Passing text to Different Sites

Discussion in 'Javascript' started by BrendanMcPherson@gmail.com, Aug 4, 2006.

  1. Guest

    Hello,

    Im try to do some tricks to help make a "Search Many Sites from One
    Location".
    http://www.act.org.au/b_nexus.htm

    What I have decided to do is this:
    1. You can choose which site you wish to visit from the first page,
    after pressing go it takes you to a frame page.

    2. Inside the frame is the site, and a hidden frame

    3. the hidden frame should be able to take the variable from the url
    place it in a text box,
    then place the text in that text box to the external sites textbox and
    then submit.

    giving them the search result

    so far I have made the page for choosing the sites, made the sites
    frame pages.
    But the frame within those pages I cant get to take the variable from
    the URL
    and place it inits textbox, also I dont know from there how i can make
    a Timeout
    so that it then passes that text information on to the external site
    and submits it.

    Any ideas or suggestion would be greatly appreciated.
    , Aug 4, 2006
    #1
    1. Advertising

  2. Guest

    wrote:
    > Hello,
    >
    > Im try to do some tricks to help make a "Search Many Sites from One
    > Location".
    > http://www.act.org.au/b_nexus.htm
    >
    > What I have decided to do is this:
    > 1. You can choose which site you wish to visit from the first page,
    > after pressing go it takes you to a frame page.
    >
    > 2. Inside the frame is the site, and a hidden frame
    >
    > 3. the hidden frame should be able to take the variable from the url
    > place it in a text box,
    > then place the text in that text box to the external sites textbox and
    > then submit.
    >
    > giving them the search result
    >
    > so far I have made the page for choosing the sites, made the sites
    > frame pages.
    > But the frame within those pages I cant get to take the variable from
    > the URL
    > and place it inits textbox, also I dont know from there how i can make
    > a Timeout
    > so that it then passes that text information on to the external site
    > and submits it.
    >
    > Any ideas or suggestion would be greatly appreciated.


    Most browsers prevent cross-site scripting, and for good reason.

    Most search engines can be searched with the right url, eg:
    http://groups.google.com/groups?q=passing texts to different sites
    paste this into an address bar or pass it as the url of a new window
    and you will see your questions as the first result.

    A complete and free working example of searching any number of external
    websites inside iframes, can be found at:
    http://darwinist.googlepages.com/htmldesktop.html

    Press the "help" button to see examples of how you might create a new
    search box.

    Use as little or as much of the code as you like.

    hth
    , Aug 4, 2006
    #2
    1. Advertising

  3. Guest

    > Most browsers prevent cross-site scripting, and for good reason.
    >
    > Most search engines can be searched with the right url, eg:
    > http://groups.google.com/groups?q=passing texts to different sites
    > paste this into an address bar or pass it as the url of a new window
    > and you will see your questions as the first result.
    >
    > A complete and free working example of searching any number of external
    > websites inside iframes, can be found at:
    > http://darwinist.googlepages.com/htmldesktop.html
    >
    > Press the "help" button to see examples of how you might create a new
    > search box.
    >


    Thanks> I do know that search engines use. words added to their URL.
    but the search sites Im using dont.

    So i have to use a hidden frame to hold the Variable.

    ALL I NEED TO KNOW IS..
    how do i get a frame within a window to be able to read the last
    characters from the URL,
    after the ? question mark.
    then how do i add that to its textbox and then transfer that to another
    frames textbox
    and have the same frame thats submitting it to the other text box, make
    the other frame SUBMIT.

    thanks for your help anyway
    , Aug 4, 2006
    #3
  4. darwinist Guest

    wrote:
    > > Most browsers prevent cross-site scripting, and for good reason.
    > >
    > > Most search engines can be searched with the right url, eg:
    > > http://groups.google.com/groups?q=passing texts to different sites
    > > paste this into an address bar or pass it as the url of a new window
    > > and you will see your questions as the first result.
    > >
    > > A complete and free working example of searching any number of external
    > > websites inside iframes, can be found at:
    > > http://darwinist.googlepages.com/htmldesktop.html
    > >
    > > Press the "help" button to see examples of how you might create a new
    > > search box.
    > >

