Member Avatar for jdavenport

In the javaScript function below, is there anything I can add to the window.open so that the parameters passed in the URL do NOT show in the window that is opened? It is okay if the script path shows, I just need to hide the parameters. If that is not possible, can I have it show no URL show at all?
Many thanks,
Julie

function OpenTest2(ID,course,test)
{
	var agree=confirm("Are you sure you want to Launch this test?");
	if (agree){
	path = "testing_center/frameset.cfm?TestID=" + ID + "&UserID=<CFOUTPUT>#session.userID#</CFOUTPUT>";
	window.open(path ,'popuppage','scrollbars=yes,fullscreen=yes');
	return false;
	 }	 
	else 
return false;
}

If it's a question of security, then there's no way to absolutely guarantee that a determined user will not somehow discover the testID/userID parameters. Any data that goes client-side is vulnerable.

If it's just a question of hiding something rather ugly, then you can suppress the opened window's address bar with window.open(path ,'popuppage','scrollbars=yes,fullscreen=yes,location=no'); .

Most popular browsers will reveal the address bar with some simple key-press, eg F11.

An alternative approach would be to use a modal dialog within the main window. This is more involved but can be achieved with eg. the javascript libs jquey/jqueryUI, typically with ajax to fetch the data to be displayed in the dialog.

Airshow

since you seem to be passing very minimal data, try setting some cookies instead of passing the data via url. Then on the server retrieve the data from the cookies.

In "The Scripts" section of http://www.quirksmode.org/js/cookies.html you will find three very useful functions. Save them as cookies.js and import them into your page. Then use them to create a cookie for each of the data you want to "pass" to the server.

The drawback is of course that the user will require to have cookies enabled.

Member Avatar for jdavenport

Airshow: it's more security than cosmetic; the system is used for taking placement tests, and we've had a couple students save the url and go back to it later (the tests are proctored, but not all proctors are vigilant, apparently). I did try the location=no and it did nothing, it IE or Firefox. The URL address still showed.

Hielo: cookies might work, and should not be a problem, because I think cookies are used in other parts of this system already.

Thank you both for the help!
Julie

Julie,

I think you need to run with Heilo's cookies.

There are other ways to pass data invisibly between windows but Cookie is as good as any and simpler than some.

Airshow

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.