使用JavaScript打开新的https浏览器窗口
[英]Open new https browser window using javascript
问题描述
I have situation where in c# code I am adding an onclick client event handler. 
我在C#代码中添加了onclick客户端事件处理程序的情况。 It should do: 它应该做:
Button1.Attributes.Add("onclick", "javascript:window.open('https://"+Request.ServerVariables["HTTP_POST"]+"/reports/?type=1&id=2");
in the end the URL looks like: 最后,URL看起来像:
https://servername/reports/?type=1&id=2
in the reports folder of my site I have a default aspx page that handles those parameters. 在我网站的报表文件夹中,我有一个默认的aspx页面来处理这些参数。
When I click the button with this event, a new window opens but it says there is no page at that address. 当我单击带有此事件的按钮时,会打开一个新窗口,但显示该地址没有页面。 When I use the link like this 当我使用这样的链接时
https://servername/reports/default.aspx?type=1&id=2
The page opens but it's blank. 页面打开,但为空白。
When I run this code as non secure with HTTP, everything works just like it should. 当我使用HTTP以不安全的方式运行此代码时,一切都会按应有的方式工作。 The report opens. 报告打开。
Is there any difference using those two different URLs with default.aspx and without it, because in development it behaves the same way, but under HTTPS one page doesn't exist and another is blank?! 在没有default.aspx的情况下使用这两个不同的URL是否没有区别,因为在开发中它的行为方式相同,但是在HTTPS下不存在一页,而另一页为空白? Is HTTPS the reason for that?? 是HTTPS的原因吗?
Thanks! 谢谢!
3 个解决方案
解决方案1
0 2010-07-30 12:51:40
You may also want to add return=false to your script. 您可能还想在脚本中添加return = false。
String s= "window.open('" + Request.Url.AbsoluteUri.Replace("http", "https") + "');return false;";
ButtonTest.Attributes.Add("onclick", s);
解决方案2
0 已采纳 2010-07-31 14:53:54
Solution found, and I have nothing to say except WOOW! 找到解决方案,除了“哇”,我无话可说! It has nothing to do with ssl or IIS or paths, it's with permisions on windows temp folder, and crystal report couldn't save temporary file. 它与ssl或IIS或路径无关,与Windows temp文件夹上的权限有关,Crystal Report无法保存临时文件。
Hope this will help someone. 希望这会帮助某人。
解决方案3
-1 2010-07-30 10:56:27
JavaScript does not interpolate variable names in string literals.
JavaScript不会在字符串文字中插入变量名称。 You are literally using the server name Request.ServerVariables["HTTP_POST"], and since that's not a real server name (or even valid in a URL) it won't open.您实际上使用的是服务器名称Request.ServerVariables["HTTP_POST"],由于它不是真实的服务器名称(甚至在URL中无效),因此无法打开。JavaScript is a client-side language, it does not have access to
Request.ServerVariables.JavaScript是一种客户端语言,它无权访问Request.ServerVariables。 You would need to use templating to output variables from ASP into the client document, and if you're putting something in a JavaScript string literal you should in general be JSON-encoding, to stop'and\\characters (and a few others) in the text breaking the string.您将需要使用模板将ASP中的变量输出到客户端文档中,并且,如果要将某些内容放入JavaScript字符串文字中,则通常应使用JSON编码,以在其中停止'和\\字符(以及其他一些字符)打破字符串的文本。 If you're outputting to a JavaString string literal inside an HTML event handler attribute , you'd have to JSON-encode the string and then HTML-encode that afterwards.如果要在HTML事件处理程序属性内输出到JavaString字符串文字,则必须先对该字符串进行JSON编码,然后再对其进行HTML编码。 The layers of escaping involved in putting content into event handlers is annoying and error-prone. 将内容放入事件处理程序中涉及的转义层令人烦恼且容易出错。 Avoid it, by not using event handler attributes. 通过不使用事件处理程序属性来避免它。 You probably meant
HTTP_HOST, notPOST.您可能的意思是HTTP_HOST,而不是POST。You don't need
javascript:in an event handler;您不需要javascript:在事件处理程序中; it doesn't do anything.它什么也没做。 You're thinking of javascript:pseudo-URLs in links, but you should never use those either.您正在考虑javascript:链接中的伪URL,但您也绝对不要使用它们。 Put the real URL in a plain link, so that it still works with JavaScript disabled and doesn't break with options like middle-click, and then use JS to augment the link so it opens in a new window when clicked normally.将真实的URL放在一个普通的链接中,以便它仍然可以在禁用JavaScript的情况下使用,并且不会与诸如单击鼠标中键之类的选项打断,然后使用JS扩展链接,以便在正常单击时在新窗口中打开。
This is known as 'progressive enhancement': 这就是所谓的“渐进增强”:
<a class="newwindow" href="https://<%= Server.HTMLEncode(Request.ServerVariables["HTTP_POST"]) %>/reports/?type=1&id=2">
<!-- at end of document -->
<script type="text/javascript">
for (var i= document.links.length; i-->0;)
if (document.links[i].className==='newwindow')
document.links[i].onclick= newWindowClick;
function newWindowClick() {
var w= window.open(this.href);
return !w || w.closed;
// stops link being followed in the current page (return false)
// unless pop-up was blocked
}
</script>
(In ASP.NET 4, you can use <%: instead of <%= to avoid the need to Server.HTMLEncode anything. There's probably not going to be any HTML-special characters in a host name, but it's a good practice to get used to HTML-encoding, because miss it anywhere more critical and you've got yourself an HTML-injection potentially leading to XSS security holes.) (在ASP.NET 4中,可以使用<%:而不是<%=以避免对Server.HTMLEncode任何Server.HTMLEncode 。主机名中可能不会包含任何HTML特殊字符,但是这样做是一个好习惯习惯了HTML编码,因为在任何更关键的地方都会错过它,而您自己已经注入了HTML,可能会导致XSS安全漏洞。)
However this is generally considered an old-fashioned way to template; 但是,这通常被认为是老式的模板化方法。 the ASP.NET HTML controls would often be preferred. ASP.NET HTML控件通常是首选。 You should also consider simply using a target="_blank" attribute instead of all the JS complexity. 您还应该考虑简单地使用target="_blank"属性而不是所有JS复杂性。 (Whilst it is not valid in HTML 4 Strict, it is back in HTML5 and is a bit more maintainable.) (尽管它在HTML 4 Strict中无效,但在HTML5中又回来了,并且更易于维护。)
<asp:HyperLink id="thelink" Target="_blank" Text="some link text"/>
// VBS in Page_Load:
thelink.NavigateUrl= "https://" & Request.ServerVariables["HTTP_POST"] & "/reports/?type=1&id=2";
Finally, you should also definitely consider not having a pop-up at all. 最后,您也绝对应该考虑完全没有弹出窗口。 Many users consider it hostile (if I wanted it in a new window, I'd click 'open in new window'). 许多用户认为它具有敌意性(如果我想要在新窗口中使用它,则可以单击“在新窗口中打开”)。 Plus in some browsers it'll open in a new tab instead of a new window anyway, which you probably don't want. 另外,在某些浏览器中,它可能会在新标签页中打开,而不是在您可能不希望的新窗口中打开。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.