With media players on site we use the History API and XHR to allow navigation through the site without causing page refreshes (i.e. causing the media to stop).
This works nicely until the following scenarios:
A. The user changes the URL in the address bar.
B. The user selects a bookmarked page.
C. The user clicks on a Facebook widget that requests another page.
Is there a way to intercept the changed URL and handle it without causing a page refresh, of course we are talking about URLs to the same domain here.
Have there been changes to the window.onbeforeunload event that means we can cancel the leave and obtain the new URL without informing the user?
window.onbeforeunload has not changed. And I think that what you are trying to do is not possible, since that would allow a malicious web page to prevent a user from ever leaving a page (unless he would close the browser/tab).
Related
I've had a look around but I cannot seem to find the answer. Due to the "security" team at my company, they have stated that a website we have recently built, when a user navigates away from the website, we need to destroy the session.
Currently it's using a JWT token stored in the local browsers session, so when the user closes the browser the token will be destroyed.
So I know I can hook into window.onbeforeunload but this would also happen if the user refreshes the page, I don't think that would be acceptable behaviour for a website (refresh the page and now you are logged out). And there is also the Reload Site? popup that appears.
Does anyone know a way to detect that the user is navigating away from the angular app opposed to just reloading the page?
I have the next task - I have a page where we have some interaction logic:
After a user clicks a button, my script redirects the user to another site where it must be populate 2 textfields then click button, after redirect to new page it must click on another button.
My project is based on ASP.NET MVC4.
My questions are:
May I do all of this?
If yes, how can I redirect to another page and run my script
P.S.: Second web site isn't my site and everything I know is id of buttons where I need to click.
Elaborating on my comment
You cannot do this in a normal browser. You could write a bookmarklet or two that would navigate and click but there is no script you can write in a web page that will do what you want for security reasons. A long time ago, it was possible in IE to load a banking site into an iFrame and script and monitor user interaction to steal credentials. This has been blocked.
If you save an HTML page with the extension HTA, it can be loaded from harddisk in windows and will have relaxed security so you could load the other site into an iFrame and script the interaction. This is likely not what you want.
The last method is to use for example CURL to get the foreign page, insert stuff and submit the form to the foreign site and return the result. This is not recommended either.
So the question to you is: Why do you need this and are there other ways to do what you want
1) location.href = "http://another.page.com"
2) impossible for security purposes
I was wondering if there is any method of checking if a site will bust out of an iframe before my app puts it in an iframe.
Alternatively maybe someone knows of a database api that has this info.
Currently I'm using a beforeunload event to prevent a site from taking over the page the user is currently on.
I'm making a static HTML demo that emulates the behavior of a web portal that logs you out when you press the back button.
How might one do this using javascript? Is it possible?
It is generally considered bad form to override the behavior of the Back button.
You can use cookies to send a value between pages. For the demo, the logout page could set a "LoggedOut=1" cookie. Then in the top of all of your site's pages, have javascript that checks for the cookie. If set, redirect the user to the home page. The trick is that you have to use javascript to handle the redirect since the script has to already be in the user's browser cache.
Note that this doesn't add any security to the app. It just adds a layer of obfuscation.
It is possible to hack with iframe element to hijack previous entry in the browser history, so single click of back button will return to 'not logged in' state. GMail uses that heavily, thats why they still have 'basic HTML' webmail UI.
I thought that JavaScript didn't allow you to update the browser's URL (for bookmarking, etc) without doing a full page refresh. Facebook seems to accomplish this in their photos application, though. When I click "next" to see the next photo, the new photo loads and the URL updates, but the whole page doesn't refresh. Does anyone know how they accomplish this?
They don't update the URL per se, they only update the Hash (i.e # followed by instructions). The hash is never sent to the server, but can be used to go to anchor points in the DOM (built in browser functionality), or used as a hook for JavaScript. Upon page load with a hash variable set, they send an Ajax-request to fetch the corresponding photo. The initial page load will, however, load the picture indicated by the url before the #-character.