 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / HTML, CSS, Scripts / JavaScript / May 2005Accessing posted form objects via JavaScript
Using ASP you can access posted form elements. Is it possible to access them from JavaScript? myHTML.htm <form action=myASP.asp> <input type=hidden id=f1 value=val1> <input type=hidden id=f2 value=val2> <input type=submit value="Choose Me"> </form> myASP.ASP response.write(request("f1")) Note. I need to use METHOD="POST". The idea is that I'll hit myASP.asp using SSL and f1 and f2 will store a userid/pw. If I use METHOD="GET" the userid/pw will be appended to the URL and sent via clear text. Observation: There is different if I used id or name in form e.g. <input type="button" name="f1" /> In order to connerct btw asp file and html. > Observation: There is different if I used id or name in form e.g. > <input type="button" name="f1" /> > In order to connerct btw asp file and html. Yes, `id' attribute values are not submitted, `name' attribute values are. This is why the `name' attribute is not deprecated in HTML 4.01 or XHTML 1.0 for form controls and those elements have a `name' attribute in XHTML 1.1 although other elements have not. PointedEars  SignatureThere are two possibilities: Either we are alone in the universe or we are not. Both are equally terrifying. -- Arthur C. Clarke > Note. I need to use METHOD="POST". The idea is that I'll hit > myASP.asp using SSL and f1 and f2 will store a userid/pw. If I use > METHOD="GET" the userid/pw will be appended to the URL and sent via > clear text. If you use post they are still sent via clear text, just not in the URL. Use HTTP with SSL (HTTPS) if you want to encrypt the data. SignatureDavid Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/> Home is where the ~/.bashrc is I was trying to explain that the METHOD="GET" which would allow JavaScript to parse the URL would not work for me as I wanted to pass userid/pw as form variables (not part of URL). I intend to use SSL to encrypt the form variables as you suggest. > I was trying to explain that the METHOD="GET" which would allow > JavaScript to parse the URL would not work for me as I wanted to pass > userid/pw as form variables (not part of URL) ... but the *reason* you gave for that is you didn't want them sent in clear text - which is bogus. If its SSL then they aren't sent as clear text. If its not SSL then they are. It doesn't matter if its POST or GET. SignatureDavid Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/> Home is where the ~/.bashrc is David Dorward schrieb: > > I was trying to explain that the METHOD="GET" which would allow > > JavaScript to parse the URL would not work for me as I wanted to [quoted text clipped - 4 lines] > clear text. If its not SSL then they are. It doesn't matter if its > POST or GET. Yes and no. I think what the OP meant is that GET is certainly greater a security risk than POST, since URIs are stored in the browser history and POST requests usually require confirmation before sent again. Without SSL, it *is* still sent a clear text, however not that easy to notice. PointedEars The GET appends form data to the URL. SSL does not encrypt the URL. If the URL was encrypted how could the routers get your request to the required server? > The GET appends form data to the URL. SSL does not encrypt the URL. > If the URL was encrypted how could the routers get your request to the > required server? Routing does not occur based on the URL. The _browser_ extracts the hostname/domainname from the URL, then does a DNS lookup to obtain the IP of that host. Routing then occurs based on the IP address -- not even the host name. In-between, packet sniffers wouldn't even be able to tell what hostname you were after, only the IP address of it. >> The GET appends form data to the URL. SSL does not encrypt the URL. >> If the URL was encrypted how could the routers get your request to [quoted text clipped - 10 lines] > hostname > you were after, only the IP address of it. As described above, of course the URL is encrypted using SSL. And think about it, what would be the point of SSL if it didn't encrypt _all_ traffic between server and client, including the client's GET requests? SignatureGrant Wagner <gwagner@agricoreunited.com> comp.lang.javascript FAQ - http://jibbering.com/faq >Using ASP you can access posted form elements. Is it possible to >access them from JavaScript? You can write ASP code in VBScript or Javascript _ or other languages< if you install the proper support. ASP is a platform, not a language. JavaScript is usually used for client-side scripting. You can't access the posted form elements there because they haven't been posted yet. You can examine the elements of the form and retrieve or set the values stored in them. >myHTML.htm ><form action=myASP.asp> ><input type=hidden id=f1 value=val1> ><input type=hidden id=f2 value=val2> ><input type=submit value="Choose Me"> ></form> >myASP.ASP >response.write(request("f1")) This statement would execute on the server, before the page is sent to the client computer. As I said earlier, you can use either VBScript or Javascript to write this stuff. -- Tim Slattery Slattery_T@bls.gov I would like to create a client-side JavaScript function within MyHTML1.htm that could access user and pw (posted in MyHTML0.htm) MyHTML0.htm { <form action=https://myHTML.htm" method="post"> <input type=hidden id="user" value="john"> <input type=hidden id="pw" value="cool"> </form> } MyHTML1.htm { <script> Alert("user is " + client_side_forms_object["user"] + " pw is " + client_side_forms_object["pw"]) </script> } This is pseudo-code. I'm sure client_side_forms_object is not a valid client-side JavaScript object. Does a client-side (browser) JavaScript object allowing access to posted form elements