Javascript error - javascript

Error: Permission denied for sitename to get property Location.href from sitename.
I have an iframe in a webpage. This iframe has Click here to register link that redirects to the new window webpage. I am getting the above error when click here is clicked.
Please help in this issue.
<a href="javascript:openEventReg()" is called when click here is selected
<script>
function openEventReg()
{
username=document.getElementById('username').value;
var id = gup( 'id' );
var eventname;
return ("/registration/eventregister.php?event=testing&uname="+username);
}
function gup( name )
{
name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
var regexS = "[\\?&]"+name+"=([^&#]*)";
var regex = new RegExp( regexS );
var results = regex.exec( parent.location.href );
if( results == null )
return "";
else
return results[1];
}
</script>


This is the intended behaviour in modern browsers. Frames are not allowed to access their parents in any way unless they reside on the same domain. This is done in an attempt to prevent cross-site scripting attacks.


put your redirect function in your main html. On click just call parent.funcName().

Related

Javascript redirect - remove parent location

I am using a javascript form script and I want to redirect to an external website. I set the redirect to www.paypal.me but it actually redirects the user to www.mysite.com/www.paypal.me
How can I edit the code below to instead redirect the user to the actual site, not prefaced by my own URL?
var redirect = "www.paypal.me";
...
this.submitOK = function(){
if( redirect == '' ){
showThankYouMessage();
return;
};
try{
if( parent ) parent.location.href = redirect;
}catch(e){
location.href = redirect;
};
}
}

Here you can find a small overview over the redirect methods in js: https://appendto.com/2016/04/javascript-redirect-how-to-redirect-a-web-page-with-javascript/
To a redirect use something like this:
<script>
var locationn = "https://google.com";
window.location = locationn;

Using browseForDoc() to define file path for saveAs() in javascript

I lurk this site all the time, but I think I have exhausted my options to find the info that I need.
I just want a button to trigger acrobat to run the browseForDoc() function, take the cPath the user selects and use that as the path for the saveAs() function. It seems like it should be easier than it has been. That is a folder-level script for adobe acrobat.
I get an error of "missing ; before statement 14". Besides that, it doesn't work. Please let me know what I am doing wrong.
//get windows user name
var getLoginName = app.trustedFunction(
function(){
//Get and return the user's login name
app.beginPriv();
return identity.loginName;
app.EndPriv();
}
);
var fileExt = ".pdf";
var filePath = function(cFS, cPath, bPromptToOverwrite){
this.cFS:cFS;
this.cPath=cPath;
this.bPromptToOverwrite=bPromptToOverwrite;
}
//Open save dialog,return user input values and saveas
var mySaveDialog = app.trustedFunction(
function browse(cPath,oDoc){
app.beginPriv();
app.browseForDoc(){bSave: true, cFilenameInit: oDoc, cFSInit: ""};
return this.cPath;
var myPath = new filePath{cPath: browse.cPath};
this.saveAs(myPath,myFile+fileExt);
app.endPriv();
}
);

Redirecting custom button URL based on User Role/User Public Group membership

I need to add some URL parameters in the Send Email button in Email related list in Case detail page.
I have added a custom detail page button with execute javascript. Below is the button code.
var loc;
var uRoleId = UserInfo.getUserRoleId();
if(
"{uRoleId}" == "General Permissions Team"){
loc = "/ui/core/email/author/EmailAuthor?p2_lkid=0031500001e729m&rtype=003&p3_lkid=5001500000TkUwp&retURL=%2F5001500000TkUwp&p26=xyz#gmail.com";
}
else{
loc = "/ui/core/email/author/EmailAuthor?p2_lkid=0031500001e729m&rtype=003&p3_lkid=5001500000TkUwp&retURL=%2F5001500000TkUwp&p26=test#gmail.com";
}
window.top.location.href = loc;
Now when I click on the button , I get a javascript error that user info is not defined.
Can you help me point out whats the issue with the button code.

UserInfo is not available in JavaScript. Instead you need to use {!$UserRole.Name} to get the role.
Try this:
var loc;
var uRoleName = "{!$UserRole.Name}";
if( uRoleName == "General Permissions Team"){
loc = "/ui/core/email/author/EmailAuthor?p2_lkid=0031500001e729m&rtype=003&p3_lkid=5001500000TkUwp&retURL=%2F5001500000TkUwp&p26=xyz#gmail.com";
}
else {
loc = "/ui/core/email/author/EmailAuthor?p2_lkid=0031500001e729m&rtype=003&p3_lkid=5001500000TkUwp&retURL=%2F5001500000TkUwp&p26=test#gmail.com";
}
window.top.location.href = loc;

js to password-protect directories

Is it possible to password protect (from website users) certain directories on a server? It doesn't have to be secure as it's only meant to prevent learners from downloading/accessing materials from other courses. The learners are not very tech-savvy so it's not a big deal.
Say I have directories with 3 courses:
/course1
/course2
/course3
and I'd like each directory to have its own password so I can email learners doing course1 its url and password.
How would I do it? I have a very limited access to the server so client side is the only option.

