Results 1 to 3 of 3

Thread: Javascript and server security?

  1. #1
    Join Date
    Feb 2007
    Posts
    36
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Default Javascript and server security?

    I have a file that is used by a number of different clients. It is pulled into their website via iframe.

    On this file, I have put a script that writes content differently, based on the top or parent document's URL. I am using an if/else statement:

    Code:
    parent.document.URL.substr(parent.document.URL.lastIndexOf("/"),6).toLowerCase();
    However, on 2 of the clients, I am getting nothing - no error message, just a blank where the content should be. I then tried to see if I got anything, just from the following on these clients:

    Code:
    parent.document.URL
    top.document.URL
    parent.location.href
    Again - everyone returns the URL of the top document, except these 2 clients - on them, it's not undefined, not error - just blank
    Is there some kind of server security issue that is causing this not to work? Thanx.

  2. #2
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Probably, but even if there isn't, there is obviously a problem in retrieving the information.

    This is why, when client identification is required in these types of situations, the client is generally given an identification code, a string like:

    pj53742

    Then when they call your script, they can either set it earlier on their page:

    Code:
    <script type="text/javascript">
    var pjClientID='pj53742';
    </script>
    Or as a query portion of the URL calling the script, ex:

    Code:
    <script type="text/javascript" 
    src="http://www.yourdomain.com/scripts/thescript.js?id=pj53742">
    </script>
    Then if your other routine returns an empty string, you can look for this variable's or this query's value. Or just rely exclusively upon it for identifying which client is using the script. The variable's value may be easily retrieved, as long as it is set on the page prior to the tag for your script. The query's value can also be easily retrieved, but the best method for doing so would depend upon your server, although - if nothing is available to you there, a client side method can be used.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  3. The Following User Says Thank You to jscheuer1 For This Useful Post:

    Peter Johnson (03-02-2008)

  4. #3
    Join Date
    Feb 2007
    Posts
    36
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Default

    Thank you - I'll give that a try

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •