My boss wants our site to show an alert if a customer tries to exit the site with items in the cart.
How can I show an alert when the user tries to exit our site? Also I don't want to show the alert if they are just navigating to another page on our site, but only if they are navigating completely away from our site.
P.S. I am not using any frameworks.
There's no simple way to detect leaving a domain. You can detect leaving a page easily with the onBeforeUnload event, but leaving the entire domain isn't so simple. As suggested here, you could probably do this by implementing a single master page that loads all pages in an iframe...
Whilst you can use the onbeforeunload event to determine that the page is trying to leave the site, you can not get the new URL that the page is going to even if it is on your own site as this is a security violation.
The only workaround that I can think of is as suggested in another post by either using a Iframe or full frame, but that gives the difficulty of URL being static and therefore prevents bookmarking.
E.g.:
frame.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script language='JavaScript' type='text/javascript'>
window.onbeforeunload = function (evt) {
return "This is a demonstration that you are leaving me";
}
</script>
<frameset border='0' rows="*">
<frame src='test_page.htm' border=0 scrolling=no frameborder=0 noresize name=top>
</frameset>
</body>
</html>
E.g. Test Page
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
</head>
<body>
Hello World
<p>
<a href='javascript:top.location.href="http://www.google.com"'> Outside link Google</a>
</p>
<p>
<a href='http://www.google.com'> Inside frame link to Google</a>
</p>
</body>
</html>
This allows you to navigate to a link either inside the frame or outside the frame (just as an example both to the same destination). But only if you go outside or close the browser will you be asked if you want to do this?
Related
I have an e-commerce website and I don't want people to do phishing from inspect element (F12 or CTRL + U) on my checkout page.
On NVIDIA AI PLAYGROUND web site they was able to clean the hole site and keep only this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>nvidia-research-mingyuliu.com</title>
<meta name="description" content="">
<meta name="keywords" content="">
</head>
<frameset rows="100%,*" border="0">
<frame src="http://34.216.122.111/gaugan" frameborder="0" />
</frameset>
</html>
The link of the Nvidia clean source code page is: http://nvidia-research-mingyuliu.com/gaugan
I have no idea with language I have to use in order to clean the hole page by javascript or php.
This is not possible. The Nvidia site uses a frameset which loads another page and displays it. The code of this seperate page isn't hidden either. In Firefox it is even possible to inspect the elements of the frame.
I want to show 3 urls inside my page with this code as you can see here:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>
<TITLE>A simple frameset document</TITLE>
</HEAD>
<FRAMESET cols="20%, 80%">
<FRAMESET rows="100, 200">
<FRAME src="http://www.asriran.ir">
<FRAME src="http://www.google.com">
</FRAMESET>
<FRAME src="http://www.yahoo.com">
</FRAMESET>
</HTML>
But when i run my page just one url is loaded why ?
The pages you are trying to load i.e. Yahoo and Google do not allow that by their X-frame-options.
So, it is virtually impossible now.
Note:
HTML5 has depreciated the use of frameset and frame tags. Browsers like Google Chrome (which are widely used) are switching completely to HTML5. So if possible, do not use framesets
Some web servers are preventing iframes for a security purpose. So, you can"t open it in the frame
Finally i install google chrome and iframeallow extension .after that every thing works fine.
I've got a page I'm adding as a Web Resource in a dynamics CRM form. I've developed the code outside the iframe and it works standalone in IE (9+) and Firefox navigating directly to the resource URL. (edited)
Coming back to testing the code embedded in CRM after a days standalone development and now; none of the scripts run when loaded as part of the CRM form. I've tested this by adding small alert scripts at every stage of the javascript load (as follows), now these work in all browsers as far back as IE5, but not when loaded within an IFrame on the CRM form:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascript">
alert("1");
</script>
<!-- etc.. -->
I've also tried creating a local page to load my page in an iframe which also works as expected:
<!DOCTYPE html>
<html>
<head>
<title>Iframe test</title>
</head>
<body style="background: Red;">
<h1>Hello, World!</h1>
<iframe width="500" height="500" src="http://server:5555/...">
</iframe>
</body>
</html>
as this issue only occurs in an IFrame I've run out of ideas for how to debug it. My best guess would be the issue is a conflict with code in the parent page but even then I'd expect my alert at the entry point of the html file would run.
I'm not sure at what point yesterday the code stopped working and don't have a backup unfortunately. I'd appreciate any speculation on why scripts would be abandoned within an IFrame, tips on any extra debugging steps I could try... or a solution =p.
Turned off "Restrict Cross-frame scripting" in the properties for the web-resource on the form which solved the issue.
Thanks for all the help though!
Have you tried adding it as a web resource rather than an iframe? There could be some xss security kicking in. Web Resource should get over that. The Web Resource also has other advantages (dependency aware etc).
I would like to use the code below but want it to happen to the current page when I click the link. Is this possible? Thanks in advance. :)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Open window to fullscreen without f11</title>
<script type="text/javascript">
function openWin(url){
var sw=screen.width;
var sh=screen.height;
newwin=window.open(url,'newwin','width='+sw+',height='+sh+',top=0,left=0,scrolling=0,toolbar=0,direc tories=0,menubar=0,location=0');
}
</script>
</head>
<body>
Coding Forums
</body>
</html>
Have you tried using window.location.href instead of window.open? window.open is used to open new browser window.
No it is NOT possible to open a url and CHANGE THE CHROME in the same window and you should not try either.
There is a horrific hack which opens a new window and closes the parent, but that is even worse.
There USED to be a fullscreen parameter but it was luckily removed. It is not up to the web "designer" to decide the size of the user's window nor to try and remove their history by closing the main window.
If you search for fullscreen here, you will get many, among this one:
How to make the window full screen with Javascript (stretching all over the screen)
A website I wish to tweak is using window.location in order to redirect specific users to a blocking page. That website is doing it in plain <script> tag, so it is impossible to bypass it by overriding the onload event using document.body.setAttribute('onload','');.
Is there another way to inject my code to the page without using Firefox extensions such as NoScript?
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<script type="text/javascript">
if (1) window.location="http://example.net"
</script>
</head>
<body></body>
</html>
This question is tagged "Greasemonkey", but GM cannot/will-not run your script before the redirect script fires. You'd have to write a firefox add-on to do that. Might poke around https://addons.mozilla.org/en-US/firefox/ first.
Sometimes you can use adblock to stop the load of the offending script.
NoScript might be the most cost-effective way, if the site's usable without javascript (although GM javascript will still run -- so you could replace lost functionality with GM code, maybe).
This question appears to be related to this one.