Download the example here.
Thinking about Maximillian Laumeister’s idea I came up with this. This may not be a perfect solution but should work.
You store all resources on the server encrypted, encoded as base64 in plain text files. Separated by a comma you prepend the desired mime type. E.g.
main: (CryptoJS.AES.encrypt('Read more', "hello").toString();)
text/html;U2FsdGVkX19Tdq6V7swK/7NgnwR8JgZ1dYZEkfT9hx+QKzFrpyqKeuo0Tv25ozYkAxIIt65G9DKmOYU6tmZ0Dp/I4BuopQ/3xHClB+K+BX8=
more: (CryptoJS.AES.encrypt('<h1>More</h1><p>Lorem ipsum dolor sit</p>', "hello").toString();)
text/html;U2FsdGVkX19GdZ+SRQ9vM2Amiyu0OqOOSX7X5IOCcLfHMpHHgI0h/mxS8iuUggfqmFBN+yXy53z445ZW1mAlHQ==
In hyperlinks you have to place something in URLs (_/) causing a 404 which can be removed later on and you have to specify the protocol including the server. This is the only way the script can intercept the request, stop it, request the correct URL and decode the response. (The 404 is needed because browsers will otherwise download the specified file directly and will not call the load event handlers.)
You then create an index.html page which contains an iframe and requests the user to enter a password which is then kept in some scope so that no XSS attack could retrieve the value.
<html>
<head>
<meta charset="utf8">
</head>
<body>
<iframe id="theIframe"></iframe>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="script.js"></script>
</body>
</html>
This allows you to request an URL, decode the received base64 content and try to decrypt it with the given password. You would then set the decrypted content as the iframe’s content via a data URL.
(function(){
var iframe = document.getElementById("theIframe");
var password = prompt("Enter the password!");
var allowEvent = true;
function presentURL(url){
allowEvent = false;
var req = new XMLHttpRequest();
req.addEventListener("load", function(){
var splitters = this.responseText.split(";", 2);
var type = splitters[0];
var encrypted = splitters[1];
var decrypted = CryptoJS.AES.decrypt(encrypted, password).toString(CryptoJS.enc.Utf8); //Decrypt
var data = window.btoa(decrypted); //Encode the decrypted data into base64
iframe.src = "data:" + type + ";base64," + data;
});
req.open("GET", url);
req.send();
}
presentURL("/main");
iframe.addEventListener("load", function(e){
e.preventDefault();
if (allowEvent){
iframe.contentWindow.stop();
//remove the 404 cause and call presentURL
presentURL(iframe.contentWindow.location.href.replace(/_\//, ""));
}
else {
allowEvent = true;
}
});
})();
The above example uses CryptoJS and may not work across browsers!
This code actually works!

If you care zero about security this could be done in a few ways. Here is a rough example to get you thinking about the logic you may need for this;
Consider the following code:
var password = '12345678';
function showBody() {
// Password matches?
if ( document.getElementById( 'code' ).value == password ) {
// Show secret stuff and hide password box
document.getElementById( 'container' ).style.display = 'block';
document.getElementById( 'code' ).style.display = 'none';
}
}
document.body.onload = function () {
// Hide the secret stuff
document.getElementById( 'container' ).style.display = 'none';
// Create a password box
var input = document.createElement( 'input' );
input.setAttribute( 'type', 'password' );
input.setAttribute( 'id', 'code' );
// Append the password box
document.body.appendChild( input );
// Listen for the password
document.addEventListener( 'keyup', showBody, false );
}
<body>
<div id = 'container'>
I am hidden
</div>
</body>
Keep in mind there is more than one way to do this. This is simply an example so you can get started writing your code and get the general idea of how the logic for this type of thing could be done. It is very insecure and you should definitely consider other solutions from the server.

change URL using javascript Jquery

I'm trying to change the URL in the address bar using javascript.
So if the user access the page using
www.example.com/ajax/project8.html
Url should be changed automatically to
www.examp.com/#cbp=ajax/project8.html

shouldn't be any harder than this:
window.location = "http://whatever.you.want.com"

UPDATE
So you want your site to redirect to another page when the url is www.example.com/ajax/project.aspx?id=whatever and id=xxx could be any id.
To achieve that you need a function that returns the query string parameter value eg:id=whatever
Then check if the current url needs to be redirected to another page. If this is the case then redirect to new url with same parameter value.
/*
function that returns a query string parameter value
this function works with many parameters
Eg: www.example.com/#cbp=ajax/project.aspx?myParam=hello&id=1283&otherParam=234
to get the param value just give it the parameters name
getQueryStringValue("id") returns : 1283
getQueryStringValue("myParam") returns : "hello"
*/
function getQueryStringValue( name ){
name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
var regexS = "[\\?&]" + name + "=([^&#]*)";
var regex = new RegExp( regexS );
var results = regex.exec( window.location.href );
if( results == null )
return "";
else
return results[1];
}
//current url
var currentUrl = location.href;
//check if current url contains www.example.com/ajax/project.aspx
if (currentUrl.indexOf("www.example.com/ajax/project.aspx") != -1 ){
//new url for redirection
var newUrl = "www.example.com/#cbp=ajax/project.aspx?id=" + getQueryStringValue( "id" );
//redirect to new page
location.href = newUrl;
}

Try this code
if (window.location.href == 'www.example.com/ajax/project8.html') {
window.location = 'www.examp.com/#cbp=ajax/project8.html';
}

you can set all things like
window.location.href = "www.examp.com/#cbp=ajax/project8.html"
for more details how you will manage all url parameter then please see
JavaScript and jQuery url managment

window.location.href = "#cbp=ajax/project8.html";
you can change the value written after # to any location , div id etc.
e.g
window.location.href = "#myDivID";

<meta http-equiv="refresh" content="0; url=http://example.com/" />
Note: please put on header
or
<script type="text/javascript">
window.location.assign("http://www.example.com")
</script>

Categories

Resources