exist? > I would like to create a client-side JavaScript function within > MyHTML1.htm that could access user and pw (posted in MyHTML0.htm) [quoted text clipped - 18 lines] > valid client-side JavaScript object. Does a client-side (browser) > JavaScript object allowing access to posted form elements exist? You keep emphasizing 'posted' - form data is posted to a server, where it is presumably processed in some way. Read the FAQ (as you should have previously) for information on how to read the contents of form controls *before* posting, at the client. http://www.jibbering.com/faq/#FAQ4_13 I did read the FAQ. If you use method="GET" the form elements are appended to the URL. I don't want the userid/pw transmitted in clear text as part of the URL. I will be using HTTPS so the form data will be encrypted. Reading the form elements before the post or get does me no good as I need the URL specified in the ACTION of the FORM to use the form elements. A page on website A calls a page on website B. Website B needs the user id/pw from website A to log into the system. "Choxio" schrieb: > I did read the FAQ. I doubt that. > If you use method="GET" the form elements are appended to the URL. Actually, pairs or names and values of HTML elements, namely not disabled form controls, delimited with an ampersand character, are appended to the URI, not the HTML elements. > I don't want the userid/pw transmitted in clear text as part of the > URL. I will be using HTTPS so the form data will be encrypted. ACK > Reading the form elements before the post or get does me no good as I > need the URL specified in the ACTION of the FORM to use the form > elements. > > A page on website A calls a page on website B. Website B > needs the user id/pw from website A to log into the system. So Web site B, more precisely _resource_ B, has to process the data submitted by Web site A, i.e. resource A. It does not matter what platform or language is used for that as long as the underlying application is a CGI application (which ASP scripted with *server-side* JScript certainly is). So your question was: | Is it possible to access them from JavaScript? The correct answer already given several times is "yes". That includes all ECMAScript implementations where there is a language binding provided by the CGI application, including Microsoft JScript to be used with ASP (on IIS). But if your question would have been "Is it possible to access them with client-side JavaScript?", the correct answer would have been "no". See? PointedEars I have done quite a bit of googling trying to track down a way to "...access them with client-side JavaScript?" I have not found a way of doing this so perhaps you're correct. BTW, why do you doubt I read the FAQ? The FAQ does not address this issue. Perhaps you should review http://www.jibbering.com/faq/#FAQ4_13 or even better post an URL of a FAQ discussing this problem. And "ACK" - please elaborate. I refined my question on May 18th (a day after my original post) to: "Does a client-side (browser) JavaScript object allowing access to posted form elements exist?" Instead of wasting your time attacking previous posts perhaps you should spend a bit more time reading the thread and address the question at hand. Based upon other's posts I realized I was asking the wrong question and refined my post. > I have done quite a bit of googling trying to track down a way to > "...access them with client-side JavaScript?" I have not found a way > of doing this so perhaps you're correct. > > BTW, why do you doubt I read the FAQ? Because it's obvious from your posting stlye that you have not read it, in its entirety. > The FAQ does not address this issue. Probably not. It *does* address the issue of posting/quoting to this group though. > Perhaps you should review http://www.jibbering.com/faq/#FAQ4_13 or > even better post an URL of a FAQ discussing this problem. Before you make it that far into the FAQ, you would have made it to section 2.3, paragraph 1: <quote> Before posting to clj, you should thoroughly read this document </quote> And then paragraph 6: <quote> When replying to a message on the group trim quotes of the preceding messages to the minimum needed and add your comments below the pertinent section of quoted material, as per FYI28/RFC1855 (never top post). </quote> Note the part about quoting what you are replying to. <snip> SignatureRandy comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly > BTW, why do you doubt I read the FAQ? Because your posting behavior tells so. > The FAQ does not address this issue. It includes a description of accepted ways to post to a newsgroup, particularly this one. > Perhaps you should review http://www.jibbering.com/faq/#FAQ4_13 Are you kidding? *I* should review the FAQ regarding *your* problems? You must think that this is a support forum or something like that, and that I am your support agent. > [...] > And "ACK" - please elaborate. <http://www.restlessmind.com/jargon/?entry=ACK> > I refined my question on May 18th (a day after my original post) to: > "Does a client-side (browser) JavaScript object allowing access to > posted form elements exist?" Instead of wasting your time attacking > previous posts perhaps you should spend a bit more time reading the > thread and address the question at hand. Based upon other's posts I > realized I was asking the wrong question and refined my post. You better cool down quickly. You posted a new question in an old thread as a side note on the bottom of a posting. It was likely that it got overlooked. However, yes, a client-side JavaScript object for that exists, but I don't think it is available outside of an XUL environment. Look into <http://livehttpheaders.mozdev.org/>. PointedEars |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.