stackoom
  简体   繁体   中英

Password protected hyper link with target=_blank

 原文  2008-10-30 17:00:00       javascript/ html

Question

I have a hyper link like this :

<A Href=My_Java_Servlet?User_Action=Admin_Download_Records&User_Id=Admin onClick=\"Check_Password();\" target=_blank>Download Records</A>

When a user clicks on it, a password window will open, the user can try 3 times for the right password.

The Javascript looks like this : 

<Script Language="JavaScript">
  function Check_Password()
  {
    var testV=1;
    var pass1=prompt('Password','');
    while (testV<3)
    {
      if (!pass1) history.go(-1);
      if (pass1=="password") { return true; }
      testV+=1;
      var pass1=prompt('Access Denied - Password Incorrect.','');
    }
    return "false";
  }
</Script>

If user enters the wrong password 3 times, it's supposed to not do anything, but it still opens a new window and displays the protected info, how to fix the javascript or my html hyper link so only the right password will open a new target window, a wrong password will make it do nothing ?

4 answers

solution1
 11  2008-10-30 17:05:58

Clientside JavaScript is perhaps the worst possible way to provide "security". Users can just view the source to see all of your passwords, or just disable JavaScript altogether. Do not do this.

solution2
 7  2008-10-30 17:10:55

Other people have answered your question with the true/false return value but here's some of the problems with the whole idea of checking the password in javascript on the client:

  1. Your javascript source is freely readable by anyone downloading the page - thus showing them the password needed to view the page.

  2. If they don't have javascript enabled then they'll just go straight to the page without getting the javascript prompt.

  3. They could always just copy the link and paste it into their address bar to bypass the password protection. They could also just middle-click the link (which should open it in a new tab/window depending on their browser.)

Even on a private/intranet-only application this would be a laughable security method. :) Please consider re-desinging it so that the password is checked on the server-side portion (like when someone attempts to access the servlet it would render a password box and then post that password back to the server and then allow/deny access.)

solution3
 1  2008-10-30 17:03:28

You might to try returning false rather than "false"

However, you might be better off doing this kind of thing on the server, as I'd image all but novice users will know how to "copy link address" and paste this into their address bar.

solution4
 0  2008-10-30 17:02:58

为什么你返回"false"而不是false

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Remove target _blank for all hyper links in WebView Target _blank in all Link How to add target blank in a link Target=Blank link with OnClick JavaScript Adding link to image and target=“_blank” Add target=“_blank” to link with JavaScript Add target=_blank to every link in a HTML string Close the window after clicking target _blank link jquery: Add class if link has a target blank? ckeditor default target link=“ _blank” not work properly
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM