I have the following code to create an inplace editor:
new Ajax.InPlaceEditor('artifact_pretty_display_date_110_in_place_editor', '/artifacts/set_artifact_pretty_display_date/110', {evalScripts:true})
The response looks good to after I change a date:
Element.update("artifact_pretty_display_date_110_in_place_editor", "12/06/2008");
Element.update("artifact_visible_display_date_110", "12/06/2008");
Element.update("flash_message", "<div class=\"flash_message\" style=\"display:block;\">\r\n The Document's date was changed to 12/08/2008. \r\n</div>");
Element.update("flash_error", "<div class=\"flash_error\" style=\"display:none;\">\r\n\r\n \r\n</div>\r\n");
The only issue is my inplace editor field is actually showing this response, it is not getting eval'd. It is like setting evalScripts to true does nothing. Anyone know why this is happening?
Thank you!
Looking at the docs it doesnt seem like evalScripts is a valid option in that context,i think your code needs to look like this:
new Ajax.InPlaceEditor('artifact_pretty_display_date_110_in_place_editor', '/artifacts/set_artifact_pretty_display_date/110', ajaxOptions:{evalScripts:true})
This turned out to be an issue with Scriptaculous's InPlaceEditor using an Ajax Updater as opposed to an Ajax Request object while also using page.replace_html. If you run into this error, it may be worth popping open controls.js from scriptaculous and making sure an Ajax Request object is used in the handleFormSubmission method. If not, you may need to set htmlResponse to true or depending on the version of scriptaculous you may need to set some other flag. That is exactly where my issue lied.
Related
I am learning Website Pen-testing and trying to find XSS vulnerability.I use Firefox Browser.
Here is the site's code for search bar:
My payload is :
a" onmouseover="ALeRT(X)" size="50
which makes the code:
.
However the Payload doesn't get executed as it should. What could be the possible reason?
Since X is not defined, and it is not a variable, the alert function will not do anything and may error. Use alert(1) instead.
I have a grid that pulls data via ajax into the datasource.
Once that data is pulled, I want to modify a bunch at once through JS. I have tried modifying the datasource directly via something like:
gridDataSource._data[j].SomeProperty = 'true;
But that does not reflect in the grid itself. Is there any way to do that? I would also prefer the grid gets marked dirty so I could use the update command to send the data back to the server. Is this possible? Please let me know if I need to clear anything up.
I think you need to use the set method - like this:
var data = $("#grid").data("kendoGrid").dataSource.data();
data[i].set("SomeProperty", true);
After you modify the datasource, you need to refresh.
$('#myGrid').data('kendoGrid').refresh();
Ok, I've been putting together a website for the las couple of weeks.
I got everything working before moving on to next phase. Made a lot of changes but none to the functions that I'm talking about.
basically I have a code:
var grabbedItems = [];
function grab(){
$.post(questions.php, {"grab":"grab"}, function(data){
grabbedItems = data;
console.log(grabbeditems);
}, "json");
}
The function gets called on page load. The problem is that network tab says 200 ok for questions.php, but console.log() doesn't even log anything. I can't think what i've done wrong. i haven't even changed the page that the function is on. What could be the problem, apache says no errors network says 200 ok. But functions are not working. I don't think there is anything wrong with my JQuery file, that returns 200 ok aswell.
Any help would be appreciated.
The problem was with the data in one of the mysql fields. I used a £ sign. for some reason the JSOn didn't like it. Maybe I should look into the coding of the database entries.
I have inserted a block of javascript in then body of a Joomla 2.5 article.
What I want to achieve is to open a default client email engine in order to send some information there.
The code looks like this:
var sendForm = function() {
...
window.open('mailto:admin#admin.com?subject=mailSubject&body=mailBody');
};
What happens actually, when I load the page is that whatever is after the "?" is broken and appears as plain text in the UI.
For example, I have the following stuff in the UI:
?subject=mailSubject&body=mailBody'); }; window.onload = getTotal();
What is wrong? Can you help me to spot the stuff that I am doing it wrong?
Thanks
It seems that this is a Joomla specific problem. I managed to get over it by using the {emailcloak=off}syntax before the actual email address.
Therefore the code looks like this mailto:{emailcloak=off}some#email.com?subject....
You might want to use ? instead of ?, and & instead of &. If you wish, you can refer to the HTML character numbers and names here.
It will not only solve your problem, but also pass the W3C validator.
I have a script that loads the code dynamically. It is kind of a search engine. When I press a search button, the action gets triggered and a new page opens with many parameters.
I want to override one of the parameters generated with the script in the new URL. JS code is quite big and hard to read, but I have found the important part in the Firebug DOM editor.
This is the pattern of the URL generated when you perform the search:
http://www.example.com/...?ParameterOne=123&ParameterTwo=Two&ThisParameter=Sth&ParameterFour=Four...
What I want to edit is "ThisParameter" and change its value. This is the part edited in the DOM that does what I want:
Foobar = {
_options: [],
...
var options = {"ParameterOne":123,"ParameterTwo":"Two","ThisParameter":"ABC","ParameterFour":Four,...}
...
And this is the output of "ThisParameter" when you choose "Copy path" in Firebug's DOM tab:
_options[0].ThisParameter
I am wondering it this is possible at all. What makes me think that it is, is the fact that I can change this parameter in Firebug and it works perfectly. So, if Firebug can edit it, there should be a way to influence it with another script.
Looking forward to any suggestions, thank you in advance!
Since you cannot edit the dynamic script you have the following options:
You have to try to give the script the correct input and hope it uses your value.
Add a script to the results page which will read the url and arguments, change it and redirect, as we discussed here. (If you put everything in functions it should not conflict with the dynamic script if the functions are uniquely named.)
You could try adding something like this jQuery code to the page with the search button:
$('input[name=search_button_name]').click(function(e) {
e.preventDefault();
var form_search = $('#search_form_id');
$('<input>').attr({
type: 'hidden',
name: 'ThisParameter',
value: 'SomethingElse'
}).appendTo(form_search);
f.submit();
});
You can override any js function and method, or wrap you code around it. The easiest thing would be to look at the code you get and once it gets loaded, you re-declare a method with your own functionality.
I you are trying to replace a parameter in a specific jquery request, you can even wrap around the jquerys ajax method:
var jquery_ajax = $.ajax
$.ajax = function(options){
// parse only a specific occurence
if(options.url.indexOf("example.com") > -1) {
// change the url/params object - depending on where the parameter is
options.params.ThisParameter = "My Custom value"
}
// call the original jquery ajax function
jquery_ajax(options);
}
But it would be a lot cleaner to override the method that builds the ajax request rather than the ajax request itself.
I would investigate further on the scope of the variable options (var options), is it global? i.e. if you type 'options' in the Firebug console, does it display its properties?
If so, you could then access it via your own script and change is value, e.g.
options.ThisParameter = 'my-own-value';
You might hook your script to the click event of the search button.
I hope this helps, it could be more specific maybe if you have some sample code somewhere.