I'm looking to pass data from a form into an iFrame, but I have a slight problem.
The form page I can edit with no restrictions
The page I send the data to I cannot edit unless its html or JavaScript
The data needs to end up in an iframe within this page, which I can edit with no restrictions
I'm incorporating a search function into a CMS system which is why I cannot edit the iframe's parent page, and why I am using iframes at all.
At the moment the data sends to the parent page but is not picked up within the iframe, I am sending via the POST method.
I got it..
Added and extra page which converted the post data into session data,
if anyone knows a better way i would like to hear it though.
And they are the same domain, but editing the CMS system would have taken ages to look through as its not mainstream or developed by me.
Maybe I'm oversimplifying the problem, but can't you use the "target" attribute of the form tag to post to the Iframe?
Related
My company is using marketo forms, and we are generating the page from a content management system.
We'd like to keep the contribution experience as simple as possible and prevent the user from contributing actual <script> tags.
The API documentation says they will give you a block of code that looks like this:
<script src="//app-sjqe.marketo.com/js/forms2/js/forms2.js"></script>
<form id="mktoForm_621"></form>
<script>MktoForms2.loadForm("//app-sjqe.marketo.com", "718-GIV-198", 621);</script>
My question is, what portions of this code are subject to change?
I am sure the 3 part hypen separated string and the integer being passed in can change.
What about the app-sjqe.marketo.com address?
The 3-part string is your Marketo instance ID, and shouldn't really change. The other integer is the form ID, which definitely will change depending on what form you want to embed.
The other thing that you may want to consider, is the other configurable options that you can send along with the form embed. For example, in the module that I have made for my CMS, I let the user put an optional 'thank-you' page URL, to redirect the form to after submission, and also a checkbox to optionally open the form in a lightbox on page load.
The simple module I made is for the Sitefinity CMS - happy to share code with you if that helps!
I'm basically looking at a security problem between a parent page and an iframe with links to a third party.
I want to send a POST or a GET (doesn't matter which as I can control the other side) to the third party, but not expose any details within it (say a SID or a user token) and have it's HTML content (JS/HTML/Images) loaded into the iframe.
I've looked at server-side redirects, creating a proxy using webclinet/webresponse and am curious to whether there is a good way to do it.
Has anyone ever done this before, or think that the secrity is not possible? Hell, even if I'm barking up the wrong tree on how to solve this.
If anybody has any examples on this it would be greatly appreciated.
Cheers,
Jamie
[Edit] Was thinking I might need to add some more details.
Say I have a parent page: https://mycompany.com/ShowThirdParty.
This has an iframe in it at the moment which will have the content of another component (also owned by me, or another team more specifically)
Basically I'd like to send some credentials to content in the iframe in such a way that the external pages can't read it, the iframe is put into a modal (I've done that) and the iframe has the restricted content with the auhtentication almost seamless and invisible.
I currently have it working as a GET url generated dynamically via JS and then passed into the iframe src parameter, obviously that isn't secure.
I kind of want some kind of server side redirect across a full url, but I don't even think that's possible.
You could try using AJAX and load a PHP script (with any parameters to the script encoded/encrypted) to query the 3rd party page and load the response into the iframe. Not really sure how your code is setup but there should be a way.
It can also be done by POST Method (submit the data to iFrame using POST) as it is HTTPS so the data you send to iFrame is encryped.
My application has "survived" many Facebook API changes, to the point where it's quite messy.
Anyway: I'm no longer able to POST a simple HTML form. The entire page reloads and no data is saved.
I've tried several things. Changing the "action" url to include several Facebook parameters, changing the target (canvas_iframe) but to no avail.
Has anyone else encountered problems with this?
try to write absolute path in "action". Its not important include Facebook parameter
Give site url("www.example.com/") as the value of the action attribute rather the Canvas URL(http://appifylabs.com/facebook/yourapp/processform.php)
e.g
if processform.php is the script that will manipulate your form so give the value
site_url = "www.example.com/";
action="<?php echo site_url; ?>processform.php"
I have a jsp form which takes in user details. On submit button it goes to a jsp page where the details are entered into the database. But before that I would like to check if the username is available as soon as the user clicks the check availability button. How can this be done?
2 ways:
Just redisplay the same page after submitting the form wherein you conditionally display the validation message. This is rather trivial and already covered in the Hello World example in our Servlets wiki page.
Use Ajax to send an asynchronous HTTP request and manipulate the HTML DOM based on the response of the request. This requires a bit more in depth understanding of how websites really work and what JavaScript is. You can find some concrete examples in How to use Servlets and Ajax?
Use AJAX(Asynchronous Javascript and Xml). Its the best web2.0 technology. You can manipulate DOM based on the answer from server
I have a blog on BlogSpot.com, and I have a domain based on my own name. I want to have a URL on my site (like http://www.mydomain.com/blog) that will then pull in the content from my blog page, but I want the URL in the address bar to stay on http://www.mydomain.com/blog, so that it does not look like you left my site.
(I have a Windows hosting account on 1and1.com)
I did Google this question, and I found how a few things, like:
1: Adding a tag in to "refresh". Tried this, but it changes the address bar.
<meta http-equiv="refresh" content="0; URL=http://myblog.blogspot.com" />
2: I also learned about the html iframe thing, but it has height and scrollbar issues.
3: Then, I found this partial code snippet, but I don't know what to do with it, or if it will even work against the BlogSpot server, or on my server:
<%
Set objHTTP = Server.CreateObject("Microsoft.XMLHTTP")
objHTTP.Open "GET", "http://myblog.blogspot.com", false
objHTTP.Send
Response.Write objHTTP.ResponseText
%>
I am a client app guy, so this web stuff is all new to me.
Any help will be greatly appreciated.
The third option will probably work for the initial page load, but any links on the page will then direct the user to the BlogSpot page, and change the url. It simply fetches the page from blogspot, and then sends it to the user without any changes.
For me, the changing url is not a big deal, as long as it's easy for the user to get from one to the other easily; have prominent links on either page that tell the user where they go. Most people don't care about the url, they just care about the content.
Using an IFrame is probably your best bet. Many Facebook applications are in IFrames and still integrate very well.
I think using a regular frame or an iFrame is probably the easiest solution. What kind of scrollbar issues did you encounter? You can set custom values for some of these attributes, just check out the documentation here:
http://www.w3schools.com/TAGS/tag_iframe.asp
If you didn't want to use frames, you could actually proxy the entire page using a server side application like Squid. However, this is more difficult to setup, requires the ability to install software and configure firewall/iptable settings on your host, and must be configured properly to prevent malicious abuse.
-Mark
Here are some options you can try:
If you have PHP installed:
<?php
echo file_get_contents('http://myblog.blogspot.com'); // or you can use fopen()
?>
Or Server-Side-Includes installed:
<!--# include virtual="http://myblog.blogspot.com" -->
You can also pull blog content from Blogspot using the Blogger Data API.
The advantage of this is that you can reformat and reorganize the content to match the style of your website. The disadvantage is that it's more work than an iframe, and you probably won't match the full functionality of Blogspot.
I'm playing with this now to see whether I can use Blogspot as a type of CMS for a club news system.