I have some javascript code that will pass data to a pop up for an intranet site. However, IE9 claims that it's cross scripting even though its the same domain. What's odd, is if I change the code from window.open to window.location, all is well. However, it's required to be a popup.
Also, the data that I am passing to the pop up contains html code.
I tried using javascript's escape and encodeURI, but have not had any luck.
Any help would be greatly appreciated.
EDIT: code
JQuery.ajax({
...
...
...
success
{
window.open("mydomain/mypage?data="+data,"Test","width=350,height=350");
}
see on jsfiddle http://jsfiddle.net/DKehT/1/
you even dont need to encode. encoding is done automatically
var a="<htm>"
window.open("http://mydomain.com/mypage?data="+a,"Test1","width=350,height=350");
Related
This is my js window.open() code.
var url = "https://www.google.com"
window.open(url, "_blank", "menubar=no,location=yes,resizable=yes,scrollbars=yes,status=yes,width=640,height=480", false);
It opens a new browser window with the "url" as expected.
But the issue is that, it also changes the current url in my main web application.
For example before my window.open() call if I was on this url:
https://example.com/#!/projects/56asda/view
After the call the url redirects to this:
https://example.com/#!/
How can this issue be prevented? I have not found any solution for this on the internet.
I am using angularjs 1.0 for my frontend.
Please refrain from answering that "_blank" should work etc.
Any help will be invaluable.
I have tried to duplicate your issue but I have found no issues while executing the code which would mean your issue might be related to your web server settings.
Anyways, have you tried calling it like this:
var url = "https://yourlink.here";
window.open(url, "_blank");
Without anything like "menubar=no" or other arguments?
If you haven't, I suggest you do and if that works, just add the arguments one by one to check which one contains the error.
I want to secure JavaScript Codes. I secure my JavaScript with https://javascriptobfuscator.com/ but it can also stolen from view source.
I want a codes which redirect to my website when JavaScript used on wrong site.
This is possible I know but I don't know how?
What you could do is check the return of location.host or location.hostname.
To redirect to another URL you would change the value of location:
location = "https://mywebsite.com";
//or alternatively
location.assign("https://mywebsite.com");
However, the redirection may will be prevented by Cross-origin resource sharing policies (see Michael's comment). So you could just display an alert dialog.
alert("Don't use my script on your website");
The person trying to use your code on their website will be warned during development by this alert.
In any case, your obfuscated code can still be changed and someone that is determined will remove these "security" measures and it can even be deobfuscated.
Are you sure all of this is needed ? Modifying a stolen code to make it work on another website can be harder/longer than just rewriting a similar code. Apart if you are doing something very special and new, I think you are just losing time by trying to protect your code.
Hey guys --
The website I'm working on requires a bookmarklet launchable from your bookmark toolbar.
I've noticed that some browsers are blocking my bookmarklet.
However, similar bookmarklets such as Tumblr's, Twitter's, and Delicious' have workarounds where their bookmarklet pages are not getting blocked.
My current launch script looks like:
javascript:void(window.open(%22http://mywebsite.com/share/form?
u=%22+encodeURIComponent(location.href)+%22
&t=%22+encodeURIComponent(document.title),
%xz%22,%22status=0,toolbar=0,location=0,menubar=0,resizable=false,scrollbars=false,height=379,width=379%22));
It's a simple window.open, which is clearly not enough to handle certain exceptions
The sites, below is Delicious' launch script, all seem to have workarounds that look very similar to that of below:
javascript:(function(){
f='http://www.delicious.com/save
?url='+encodeURIComponent(window.location.href)+
'&title='+encodeURIComponent(document.title)+
'¬es='+encodeURIComponent(''+(window.getSelection?window.getSelection():document.getSelection?document.getSelection():document.selection.createRange().text))+
'&v=6&';
a=function(){
if(!window.open(f
+'noui=1&jump=doclose','deliciousuiv6','location=yes,links=no,scrollbars=no,toolbar=no,width=550,height=550'))
location.href=f+'jump=yes'};
if(/Firefox/.test(navigator.userAgent))
{setTimeout(a,0)}else{a()}})()
It seems like they append some extra GET parameters to the URL if the user agent is firefox.
I'm assuming then, if that is the case, that the init scripts on the actual page loading from the bookmarklet handles this exception somehow?
Has anyone had any experience with this issue? Would you be able to point me to any resources or tips? I have been stuck with this roadblock for sometime now.
Thanks in advance
the delicious bookmark does not directly invoke the window.open() - it creates a function (called a in there) which is then executed in a setTimeout(a,0) for firefox (i assume the problem you have is in firefox).
You can try a similar method, and see if it works for you.
How can I write something ("hello my client" for example) in the browser's address bar with javascript after the page is completely loaded?
Mean writing something in address bar without entering - is it possible?
It seems we can do this job with JavaScript, if not can we do that with server side code?
How?
This is possible, but only the part after the hostname:
history.pushState(null, "page 2", '/foo.html');
Try this in your javascript console, this effectively changes the current path with /foo.html. (It's a new html5 feature, and is available in recent browsers only.)
See mozilla docs: https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history#Adding_and_modifying_history_entries
Browser Compatibility
Why?
This is used to make ajax sites history/bookmark/link friendly by updating the URL as the content is updated. Currently most sites do this by only changing the hash part of the URL (e.g. Twitter with their #!.)
For instance Github uses this for their code browser: https://github.com/blog/760-the-tree-slider
Maybe its already answered # Change the URL in the browser without loading the new page using JavaScript .
You can set location.hash, but you can't replace the entire URI.
The reason this is not possible is it presents a security violation. This is why phishers write a gif file over where they believe the address bar will be.
My question is why would you want to do this? The only reason I can think of is you want to make someone think they are at http://Iamreallyyourbank.com when they are at http://IamStealingYourMoney.com, which is why the security is in place.
This is not possible. You cannot change the URL displayed in the browser. Not only would it be a horrible security practice, it would be a violation of trust to the people visiting your site.
I have a problem with a link containing Chinese characters that is send to a javascript file in Internet Explorer. Generally that link is created by PHP and looks like this in IE:
www.example.com/%E6%B7%AC%E7%81%AB%E6%B2%B9_ASIN5034CN.pdf
In firefox it looks like this:
www.example.com/淬火油_ASIN5034CN.pdf
Both work in that direct way. I need to pass that link to a javascript that popups on the page and it will be displayed after the user entered her/his contact information.
This also works on firefox and other browsers but in IE that link is transfered to this which does not work anymore:
www.example.com/æ·¬ç«æ²¹_ASIN5034CN.pdf
I tried to do some encoding on it with encodeURIComponent but still no success. So the link is passed correctly to the javascript but it is totally screwed up only by IE.
Thx for any advice on that problem.
I found a solution that works. By encoding on the server side with PHP function urlencode the link works on javascript in IE.