What I want is do this:
var siteBaseUrl = window.location.origin;
But in IE 9 it's returning undefined
Trying to understand how do I use modernizr from the suggestion here:
$window.location.origin gives wrong value when using IE
I updated my code to add this block before my siteurl:
if (!window.location.origin) {
window.location.origin = window.location.protocol + "//" + window.location.hostname + (window.location.port ? ':' + window.location.port : '');
}
var siteBaseUrl = window.location.origin;
So now the above works, but I am not sure if modernizr suggestion in the link above can help me do it differently.
Or may be I am confusing myself and the above code is working due to modernizr.
All modernizr will do in this case is tell you that the method is missing. Since it does not fix/polyfill anything itself, you would have to do the same work.
There would be no difference.
Related
I try to switch the protocol and reload the page via
window.location.protocol = 'https:';
I use https: with a colon instead of http because when I type window.location.protocol in the console, it prints with colon.
But now I found that the code above is not working on Firefox 40, I was told to remove the colon. And I found that the code below has better compatibility, it works on chrome and ff, even FF40 which is not working before.
window.location.protocol = 'https';
To be honest, it's really strange when you set a property with value https, then you get an https:.
My question is: is it a bug of FF40, or my second line of code is the standard way to switch protocol?
window.location.protocol is not writeable, only readable, meaning you cannot change the value.
you can make it dynamically,by testing how the browser return the protocol of the current URL like this:
if(location.protocol.slice(-1)==":")
{
window.location.protocol = 'https:'
}
else
{
window.location.protocol = 'https'
}
I am trying to understand what risk Fortify is seeing here. I am new to XSS work and I want to be sure before I decide this isn't a real issue. I can't see how a person could use this code for anything but messing up their own computer, so I am curious if I am missing something.
Here is the source text
Fortify says that the line where window.location.href is being assigned is the vulnerability. "Unvalidated" data sent to browser.
<c:if test="${isExternalUser}">
<script type="text/javascript">
$(function(){
$('#logoutLink').on('click', function(){
var logoutUrl = window.appSettings.context + '/external/logout/';
$.get(logoutUrl).done(function(){
window.location.href = window.location.protocol + "//" + window.location.host + window.appSettings.context + "/?${ssw:encodeJS(header['policy-signout'])}";
});
});
});
</script>
</c:if>
As far as I can tell there is no risk here.
I can't see any risk.
The only unvalidated data external to the browser is
${ssw:encodeJS(header['policy-signout'])}
which is correctly being JS encoded. Maybe Fortify isn't picking up on this fact.
You could try splitting that line (as a test) just to make sure it is the encodejs that is not being recognised as executing JS encoding.
var policySignout = "${ssw:encodeJS(header['policy-signout'])}";
window.location.href = window.location.protocol + "//" + window.location.host + window.appSettings.context + "/?" + policySignout;
I'm looking for a neat way of getting the URL of the current document in Javascript.
The URL should be clean of parameters (?parameter1=bla¶meter2=bla)
The URL should be clean of hash tags (#jumppoint)
http/https should be removed/consolidated into http
I know i can get the current URL with location.href and then use some regular expressions to clean it up but maybe there is a nicer/cleaner solution for getting rid of the junk?
There are many other parameters than the href in window.location. See full reference here: https://developer.mozilla.org/en/DOM/window.location
What you are looking for as a starter might be the window.location.hostname:
"the host name (without the port number or square
brackets)."
From the example URL http://[www.example.com]:80/search?q=devmo#test the hostname will be www.example.com.
If you also want to include the path and force a http:// protocol, try:
'http://' + window.location.hostname + window.location.pathname;
As a side note, a nifty trick to get the same parameters from another URL than the window.location is to create an empty anchor:
var a = document.createElement('a');
a.href = 'http://www.example.com:80/search?q=devmo#test';
console.log('http://' + a.hostname + a.pathname);
None of the given answers address the fact that the protocol can be http or https as in the OPs title. To accommodate this I suggest:
document.location.protocol +"//"+ document.location.hostname + document.location.pathname
The Location object got what you need
window.location.hostname + window.location.pathname
You have document.location object, so:
var oLoc = document.location,
sUrl = oLoc.protocol + oLoc.hostname;
// or "http://" + oLoc.hostname
You can use these replacement functions to remove the hash and search arguments and normalize https to http:
url = url.replace(/#[^#]*$/, "").replace(/\?[^\?]*$/, "").replace(/^https:/, "http:");
Or, if all you really want is the domain and path, you can just use this:
window.location.hostname + window.location.pathname
Please try this snippet:
if (!window.location.origin){
// For IE
window.location.origin = window.location.protocol + "//" + (window.location.port ? ':' + window.location.port : '');
}
url = window.location.origin + window.location.pathname;
document.write('Origin url: ' + url);
This page indicates that you could probably use window.location.host to get the part you're actually interested in. I haven't tested it, though.
Try:
window.location.hostname;
I'm just building a simple ajax site but running into a problem in safari and chrome. I'm just creating a simple redirect if the user goes to a page i.e.
"/blog"
they would be redirected to
"/#/blog"
code :
url = window.location.pathname
if(url != "/") {
window.location.pathname = "/#" + url
}
This is working great in FireFox but unfortunatly webkit browsers are turning the "#" into a "%23" and giving a 404, for example:
"/%23/blog"
How can I prevent this?
Thanks,
Alex
pathname refers to everything after the host, and before the query string and hash. Consider this instead:
window.location.hash = window.location.pathname;
window.location.pathname = "/";
I'm not exactly sure which browser(s) are implementing the JavaScript spec correctly, but WebKit's behavior seems correct to me.
You are setting pathname, which, by definition, does not include the hash. Webkit is trying to fix that for you (Firefox just made a better guess of what you wanted). Try this:
window.location = '/#/blog';
I want to get the url with javascript. But I just need http://www.mysite.com, without any parameters behind it. any idea how to get that?
Use this:
var url = window.location.protocol + "//" + window.location.host;
window.location.hostname
try
window.location.protocol+'//'+window.location.hostname