abc.com can allow cookies to be read by each other by specifying the domain property to .abc.com
Now, I'm really in need that I can allow other domains to read my domain cookie (they are not sub domains of the same domain). I have searched a lot of discussions on the internet => all say "NO" due to security issues. I'm not sure if I missed a solution out there because I don't see any security issues in this case. My server clearly ALLOWS this cookie to be read by an XYZ.COM domain because the cookie does not contain any sensitive information and XYZ.COM domain is my trusted domain,
In my opinion, there should be a way to specify a list of other domains that are allowed to read a particular cookie in our domain, just like CORS, the server can decide if the information should be available to some trusted domains.
Please tell me if it's possible without using a workaround and if so, how to do it?
If it's not possible, I really would like to know why.
Some information about what I'm implementing:
I'm implementing a file download and on client side I need to detect whether the download is complete by periodically checking for a download token in the cookie using an interval in javascript.
The logic of the current system I'm working on at the moment may store the files in 2 different servers. If the file is missing in the current server, it will download file in another server (another domain)
Thank you very much.
You can read off-domain cookies by opening an iframe to specially instrumented page on the other domain and using the window.postMessage API to communicate between windows. HTML5 only, obviously.
Simplifying the postMessage API somewhat for brevity, consult MDN developer pages for full details.
https://developer.mozilla.org/en-US/docs/Web/API/Window.postMessage
<iframe id="ifrm" src="http://other.domain.com/getCookie.html"></iframe>
<script>
var iframe = document.getElementById('ifrm');
window.addEventListener('message', function (e) {
if (e.source === iframe.contentWindow && e.origin === 'other.domain.com') {
var cookie = e.data;
//do something with cookie
}
});
//wait for the iframe to load...maybe ping it first...then
iframe.contentWindow.postMessage('give me the cookie:cookie name', 'other.domain.com');
</script>
/* in getCookie.html */
<script>
window.addEventListener('message', function (e) {
if (e.origin === 'your.domain.com') {
var soughtCookie = /give me the cookie\:(.*)/.exec(e.data)[1];
// read the cookie
var cookie = getCookieFn(soughtCookie)
e.source.postMessage(cookie.toString(), 'your.domain.com');
}
}, false);
</script>
you could have a backend web service which shares the contents of the cookie with the 3rd party, but then your server would have to hold the cookie value in session and have a session id that is some how shared with the other website.
Can also special page and redirection so that the cookie value is read and passed to your domain as a form submit.
Lets say your domain is yours.com and on page yours.com/page1 you set some cookie value.
Now xyz.com , another domain wants that value. xyz.com/somePage, redirects to yours.com/spl (along with parameter of the page to send user to say xyz.com/somePage2), Now yours.com/spl gets the cookie via JavaScript and then redirects to xyz.com/somePage2 passing the cookie value as a POST or a GET parameter.
Full working sample at http://sel2in.com/pages/prog/html/acrossSites/make.php (with a simple web service)
AJAX not example wont work but can do it with iframes.
Code :
coki.js (goes on the first site that wants to expose cookies)
function setCookie(cname,cvalue, daysExpire)
{
var d = new Date();
d.setTime(d.getTime()+(daysExpire * 24 * 60 * 60 * 1000));
var expires = "expires=" + d.toGMTString();
document.cookie = cname + "=" + cvalue + "; " + expires + " ; path=/ ;"
}
function getCookie(cname)
{
var name = cname + "=";
var ca = document.cookie.split(';');
for(var i=0; i<ca.length; i++)
{
var c = ca[i].trim();
if (c.indexOf(name)==0) return c.substring(name.length,c.length);
}
return "";
}
wsa.php (goes on site 1). To make it more secure can check the calling page/ container URL and use a dynamic secret key.
<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
error_reporting(E_WARNING);
$d = $_REQUEST['s'];
if($d != "secret565"){
echo "Bad secret bye";
return;
}
$n = $_REQUEST['n'];
if($n == ""){
echo "No cookie name, bye";
return;
}
?>
<script src=coki.js>
</script>
<script >
n = '<?php echo "$n"?>'
v = getCookie(n)
//alert("For " + n + ", got :" + v + ".")
window.parent.gotVal(n, v)
</script>
getc.html
Goes on site 2, gets the value of cookie C1 or other cookie from site 1 via wsa.php, using an iframe. wsa.php reads the secret auth key and cookie name from its parameters, then calls a javascript function in containing page to pass back values
<form name=f1 action=ws.php method=post>
<h1>Get cookie from Javascript sample </h1>
http://sel2in.com/pages/prog/html/acrossSites/
<table>
<tr><td>Url from <td/><td> <input name=u1 value='wsa.php' size=100><td/></tr>
<tr><td>Cookie Name <td/><td> <input name=n value='C1'><td/></tr>
<tr><td>Secret <td/><td> <input name=s value='secret565'><td/></tr>
<tr><td><input type=button value='Go' onclick='s1do()' > <td/><td><td/></tr>
</table>
</form>
<div id = result>result here</div>
<div id = cc1>container</div>
v 2 c
<script>
function gotVal(n, v){
document.getElementById("result").innerHTML = "For " + n + ", got :" + v + "."
}
function s1do(){
document.getElementById("cc1").innerHTML = ""
n1 = document.f1.n.value
s1 = document.f1.s.value
url = document.f1.u1.value
qry = "s=" + escape(s1) + "&n=" + escape(n1)
s = "<iframe border=0 height =1 width=1 src=\"" + url + "?" + qry + "\" ></iframe>"
document.getElementById("cc1").innerHTML = s
}
</script>