PDA

View Full Version : combo vox load external file into html div



pepe_lepew1962
11-30-2014, 11:05 PM
Hello:

I am trying to load an external file, in this case, php code, into an html div based on what is selected from a combo box. The code I have loads opnes the file, but I would like it opened in the div "contents". Everything I have searched for wants to populate the combo box, I want to populate the div. Can anyone help? This is what I have so far ...





<html>
<head>
<title>Untitled</title>
<script type="text/javascript">
<!--
function nav(f){
var theUrl = f.jump.options[f.jump.selectedIndex].value ;
if (theUrl != ""){
location.href = theUrl ;
}
}
//-->
</script>
</head>
<body>
<form action="no_value">
<select name="jump" onchange="nav(this.form)">
<option value="">----- Select A Page -----</option>
<option value="test1.php">Home</option>
<option value="test2.php">Page 2</option>
<option value="test3.php">Page 3</option>
</select>
</form>
<div id="contents"></div>
</body>
</html>

jscheuer1
12-01-2014, 04:43 AM
<!DOCTYPE html>
<html>
<head>
<title>Untitled</title>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
<script>
jQuery.ajaxSetup({cache: false}); // This line can be removed. But keeping it makes sure that cached copies of the external pages are never fetched
jQuery(function($){
function nav(){
var theUrl = this.value ;
if (theUrl != ""){
$('#contents').load(theUrl);
}
}
$('select[name="jump"]').change(nav);
});
</script>
</head>
<body>
<form action="no_value">
<select name="jump">
<option value="">----- Select A Page -----</option>
<option value="test1.php">Home</option>
<option value="test2.php">Page 2</option>
<option value="test3.php">Page 3</option>
</select>
</form>
<div id="contents"></div>
</body>
</html>

pepe_lepew1962
12-01-2014, 07:37 PM
John, THANKS !!! What might come naturally to you was a huge struggle for me and it works perfectly. Basically what happens is those .php files are scripts to run a MySQL database and the "contents" div are the results. Should I run a validation script to ensure that specific files are run or is this safe as is. Just wondering if it is possible to somehow cheat the .html file into running other scripts?

jscheuer1
12-01-2014, 10:59 PM
There's nothing you can do to prevent what browsers will allow, even on a plain page that has no javascript. So I would say there's nothing to worry about. That said, it might be worth considering what I wrote just a little while back about this, before I had time to think further:

"Hmm, the code in my post loads the pages via AJAX (using jQuery's built in AJAX routines). That guarantees that the page loaded into the content div will be from the same server as the page with the content div on it. But, it is possible that, if a user is savvy and knows the addresses of other available pages on your server, they could load one of those into the content div. But, they would have to go to considerable trouble to do so, and still would not be able to view any page on your server that they wouldn't be able to navigate to directly.

If you're following me, then you will understand why I say no - unless doing that could provide them with some kind of advantage over you. They would not be able to fool others by making them have that experience. They could do it themselves while viewing your page and/or instruct others how to do that. But due to the same domain policy of AJAX they could not put their own page in there for anyone, not even for themselves. And could not even put in another page from your domain for someone else without that other person's knowledge."

So, if any of that seems a threat - though I can't imagine it would be, best to take down any pages you don't want available to the public. But again, this would be true even without any sort of javascript.