I am wondering if there is anyway to grab the html that is generated from an ASP page. I am trying to pull a table from the page, and I foolishly used a static html page so I would not have to be constantly querying the server where this page resides while I tested out my code. The javascript code I wrote to grab to unlabeled table from the page works. Then when I put it into practice with the real page and found that the ASP page does not generate a viewable page with a jquery .get request on the URL.
Is there any way to query the page for the table I need so that the ASP page returns a valid page on request?
(I am also limited to using javascript and perl for this, the server where this will reside will not run php and I have no desire to learn ASP.NET to solve this by adding to the issue of proprietary software)
Use Perl's LWP module to query the ASP.NET page to get the required information. I would open the target page in a web browser while doing a WireShark trace so you can tell exactly how the browser is calling the page and getting the table information, and then perform the same call with LWP.
Is the page that is trying to get the table on the same domain? It needs to be. If not you have to use a proxy or XMLHttpRequest Level 2 access control headers.
Related
When NOT using AngularJS, I create a web site that responds to /mysite/users . It returns an HTML page with user records filled within a table-like display.
I wish to try an AngularJS approach. I somehow load the web page, and that page's onload() calls /mysite/users, which returns merely a JSON list of users.
The "somehow" part is what bothers me. So far I'm reduced to first calling /mysite/showUsers. This downloads the HTML page which then itself calls /mysite/users.
Likewise, when editing with AngularJS I think I'll have to call /mysite/userEdit/1 which on load calls /mysite/user/1.
I think I'm missing something. Can I get a clue?
Thanks,
Jerome.
As you've noted, the AngularJS approach is not to load pre-rendered HTML from the server, but instead load a list of JSON data and rely on AngularJS directives to populate the DOM client-side.
A concrete example in your case would be a page which loads an Angular module that fetches a JSON list of users from /api/users, and leverages the ng-repeat directive to populate the data into the page right in the visitor's browser. Here's a JSFiddle I found that illustrates how you'd accomplish this.
It's all a matter of where the data gets inserted into the HTML; It can happen on the server-side or the client-side, and Angular favors the latter. (This is not to say you can't load pre-rendered HTML from the server, but you would be working against the way AngularJS is designed to be used.)
I've had trouble describing what I want to have happen. Perhaps it is because it goes against the grain of Angular.
My server responds to /user/1 with the JSON for user #1. For the browser to deal with it, I must have a web page already there that can display this JSON. Chicken and egg style, how do I get this edit web page into the browser? My classic example is using /user to list the users and having a link on each user to edit it, such as "/SOMETHING/1".
In the meantime, I've decided to go with /user/edit/1. That will cause the server to render an HTML file, using server-side scripting to insert a phrase that on window.onload() fills the skeleton HTML with the result of /user/1.
Thanks, Collin, for replying.
I'm starting to build a UserControl that will live on some SharePoint 2007 PageLayouts. The UserControl's purpose is to display a map of several locations based on the name of the page. So what it needs to do is take the page name, go query a SharePoint list for the relevant collection of geo coordinates, then load them on the map. I've never really done much client side scripting beyond simple modification of elements and academic jquery AJAX calls. So I'm trying to understand what the common practices are for passing data around.
I've seen a lot of stuff online talking about AJAX calls to page methods, which is out because this is a user control. The alternative looks to be ajax calls to a web service. I've built web services before but for consumption by .NET clients. Is this still the way you set up a .net web service to be called by scripts? What about security? What if I only want my page or my site calling the web service and not the general public?
In this case, I'm not sure a service would even be necessary. Can I just retrieve the data and put it on the page during the initial request? Something like json serializing the coordinate collection in the code behind and writing it to a hidden field for javascript to pick up?
There are several ways of passing values from an usercontrol to javascript.
ScriptControl:
Allows you to include a client behavior for your web control. See some Links below:
Creating Script Controls
ASP.NET: Create AJAX Server Controls using the ScriptControl base class
Asp.Net Ajax ScriptControl Tutorial
RegisterStartupScript and RegisterClientScriptBlock:
Allows you to include client side script blocks on the page. See some Links below:
Working with Client-Side Script
Injecting Client-Side Script from an ASP.NET Server Control
HtmlGenericControl:
Nothing stops you from creating a script tag dinamically and inserting all your javascript logic into the InnerHtml property. It could be done during the initial request.
Example:
HtmlGenericControl script = new HtmlGenericControl("script");
script.ID = "script";
script.Attributes.Add("type", "text/javascript");
script.InnerHtml = "alert('Hey');";
//Insert the script into some asp:Panel
panel.Controls.Add(script);
Reading this 4 years later, I can tell my past self this:
Yes, just include the json on the page, hidden for JS to pick up. But be aware that this increases the size of your response that must be downloaded by the client browser. Not only does this take more time, but it uses up more of a mobile user's expensive data. If there is a lot of data and some may not be used, retrieving the data, as needed, from a web service may be a better option.
REST services are a common solution for responding to AJAX requests. There's not much you can do to secure your data from anonymous users if you want to allow client side scripts from anonymous users to get at it.
I've been given a task, which I believe my employer is just putting a carrot in front of me and seeing how far I will run.
A vendor has provided us with a form application. This application is in ASP. My task is to see if its possible to Pre-populate this ASP application because we want to host a little 'mini-wizard' questionnaire on our site and when you click submit on the 'mini-wizard' it pre-populates a few fields on the application.
My first question to him was "Do we have access to the ASP code behind to look for parameters passed via Get/Post. - NO
I thought, ok, so there is no way to do it. He then said you may be able to do it with javascript. Which I could see if I could put JS on the application page, but I can't do that either.
My final idea would be to make an ajax call for that page, modify the contents and then display it on our site. I am not sure that would even work, have never tried making an AJAX call to an ASP page from a non-asp site.
Can it be done or is this some form of new developer hazing?
Yes it can be done. As you are going to use client side ajax, the page will give you nothing but the HTML output of that page. So you just need to know that what parameters you need to pass to that page. Even there might be no need to pass parameters.So, Take an asp page of your own and do the ajax call
I have a wordpress site, and i'm not a php developer and not very eager to start either so I'm avoiding it like the plague, but I do have a requirement that requires a little bit of extra coding. I need to:
go to a different website,
download that page,
check for a certain phrase,
if phrase exists, extract a link from that page
and if link is returned I need to show that link on my wordpress site.
Currently, I have an asp.net page that does this and i'm hosting that page in an iframe on my wordpress site. but i'd like to do it without an iframe.
Question is, is there anyway for javascript to go to a different page (my asp.net page) and get a parameter (link) from it. If link is provided i will show certain content on wordpress site.
Or can javascript download a text file from the server? problem with that is i need a trigger to update the text file.
Any advice is appreciated.
Thanks.
What you should understand is that by "avoiding [PHP] like the plague" you're inadvertently avoiding the proper way of doing things. Javascript is a client-side language, and PHP is a server-side language. By asserting that you only want the load on the client's end (the kind of logic involved in what you want to do isn't exactly lightweight), you can potentially end up with a VERY slow webpage.
Not to mention, this type of situation is analogous to using a hammer to do a backhoe's job.
Either way, to answer your question, yes. You can use the jQuery Load method in tandem with Javascript's Match method.
What you should TRY to do, however, is make a CURL request using PHP, and then cache the page on your server. By doing this, you will limit the number of calls to a given page, and optimize load times.
Please consider the second option, even as an attempt in good practice. Good luck.
Use ajax and connect to a different page (on your server) which is written in server-sided language (like asp.net, as you said), that connects to the remote website.
More about Ajax
This flickr blog post discusses the thought behind their latest improvements to the people selector autocomplete.
One problem they had to overcome was how to parse and otherwise handle so much data (i.e., all your contacts) client-side. They tried getting XML and JSON via AJAX, but found it too slow. They then had this to say about loading the data via a dynamically generated script tag (with callback function):
JSON and Dynamic Script Tags: Fast but Insecure
Working with the theory that large
string manipulation was the problem
with the last approach, we switched
from using Ajax to instead fetching
the data using a dynamically generated
script tag. This means that the
contact data was never treated as
string, and was instead executed as
soon as it was downloaded, just like
any other JavaScript file. The
difference in performance was
shocking: 89ms to parse 10,000
contacts (a reduction of 3 orders of
magnitude), while the smallest case of
172 contacts only took 6ms. The parse
time per contact actually decreased
the larger the list became. This
approach looked perfect, except for
one thing: in order for this JSON to
be executed, we had to wrap it in a
callback method. Since it’s executable
code, any website in the world could
use the same approach to download a
Flickr member’s contact list. This was
a deal breaker. (emphasis mine)
Could someone please go into the exact security risk here (perhaps with a sample exploit)? How is loading a given file via the "src" attribute in a script tag different from loading that file via an AJAX call?
This is a good question and this exact sort of exploit was once used to steal contact lists from gmail.
Whenever a browser fetches data from a domain, it send across any cookie data that the site has set. This cookie data can then used to authenticate the user, and fetch any specific user data.
For example, when you load a new stackoverflow.com page, your browser sends your cookie data to stackoverflow.com. Stackoverflow uses that data to determine who you are, and shows the appropriate data for you.
The same is true for anything else that you load from a domain, including CSS and Javascript files.
The security vulnerability that Flickr faced was that any website could embed this javascript file hosted on Flickr's servers. Your Flickr cookie data would then be sent over as part of the request (since the javascript was hosted on flickr.com), and Flickr would generate a javascript document containing the sensitive data. The malicious site would then be able to get access to the data that was loaded.
Here is the exploit that was used to steal google contacts, which may make it more clear than my explanation above:
http://blogs.zdnet.com/Google/?p=434
If I was to put an HTML page on my website like this:
<script src="http://www.flickr.com/contacts.js"></script>
<script> // send the contact data to my server with AJAX </script>
Assuming contacts.js uses the session to know which contacts to send, I would now have a copy of your contacts.
However if the contacts are sent via JSON, I can't request them from my HTML page, because it would be a cross-domain AJAX request, which isn't allowed. I can't request the page from my server either, because I wouldn't have your session ID.
In plain english:
Unauthorised computer code (Javascript) running on people's computers is not allowed to get data from anywhere but the site on which it runs - browsers are obliged to enforce this rule.
There is no corresponding restriction on where code can be sourced from, so if you embed data in code any website the user visits can employ the user's credentials to obtain the user's data.