How to hide the paramters in window.open ..

  • <div class="comment-right-col">

    Hi,

      Can any one help me how to hide the paramters  fromdate and to date.because when ever i click on submit button it takes to another page called load.aspx.

    The url is showing as like below,any one can go and change the params here ,how can i hide it..

    http://localhost/Console/load.aspx?fDate=Thursday, November 01, 2012&tDate=Friday, November 07, 2014

      var fromDate = $find("<%= rdtpDateFrom.ClientID %>").get_selectedDate().toLocaleDateString("en-US");
    
                var toDate = $find("<%= rdtpDateTo.ClientID %>").get_selectedDate().toLocaleDateString("en-US");
                var features = "left=100,top=100,height=1110,width=1440,status=no,resizable=yes,toolbar=no,menubar=no,location=no";
                window.open("../load.aspx?fDate=" + fromDate + "&tDate=" + toDate, "_blank", features, false);
    
            }

     

    </div>

Users will always be able to change your url no matter what you try to do to stop them.  I can press ctrl-N and get your pop-up window in a normal browser complete with address bar to edit how I choose.  Rather than spending time trying to do the impossible,
you should spend time looking at a more secure way of passing your data such as using checksums or hashcodes to see if the data has been altered, or by encrypting the data and passing the encrypted version on the querystring.

Hi,

       You can access your parent elements directly from Child popup using opener, no need to pass to child page as parameter.

Here is the code to refer for accessing parent element from child popup page.

var opener = window.opener;
if(opener) 
  {
    var elementName =opener.document.getElementById("your element name"); 
    if (elementName) 
     { 
       var val = elementName.value; 
     }
  }

thanks,

Avishek

Pls mark this as Answer if helps.

Can you please format it according to my code..

because we are using jq grid the page which i am using in window.open is completely jq grid there is an ashx handler in the url where its calling store dprocedure

From main page i am passing parameters .. 

In the url i need to hide it..can you please format it..

You can’t hide urls or stop the user from amending them.  Doing so would be a massive security risk and you’re wasting your time trying to do so.  Securing the way you send data might not be the answer you want to hear but that doesn’t stop it being the
answer.

In your load.aspx page you can access parent controls using the above code which i have mentioned. But if you can not use javascript to handle data on load.aspx then you have to write data into cookie on the parent page and access those values to load.aspx
through server code.

if(Request.Cookies["keyName"]!=null)
{
   var value=Request.Cookies["keyName"].Value;
}

Hope this will help you. But in either case data which you are passing will not be secured. If you want security then you can go with In-Proc Session.

I can modify the cookies on my machine also, that’s not secure either.

Hi,

 As per your response i want to encrypt in page 1 and decrypt in page 2 here is the way i am doing..please correct it if i make mistake

In page1 — i am calling the function on submit click..

function sample() {

var fromDate = $find("<%= rdtpDateFrom.ClientID %>").get_selectedDate().toLocaleDateString("en-US");
var fd = encodeURIComponent(fromDate);
var toDate = $find("<%= rdtpDateTo.ClientID %>").get_selectedDate().toLocaleDateString("en-US");
var td = encodeURIComponent(toDate);
window.open("load.aspx?fDate=" + fd + "&tDate=" + td);
}

In page 2(load.aspx) i want to decode it..We are using jqgrid and ashx handler..how can i decode it here..please help me

function ByName(name) {
name = name.replace(/[[]/, "\[").replace(/[]]/, "\]");
var regex = new RegExp("[\?&]" + name + "=([^&#]*)"),
results = regex.exec(location.search);
return results === null ? "" : decodeURIComponent(results[1].replace(/+/g, " "));
}
function GetTodate() {
return ByName('tDate');
}
function GetFromDate() {
return ByName('fDate');
}

<script type="text/javascript">
$(function() {
$("#grid").jqGrid({
url: 'handler.ashx?FromDate=' + GetFromDate() + '&ToDate=' + GetTodate(),

bla....bla....bla..

After encrypting i am getting url as like this..but need to decrypt how to do that in load.aspx page

http://localhost/../load.aspx?fDate=Sunday%2C%20November%2004%2C%202012&tDate=Wednesday%2C%20November%2005%2C%202014

Thanks in advance…

Hi mcfarlandparkway,

I suggest that you can first encode your url in your first page,then decode url in your second page.

In your second page ,you can use jquery function to get the parameter from the url, set the value for your  jqGrid function.

Please try the code snippet like below to get the parameter value:

function GetURLParameter(sParam)
{
    var sPageURL = window.location.search.substring(1);
    var sURLVariables = sPageURL.split('&');
    for (var i = 0; i < sURLVariables.length; i++) 
    {
        var sParameterName = sURLVariables[i].split('=');
        if (sParameterName[0] == sParam) 
        {
            return sParameterName[1];
        }
    }
}‚Äč

If your url like below

load.aspx?fDate=xx "+ "&tDate=xx";

you can get the parameter value like below:

var fDate= GetURLParameter(fDate);
var tDate= GetURLParameter(tDate);

Best Regards,

Kevin Shen.

Hi kevin i used your code in the second page (load.aspx)

function GetURLParameter(sParam)
{
   
var sPageURL = window.location.search.substring(1);
   
var sURLVariables = sPageURL.split(‘&’);
   
for (var i
= 0; i
< sURLVariables.length; i++)

   
{
       
var sParameterName
= sURLVariables[i].split(‘=’);
       
if (sParameterName[0]
== sParam)

       
{
           
return sParameterName[1];
       
}
   
}

var fDate=
GetURLParameter(fDate);
var tDate=
GetURLParameter(tDate);

How i can i pass this fDate and tDate to handler.ashx url… (In his way what i passed to handler.ashx)i am not getting data in to grid some where i am doing mistake…

$(function()
{

$("#grid").jqGrid({

url:‘Handler.ashx?FromDate=’
+ fDate +
‘&ToDate=’ + tDate,

}

 

on on page 1 i am using this below function on submit..

function sample() {

var fromDate = $find("<%= rdtpDateFrom.ClientID %>").get_selectedDate().toLocaleDateString("en-US");
var fd = encodeURIComponent(fromDate);
var toDate = $find("<%= rdtpDateTo.ClientID %>").get_selectedDate().toLocaleDateString("en-US");
var td = encodeURIComponent(toDate);

window.open("load.aspx?fDate=" + fd + "&tDate=" + td);

}

 

Hi mcfarlanpar,

You can try the code to get the parameter for your handler,like below:

$("#grid").jqGrid({

url:'Handler.ashx?FromDate=' + GetURLParameter(fDate) + '&ToDate=' +  GetURLParameter(tDate),
}

 

Best Regards,

Kevin Shen.

hi kevin sorry for back and forth but i am not getting data in the grid.

this is my code..

In page 1 i am encoding like below and calling this validate under submit button

 function validate() {
  sample();
               
            }


function sample() {

            var fromDate = $find("<%= rdtpDateFrom.ClientID %>").get_selectedDate().toLocaleDateString("en-US");
               var fd = encodeURI(fromDate);
            var toDate = $find("<%= rdtpDateTo.ClientID %>").get_selectedDate().toLocaleDateString("en-US");
              var td = encodeURI(toDate);
            window.open("load.aspx?fDate=" + fd + "&tDate=" + td);

            }

On load.aspx page here we need to decode it …but the code you provided the function in that where we are decoding?

 function GetURLParameter(sParam) {
            var sPageURL = window.location.search.substring(1);
            var sURLVariables = sPageURL.split('&');
            for (var i = 0; i < sURLVariables.length; i++) {
                var sParameterName = sURLVariables[i].split('=');
                if (sParameterName[0] == sParam) {
                    return sParameterName[1];
                }
            }
        }
       

 url: 'Handler.ashx?FromDate=' + GetURLParameter(fDate);+ '&ToDate=' + GetURLParameter(tDate),

I am not getting data in the grid..

here is my handler.ashx code

public void ProcessRequest(HttpContext context)
        {
string strOperation = forms.Get("oper");
 string strFromDate = request["FromDate"];
  string strToDate = request["ToDate"];

 if (strOperation == null)
            {
                string output = getdata(strFromDate, strToDate);
                response.Write(output);
            }


  private string getdata(string startDate, string endDate)
        {

            string dtStart = Convert.ToDateTime(startDate).ToString("yyyy-MM-dd");
            string dtEnd = Convert.ToDateTime(endDate).ToString("yyyy-MM-dd");

            dtStart = "'" + dtStart + "'";
            dtEnd = "'" + dtEnd + "'";
            DataTable yourDatable = new DataTable();

            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["Main"].ConnectionString);
            SqlCommand cmd = new SqlCommand();
            cmd.CommandText = "spname";
            cmd.CommandType = CommandType.StoredProcedure;
            cmd.Connection = con;
            con.Open();
            cmd.Parameters.Add("@FrmDate", SqlDbType.VarChar).Value = dtStart;
            cmd.Parameters.Add("@ToDate", SqlDbType.VarChar).Value = dtEnd; 
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            con.Close();
            DataSet ds = new DataSet();
            da.Fill(ds);
            ds.Tables.Add(yourDatable);
            return Newtonsoft.Json.JsonConvert.SerializeObject(ds.Tables[0]);
        }

 

 

Hi mcfarlandparkway,

For your issue,below are my suggestion:

First, please check if you can fDate and tDate in the jquery side, when you execute the function GetURLParamter. you can press F12 and set a breakpoint on the javascript code to debug.

Second , I suggest that you should add a breakpoint in the Hanlder.ashx to confirm that if the hanlder can be hit,if the parameter can be passed from the client side to server side.

Last, I suggest that you can set a breakpoint on the server side to check if you have get the expected result from database and return to your page.

Best Regards,

Kevin Shen.

Leave a Reply