SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Wizard ryanhellyer's Avatar
    Join Date
    Oct 2006
    Location
    New Zealand
    Posts
    2,323
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exploding data for adding to form

    Hi,
    I have a problem which I can solve with PHP but have a situtation in which I need to do it with javascript, which I unfortunately know next to nothing about

    What I'm trying to do, is to read a basic page on one domain with some text delimited by | symbols. I want to grab each chunk of data between the |'s and insert them into set points in a form on an entirely different domain. I have it setup to use PHP at the moment, but I'd much rather to do it with javascript if possible.


    So I'd have something like the following at http://domain.com/data/:
    Code:
    Bob|Fred|Tom
    And the following page (at http://anotherdomain.com/form/ for example) would display that data as follows:
    Code:
    <html>
    <body>
    	<h4>Form</h4>
    	<form action="http://test.pixopoint.com/externalform/index.php" method="post">
    		Name 1: <input name="colour" type="text" value="Bob" />
    		Name 21: <input name="colour" type="text" value="Fred" />
    		Name 3: <input name="colour" type="text" value="Tom" />
    		<input type="submit" />
    	</form>
    </body>
    </html>

    Any ideas much appreciated

  2. #2
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,702
    Mentioned
    101 Post(s)
    Tagged
    4 Thread(s)
    Sorry, cross-domain scripting (xss) isn't allowed. You'll have to stick with php for that.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  3. #3
    SitePoint Wizard ryanhellyer's Avatar
    Join Date
    Oct 2006
    Location
    New Zealand
    Posts
    2,323
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks.

    Do you know why it isn't allowed? It seems like a useful feature to have available.

  4. #4
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,702
    Mentioned
    101 Post(s)
    Tagged
    4 Thread(s)
    Mostly for security reasons. here are some exploit scenarios.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  5. #5
    SitePoint Wizard ryanhellyer's Avatar
    Join Date
    Oct 2006
    Location
    New Zealand
    Posts
    2,323
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, the following quote from that page was the most interesting for me:
    Quote Originally Posted by http://en.wikipedia.org/wiki/Cross-site_scripting#Exploit_scenarios
    Several high profile security vulnerabilities followed the Netscape introduction in 1995 of the JavaScript language.[31] Netscape began to realize some of the security risks of allowing a Web server to send executable code to a browser (even if only in a browser sandbox). The company introduced the same origin policy in Netscape Navigator version 2.[32] One key problem is the case where users have more than one browser window or tab open at once. In some instances, a script from one page should be allowed to access data from another page or object, but in others, this should be strictly forbidden because a malicious website could attempt to steal sensitive information. The policy forbids browsers to load a script when it crosses the boundary of the current Window object[33] unless the script originated from the same domain and over the same protocol and the same port if port is specified.[32] Essentially, this policy was intended to allow interaction between objects and pages but in theory a malicious Web site would not be able to access sensitive data in another browser window. Unfortunately browser vendors implemented the policy in different ways and the result was unpredictable behavior.[33] The policy also had loopholes, for example, an HTML element embedded in a page or resource at the origin host may link to a script hosted elsewhere and the browser will load that script when it loads the page.[33] Since then, other similar access-control policies have been adopted in other browsers and client-side scripting languages to protect end-users from malicious Web sites but the policies may depend on the user themself to guide access control according to their preferences. For example, digital signatures might identify scripts and their source to the user or user agent before a script can load.[30]


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •