I want to redirect to another website outside of my domain, such as this:
<img src="http://url.to.file.which/not.exist" onerror=window.open("www.google.com","xss",'height=500,width=500');>
I put the above code into a simple html file. However, it keeps appending the file path before "www.google.com" when the pop up show up. Is there a way to remove?
You missed the protocol - http(s):// - before the domain
<img src="http://url.to.file.which/not.exist" onerror=window.open("https://www.google.com","xss",'height=500,width=500');>
Use the full URL: window.open("http://www.google.com"...
To use an absolute url you need to specify the protocol. In your case you want http://.
So just change www.google.com to http://www.google.com
Related
I have a link in the phtml file
<a href="mywebsite.com/contact">
I want to write a function that would grab the value of the url and I will have something like
<a href="{mywebsite}/contact">
so if I change the domain - link will get updated automatically. How can I do that?
Roa is correct. You can exclude the domain name and the uri will resolve to the current domain. Do be careful as if you exclude the leading / the browser will resolve as if a relative directory from the current uri. For example, the following when clicked from the root of your domain (say index.php) would resolve to the /contacts page. If this new page contained the same link, then pressed again it would load the /contacts/contacts uri. To summarize, remember your leading /.
contact
I have two websites. Domain.com and DomainTwo.com
Domain.com hosts all of the content and DomainTwo.com mirrors that content using a simple iFrame.
What I'd like to do is make it so if I link to "DomainTwo.com/folder/samplefile.jpg", the iFrame matches the URL and creates an iFrame for Domain.com/folder/sampelfile.jpg.
In other words, you wouldn't be able to tell DomainTwo.com is actually iframing anything unless you viewed the source code of the page.
Thank you!
Have you tried plopping the URI in your iframe src?
<iframe src ="http://Domain.com<?=$_SERVER['REQUEST_URI']?>">
in javascript it would be something like:
document.getElementsByTagName("iframe")[0].src = "http://domain.com" + location.pathname;
Of course clinking inside the iframe will not update the url. You'd probably be better of using wildcard domain, domain mapping, or whatever that's called.
right now the jsp code will create html like below
<a href="xxxxxx">
<img width="143" height="143" src="http://yyyyyyyy.jpg">
</a>
while loading the page the yyyyyyyy.jpg will be redirect to xxxxx.jpg
Since the yyyyyyyy.jpg is provided by other service provider i dont know whether one image will be redirect or not .
My question is : is there any way i can do in js , to detect a image redirected or not or can i test all url in when document ready to know whether one image url will be redirected.
Thanks
If the URL does not have matching domain, protocol and port, then you can't see if it redirects (because of Same Origin Policy) with JavaScript only, unless it explicitly allows you to via CORS.
You could use a server side language to detect it.
I'm capturing data from an external url using php and throwing it back to my page via ajax to load images. My problem is the external url have some images that are relative("images/example.jpg") so I have to prepend their base domain("http://www.example.com) so I can load it in my page. Problem is some of the images includes a base domain url yet some are in their relative form. Im guessing maybe use regex in my javascript to the determines the string if it have a base("http://example.domain.com") or just a relative("images/") to it. How can I achieve that through regex?
If you can parse it in PHP - I'd do what alanhaggai suggested: parse_url. If you need to go this in javascript: just check if there's a protocol at the start (eg: http:// https:// ftp://). Basically check for :// in the first dozen or so characters of the url.
Parse the URL from within the PHP script using parse_url. If the associative array does not contain the keys host or scheme, you can rewrite the URL to include them.
You won't be able to distinguish between a relative url like "images/blank.gif" and a relative url that has "www.theirdomain.com/images/blank.gif". Who is to say that "www.theirdomain.com" isn't a directory?
If the url does not start with http://, https:// or // it is relative to the url of the page where you scraped them from.
Is there any way instead of a JS hack where I can post from an iframe to another page outside the iframe?
the iframe is posting data to a 3rd party and then just responding back with a URL which is the redirection URl thus we cannot set the form target. We are PCI compliant and thus we cannot use window.parent.location = url;
What it boils down to, it seems, is this:
1. You get a text url from a 3rd party in the iframe.
2. You want to change your page's location to that url.
3. Unless you have control over that 3rd party, all you are going to get is that text url.
Now, the only way to change your page's location automatically is with window.parent.location (or window.location.)
If changing the url of the page with javascript is not PCI compliant then you're trying to do something that is not PCI complicant.
<form> accepts a target parameter, e.g. target="_parent"
In an anchor tag you can set target='_parent' this will cause the url to be loaded into the parent window.
No, the only way is by using javascript. But it's not really a hack to use window.parent.location = url;