I want to get the previous page URL query string parameters
document.referrer
gives the previous URL but not query string parameters. Is there any way to get that in javascript?
the purpose of reading that is I don't have any control on the previous page and I wanted those parameters in the next call.
I am doing an integration where the login page pop-ups of some third party were based on the client id it asks for the permissions to Allow. once user allows that it redirect to the "redirect URL" passed in the parameter with 2 parameters in query string.
Now I don't have any other way to find out which user has given the access. If I can get the client id on my current page I can get to know that this user has granted the login.
If is there any other way to do it please help me. Or let me know if anything else is also required
Related
I created a form with Html, CSS and JavaScript and an API with ASP.NET for the HTTP request. Users will have a link to fill in the form. Is there any browser id or IP which I can get so prevent the user to submit multiple times the form?
Disable the submit button is not an option
The form has to be anonymous so a unique id for the users is also not an option
you could make like a cookie in java script that doesn't expire. after that you could make a if else state and check for the cookie if it exists in the browser
value_or_null = (document.cookie.match(/^(?:.*;)?\s*MyCookie\s*=\s*([^;]+)(?:.*)?$/)||[,null])[1]
// Put your cookie name in in place of MyCookie.
if (value_or_null = 1)
{
//redirect to other page
}
else
{
// let him do the form
}
There is no 100% safe way, as returning users could have cleared they cache or something. Also, tracking the IP could potentially work, but you ask for full anonymity...
If you want your server to have authority on this decision, the only information you will have or can use is the IP address. Even that would not be accurate if your users hop on different VPNs and stuff.
What I think could work is if the link for the users to access the form is unique for each user. You'd generate a UUID, that way it cannot be guessed if users want to answer more than one. That UUID would have no link to any user, it would just be stored in a list of VALID UUID and get removed when the user uses it to answer.
The link would provide the UUID through query param, the javascript would then add its value to the form when being sent.
If you do not link that UUID to a userId or if the email sent (or its content) is not stored, this would provide anonymity.
The application I'm working on relies on many popups. Those popups rely themselves on query strings. If someone can just type the url in the browser address bar, the page will throw an error as the query strings values are dynamically constructed.
function myFunction(id)
{
window.open("mypopup.aspx?id=" + id);
}
Is there a why to prevent the page from displaying if the requester of the page is not a Javascript? If someone type something like:
https://mycompanyname.com/path/mypopup.aspx
It shouldn't let the user do so. Or, at least check whether the requester is not javascript so I can display a message or redirect the user to a different page? Otherwise, without all those pieces of data needed to construct a request, the page will throw an exception.
Thanks for helping.
Validate the query string directly in myPopup.aspx, if something is missing just redirect or display a message.
Use the Request.QueryString collection to validate in myPopup.aspx.
There is no easy way to validate if the request came from javascript as far as I know. You could try creating a token to validate that the sender is the one you expect, but if you only need to validate the parameters, no need to worry about who is sending the request.
The page cannot differentiate how it was requested, if both requests come from a same browser.
However, you can include in query string to differentiate them.
For example,
window.open("mypopup.aspx?request=javascript&id=" + id);
If a user intentionally type in https://mycompanyname.com/path/mypopup.aspx?request=javascript, so be it. I won't worry about it.
Popups are browser windows too. So it will be tricky to check if the window requesting the page is normal window or popup.
You should restrict the users to see on what url the popup is being opened you can hide the address bar. So user can not copy or know the what's in the url.
window.open('/pageaddress.html','winname','directories=no,titlebar=no,toolbar=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,width=400,height=350');
Setup a token based validation. Make request to server(Ajax request) to get a random token(with one time validation mechanism and expire it), You can send the token in the query string and validate it on server if it's same issued token. Identify if the requested page have valid token(popup) otherwise deny the request or show error message. Think of how captcha works, you just need to do it programmatically.
Though it's also not the best solution as token information can be sniffed through network traffic tracker tools like fiddler but it's will work to prevent manual requests.
I'm trying to build a Chrome extension and clearly I'm a n00b.
I want to display some links on the right side of Google's result page, based on the query the user has searched.
But I'm just not able to get hold of the user query string!. I cannot depend on parsing URL since, the URL remains the same even though the user has made a second search. Let me clarify with a use case:
User enters a search query "testing time" via omnibox and clicks on
enter. URL has now become
"https://www.google.co.in/search?q=testing+time"
Now from within the results page, user changes the query to "testing again" and clicks on enter. The URL will remain what it was earlier, "https://www.google.co.in/search?q=testing+time".
How then shall I get hold of the query string?
For the case 2 mentioned by you, you should see #q=testing+again at the end of the URL.
You can get it via
location.hash.split("=").pop(); //you might have to unescape it
OR alternatively you can read the new query from the text box itself. (I would prefer this method)
document.getElementsByName("q")[0].value
I have a URL using which users access my jsp web application
http:/testerpages.com/testpage/menu1?userId=27
how can i hide userID=27 from users and show the url something like
http://testerpages.com/testpage/menu1
is there any method by which we can hide parameters from users or we can just ignore the ids but there is a threat for security if we show id parameters in a url directly to front end users
i m calling this page using
Menu1
HEX(AES_ENCRYPT(userid,'"key"'))
use it in your sql or mysql query that will aes encrypt your userid i made use of it in mysql
that should solve your problem
You could transfer this parameters als GET whicht don't show in the url, but are also very easy to read and modify. Instead I would use some kind of encrytion and validation code for session ids. This would prevent users and attackers from accesing other users sessions.
You could store the user ID in the session after the user logged in. When a user accesses the menu page, you can still get the ID from the session, and you will not need to put it into the URL.
I have a windows authenticated site. When I load the URL in browser, it will redirect automatically by logging into the web site using Windows Authentication.
I am trying to get a request to a site using JavaScript, also I am able to alert the resolved page data i.e. even through JavaScript windows authentication is done.
My question is after resolving to the authenticated page, my page URL also get changed, so is there any way to retrieve the URL...
For suppose if I give http://mysite.com then after authentication it is resolved to something like this http://mysite.com/{user-id}
Now I want to get the user id using JavaScript. Can some one please help me here...
You can get the URL with window.location.
If your URL really is as simple as http://mysite.com/1, for example, you can get the ID with
var user_id = parseInt(window.location.pathname.substr(1), 10);