stackoom
  简体   繁体   中英

Is it possible to prevent that a popup be opened directly as opposed to being opened by Javascript?

 原文  2016-05-11 18:35:01       javascript/ c#/ asp.net

Question

The application I'm working on relies on many popups. Those popups rely themselves on query strings. If someone can just type the url in the browser address bar, the page will throw an error as the query strings values are dynamically constructed. 

function myFunction(id)
{
    window.open("mypopup.aspx?id=" + id); 
}

Is there a why to prevent the page from displaying if the requester of the page is not a Javascript? If someone type something like: 

https://mycompanyname.com/path/mypopup.aspx

It shouldn't let the user do so. Or, at least check whether the requester is not javascript so I can display a message or redirect the user to a different page? Otherwise, without all those pieces of data needed to construct a request, the page will throw an exception.

Thanks for helping.

3 answers

solution1
 1 ACCPTED  2016-05-11 18:41:35

Validate the query string directly in myPopup.aspx, if something is missing just redirect or display a message.

Use the Request.QueryString collection to validate in myPopup.aspx.

There is no easy way to validate if the request came from javascript as far as I know. You could try creating a token to validate that the sender is the one you expect, but if you only need to validate the parameters, no need to worry about who is sending the request.

solution2
 1  2016-05-11 18:45:01

The page cannot differentiate how it was requested, if both requests come from a same browser.

However, you can include in query string to differentiate them.

For example, 

window.open("mypopup.aspx?request=javascript&id=" + id);

If a user intentionally type in https://mycompanyname.com/path/mypopup.aspx?request=javascript , so be it. I won't worry about it.

solution3
 1  2016-05-11 18:50:12

Popups are browser windows too. So it will be tricky to check if the window requesting the page is normal window or popup.

  1. You should restrict the users to see on what url the popup is being opened you can hide the address bar. So user can not copy or know the what's in the url. window.open('/pageaddress.html','winname','directories=no,titlebar=no,toolbar=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,width=400,height=350');

  2. Setup a token based validation. Make request to server( Ajax request ) to get a random token(with one time validation mechanism and expire it), You can send the token in the query string and validate it on server if it's same issued token. Identify if the requested page have valid token(popup) otherwise deny the request or show error message. Think of how captcha works, you just need to do it programmatically.

Though it's also not the best solution as token information can be sniffed through network traffic tracker tools like fiddler but it's will work to prevent manual requests.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Prevent refreshing if the popup is opened Check if a popup is being opened Prevent blocked popup to be opened by Firefox JavaScript : Prevent showing alert when the url being opened is invalid Calling a javascript function in iFrame opened with Fancybox popup Closing a popup window from a window the popup was not opened in using javascript Prevent restoring of focus when closing popup menu opened on mouse over javascript / CSS - block clicking on elements (buttons) outside last opened popup and gray all outside last opened popup Popup windows being blocked if opened through mousedown event Is it possible to access the DOM inside an opened javascript window?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM