SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Oct 2003
    Location
    Durham
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Server Side Scripting - Security in OnClick

    Hi All,

    I am hoping that somebody can shed some light on a particular problem i have.

    I have a DIV structure called DWNewsClientTextArea which will be updated dynamically each time user clicks on the Test Button (on a timer when I get this problem sorted).

    The Code works fine, putting buttons into the DIV etc.
    The Problem seems to be that the Server Side script appends the domain name onto the url and strips out forward slashes '/'

    What I mean is the url of the window opened is this.

    'http://FSERVER/COMMSNewsHeadlinesPractice.doc'

    The Actual REAL x.path value is:
    'http://COMMS/News/Headlines/Practice.doc'

    the script is run on an nt4 server named FSERVER

    Is this a Security feature when using server side-scripting, as the file is sitting on another domain, but how does the server know this when passing as a string?

    I have used x.Name, fi.item(), etc. and all seem to pass the same prefix.
    The contents of the x.Name dows not contain this part.

    vv confused

    Any Help Appreciated


    Here's the code i am using, as follows.

    Within Default.asp

    Code:
    <SCRIPT LANGUAGE="JavaScript" src="./_ScriptLib/RS.HTM"></script>
    <SCRIPT LANGUAGE="JavaScript">
    	RSEnableRemoteScripting("./_ScriptLib")
    </SCRIPT>
    
    <SCRIPT LANGUAGE="JavaScript">
    	function OPENWINDOW(url)
    	{
    	var Popupwin
    	var surl
    	var sname
    	var sfeatures
    	//var sreplace
    
    	sname = "Document LINKER";
    	sfeatures = "width='100',height='100'";
    	
    	Popupwin = window.open(url);
    	Popupwin.name = sname
    	Popupwin.focus();
    	}
    
    	<SCRIPT LANGUAGE="JavaScript">
    
    	function IDX_Search(Folder,Filters)
    	{
    	window.DWNewsClientArea.innerHTML = "Searching...";
    	flder = Folder;
    	idx = "searchIDX";
                 idx = RSExecute("./common/RS_SearchScripts.asp",
                                        "searchIDX",flder,
                                         showResults,showErrors,idx);
              }
    
    //Fill Out IFrame with Results (HTML formated)
                function showResults(idx){
    	rValue = idx.return_value;
    	window.DWNewsClientArea.innerHTML = rValue;
    	}
    
    function showErrors(idx){
    	// Dump raw data
                 msg = "The raw data returned by the remote method call is "
    	msg = msg + idx.data
    	alert(msg);
    	// Display friendlier information
    	msg = "The following error occurred during the " 
    	msg = msg + idx.context
    	msg = msg + " remote scripting call:\n"
    	msg = msg + idx.message
    	alert(msg);
    	}
    </SCRIPT>
    ..Remaining HTML Page includes a Test button
    <input type="button" value="TEST SEARCH" name="TESTSEARCH" onclick="JavaScript:IDX_Search('//PATH/','A','DWNews')">
    This is the scripts used on the Server Side to actualy perform the searching..

    './common/RS_SearchScripts.asp'

    Code:
    
    <% RSDispatch %>
    <!--#INCLUDE FILE="../_ScriptLib/RS.ASP"-->
    
    <SCRIPT RUNAT=SERVER LANGUAGE="JavaScript">
    	var public_description = new MyServerMethods();
    	function MyServerMethods()
    	{
                   this.searchIDX = searchIDXer;
    	  this.add = Function( 'folder','return IDXSearch(folder)' );
    	}
    
    	function searchIDXer(fld)
    	{
                   var fso, d, s,fl,fi;
    	  var x;
    	  var drvpath
                   fso = new ActiveXObject("Scripting.FileSystemObject");
                   d = fso.GetDrive(fso.GetDriveName
                                         (fso.GetAbsolutePathName(drvpath)));
                   s = "Drive " + d.DriveLetter + ": - " + d.ShareName;
      	  f = fso.GetFolder(drvpath);
    	  fl = new Enumerator(f.SubFolders);
    	  s = drvpath + "<br>";
    	  for (; !fl.atEnd(); fl.moveNext())
    	  {
    	  folder = fso.GetFolder(fl.item());
    	  s += folder.Name + "&nbsp;<BR>"
        	  fi = new Enumerator(folder.files);
    	  for (; !fi.atEnd(); fi.moveNext())  {
    	  x = fi.item();
    
    //THE PROBLEM IS WITHIN THIS OPENWINDOW CALL...
    
    s += "<input type='button' value='" + x.Name + "'";
    
    s += " onclick='javascript:OPENWINDOW(\"" + x.path + "\")' ";
    
    s += " id='Button" + x.Name + "' name='button1" + x.Name + "'>";
    
    s += "<br>";
    
    //THIS GIVES THE CORRECT URL..
    //s += x.Path
    //
    	}
            }
            return(s);
      }

  2. #2
    SitePoint Member
    Join Date
    Oct 2003
    Location
    Durham
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Lightbulb Working Solution

    Hi All,

    As there was, no opinions given to this problem, after pulling my hair out, I can now give this forum the solution for fullness!

    The problem was two fold. The first lay on the client side.
    The open window call was losing the formatting within the string.

    Switching to VBscript solved this (was easier than iterating through RegEX)

    The second was opening the resource without the file:// prefix from within the OPENWINDOW parameter.

    Thanks


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •