I need to make an adjustment in an application developed in Notes, with the classic development without using xpages. The application needs to give the user an alert the moment an action button is clicked. In this button there is a validation in javascript, which when validating successfully submits the form, which in turn executes a lotusscript agent in its webquerysave event. At this point, some processing is performed, and after processing a condition is verified to generate an alert or not. I thought of generating the alert from the confirm function of javascript, but I do not know how to catch the return from the confirm function to know if I keep the agent code or I finish executing and return to the submitted document.
In the application only javascript client side and lotuscript agent are used. I want to know if it is possible from a lotuscript agent to execute a javascript code and return to the lotusscript code of the agent.
It would be very helpful to understand what language you are using to "confirm" the response. In most cases a timeout should be sufficient. Are you getting any kind of response at all?
You say that you are executing the WebQuerySave event. That means that you are submitting your form. If this is classic Domino web development with no AJAXy stuff going on, then the moment you submitted the form the code that is already loaded in your browser is done. The WebQuerySave agent will either directly generate or redirect to a new page, whose code will be loaded into your browser in place of what was already there. The logic in that agent will have to generate new script and set the appropriate field values that tells the script to put up your alert.
*And if there is AJAXy stuff going on, you're going to need to show your code in order for people to have enough understanding of what you're doing in order to help you.
I'm assuming you're trying to check the record against other data as part of the validation before allowing it to be saved. The problem is once a WebQuerySave agent is called the document is posted and you have to direct the user to a new page. So you need to do your validation before the post.
The simplest way is to do an xhttprequest during your javascript validation routine, before posting. You'll need to call a LotusScript agent (or SSJS Rest service or DDS) that returns a value that you can check against before submitting.
Related
I'm totally new to make a website with javascript AJAX. I want to provide every experience on my website with one domain(like Facebook), thus I made every page-changing method with javascript AJAX. At first, when you visit my website, you have to log in, after that it turns to the main page and you can go to several menus with clicking button which triggers page-changing method.
The problem what I faced is.. I've recently seen someone typed javascript code into the console to delete all of his(or her) photos on Tumblr instead of clicking all of that. The idea hit my head.
Every page-changing method in my website also can be called without login. Someone can input page-changing javascript code in the console without login and see the contents of pages.
The first idea came to my head to prevent this situation was, to send id/pw every time when I make a post request to the server and everytime server gets the request, server checks the id/pw to assign the browser to change page. For instance, when a user wants to go to menu A, he(or she) has to send his(or her) id/pw to see the content of menu A.
I thought this is such a bad idea. As I guess it will result overload in server CPU when the server always has to check id and pw(sorry, I don't know well about server CPU and process, this is just my supposition). So I guess there is another way to verify the user and their requests without sending id/pw every time.
Does anyone know about that? Or should I check id/pw with every post requests?
To answer you, you are talking about Cross Site Scripting. Let me first point you to some documents in order to make you aware of what you are dealing with:-
Its called Cross Site Scripting using which a user on the client side inject script in your website and change the different stuff on it.
https://en.wikipedia.org/wiki/Cross-site_scripting
Now to deal with such things there are remedies as following:-
CSRF Token
JWT
Both of them work in somewhat identical way but there are data and payload carrying capacity and encryption involved in JWT and I recommend that.
This is a very known problem in the community and is also pretty old.
On the other hand I will also recommend you to do a data sanitization before storing it into your database. Someone can easily input some JS in your site and you can be defaced in no time.
Have a look at this Sanitizing user input before adding it to the DOM in Javascript
Last but not the least. Stop exposing the functions in the Global level while writing JavaScript. Stop creating global variables and functions and rather use closures.
(function(){
var a =10;
var b = 20;
function add(msg){
console.log(msg)
return a+b;
}
add("I am calling from Inside the self executing function");
})();
add("I am calling from outside the self executing function");
Have a look at the code above and how it protects that add() method to be called from outside.
Hope this answers your questions.
Yes, on stateless scenarios you should send some client identification like a token and verify on the server. Don't worry about the performance :)
You could take a look to JWT: https://jwt.io/
I am trying to create a web interface for a scientific code. The user will provide some inputs and submit through a HTML form. A php script will take the input and run code on server. In the end of it, one or more (not more than 10) images will be created. The code may take few seconds to hours, depending upon the inputs.
How can I show these images on the webpage after completion, and make them available for download?
You will need to have a method that creates a unique identifier upon completion.
So this can be as simple as checking to see if the image exists, and if not notify the user that it is still in progress.
so something like:
if (file_exists($image_file)) { do something... }
else { echo 'Files still in progress....'; }
Assuming your going todo the scientific code in a background process, the issue would be the frontend.
To make it simple, I would assign the job/calculation a unique url, that relates to the results, much like codepad, viper7, JSFiddle do, then while there on the page poll (AJAX) the server for the images/results. Dont even attempt todo any submitted code, while the user waits or on the request thread.
Since mostly a backend guy, I am not sure how can I achieve the following since it
requires some interaction with the browser.
So, I have a the following things so far.
A communication protocol where server is in python and client is in javascript code.
Ultimately, I want my data to reach to that javascript code.
Now, this data is being captured from browser.
As a practice.. what I am trying to do is.. have two radio buttons on my browser and a submit button
*radio A
*radio B
* Submit
Now, when the user presses submit, I somehow want to create a query "user submitted: A (or B)" and this query i am able to capture on python script.
I am at lost on how to do this.
My guess is that "submit" invokes a python script.
But what if my python server is always on .. how do i parse that response from the click of browser to this python server?
This is the way it usually works:
Client (browser) visits webpage and initiates request to server
Server (in your case, Python) handles request and writes HTML response, including the radio-button form
Client fills out form and hits Submit, triggering another request to the server
Server handles the second request and writes another response (e.g. "Purchase successful", "message posted", etc.).
Note that the second request is a brand-new request. You may want some way of linking the first request to the second one unless the second request is anonymous. Some frameworks will do that for you, but if you are making the server from the ground up you'll want some kind of session mechanism to keep track of state.
To get the client to make the second request, the simplest is to add appropriate action and method attributes to the form element in your HTML. action specifies the URL to access for the form request, and method is either GET or POST. (More advanced usage, e.g. on this site, typically uses AJAX to make the submissions instead).
Is it possible to make the script (phantomjs or casperjs) to stop for manual human input (keyboard typing) before going to the next step?
For example, the script will fill out a form and export the whole screen as .png then wait for user input to fill in the last field before click submit. Captcha is one of the barrier required this. I don't want to deal with Captcha breaker / solver or anything like that since it's only one time thing per run.
Any help?
I've never done it, but, I know the script you write that gets executed in the browser/phantom, can send an ajax request to some local webserver. There's your external communication.
->screenshot
->send to local server
->someones open web browser polls the server for new data entry jobs
->human submits one
->server receives submission
->server routes the response back to that initial ajax request
->that ajax request that got sent from phantomjs finally receives a response.
This workflow can be done using any kind of external communication possible from phantom/casper(I'm just not familiar with them). I'm sure ajax works, so i used it as an example.
I have a jQuery plugin I use to dynamically create and render a form on a default.aspx asp.net page, then submit it. The page it gets submitted to is a pdf.aspx page. The page builds a PDF then uses Response.Write to write the file (application/pdf) to the browser. I use the same method to render XLSX files to the browser as well. It works really great, but I need a callback or some event to tell the button when to stop spinning. This prevents the user from continuously clicking the Excel or PDF buttons. Does anyone know a way to detect the file dialog window when it was not created using JavaScript? I am also open to other methods of callback from the server side as well.
The way I do that was suggested in response to a question I asked here a while ago by T.J. Crowder. I can't find the response from the last time I wrote this up because the Stackoverflow "search" facility is so incredibly lame, so I'll probably type in a blog post. The basic idea is that your client code (Javascript) should append an extra parameter when it submits the request for the download. The parameter should contain some generated random string (probably just the current timestamp is good enough). The server then looks for that parameter, and when it's preparing the response with the download file it also sets a cookie and gives it that random value.
Right after the submit (or right before; it doesn't really matter), the Javascript code should start an interval timer with a routine to look at the value of document.cookie and see if it contains that random string. As soon as the cookie does contain that string, then you know that the server has sent back its response and that the file download dialog has been presented.