    >
    > Thanks> I do know that search engines use. words added to their URL.
    > but the search sites Im using dont.
    >
    > So i have to use a hidden frame to hold the Variable.
    >
    > ALL I NEED TO KNOW IS..
    > how do i get a frame within a window to be able to read the last
    > characters from the URL,
    > after the ? question mark.
    > then how do i add that to its textbox and then transfer that to another
    > frames textbox
    > and have the same frame thats submitting it to the other text box, make
    > the other frame SUBMIT.
    >
    > thanks for your help anyway


    If these search engines:
    a) don't accept forms submitted from your domain, and
    b) don't allow search by url

    Then they're sending a pretty clear message, or else their own system
    is built wrong.

    What you are describing is cross-site scripting, and can be a serious
    security threat, so most web-browsers prevent it.

    hth

    ---
    http://darwinist.googlepages.com/htmldesktop.html
    (A free, open-source, web-based IDE, windowing system, and desktop
    environment, in 31kB of html and javascript.)
    darwinist, Aug 4, 2006
    #4
  5. Randy Webb Guest

    darwinist said the following on 8/4/2006 3:50 AM:
    > wrote:
    >>> Most browsers prevent cross-site scripting, and for good reason.
    >>>
    >>> Most search engines can be searched with the right url, eg:
    >>> http://groups.google.com/groups?q=passing texts to different sites
    >>> paste this into an address bar or pass it as the url of a new window
    >>> and you will see your questions as the first result.
    >>>
    >>> A complete and free working example of searching any number of external
    >>> websites inside iframes, can be found at:
    >>> http://darwinist.googlepages.com/htmldesktop.html
    >>>
    >>> Press the "help" button to see examples of how you might create a new
    >>> search box.
    >>>

    >> Thanks> I do know that search engines use. words added to their URL.
    >> but the search sites Im using dont.
    >>
    >> So i have to use a hidden frame to hold the Variable.
    >>
    >> ALL I NEED TO KNOW IS..
    >> how do i get a frame within a window to be able to read the last
    >> characters from the URL,
    >> after the ? question mark.
    >> then how do i add that to its textbox and then transfer that to another
    >> frames textbox
    >> and have the same frame thats submitting it to the other text box, make
    >> the other frame SUBMIT.
    >>
    >> thanks for your help anyway

    >
    > If these search engines:
    > a) don't accept forms submitted from your domain, and
    > b) don't allow search by url
    >
    > Then they're sending a pretty clear message, or else their own system
    > is built wrong.



    Or you are simply submitting them improperly.

    > What you are describing is cross-site scripting,


    Technically, it is cross-domain scripting.

    > and can be a serious security threat,


    True.

    > so most web-browsers prevent it.


    "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    a default security environment.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Aug 4, 2006
    #5
  6. darwinist Guest

    Randy Webb wrote:
    > darwinist said the following on 8/4/2006 3:50 AM:
    > > wrote:
    > >>> Most browsers prevent cross-site scripting, and for good reason.
    > >>>
    > >>> Most search engines can be searched with the right url, eg:
    > >>> http://groups.google.com/groups?q=passing texts to different sites
    > >>> paste this into an address bar or pass it as the url of a new window
    > >>> and you will see your questions as the first result.
    > >>>
    > >>> A complete and free working example of searching any number of external
    > >>> websites inside iframes, can be found at:
    > >>> http://darwinist.googlepages.com/htmldesktop.html
    > >>>
    > >>> Press the "help" button to see examples of how you might create a new
    > >>> search box.
    > >>>
    > >> Thanks> I do know that search engines use. words added to their URL.
    > >> but the search sites Im using dont.
    > >>
    > >> So i have to use a hidden frame to hold the Variable.
    > >>
    > >> ALL I NEED TO KNOW IS..
    > >> how do i get a frame within a window to be able to read the last
    > >> characters from the URL,
    > >> after the ? question mark.
    > >> then how do i add that to its textbox and then transfer that to another
    > >> frames textbox
    > >> and have the same frame thats submitting it to the other text box, make
    > >> the other frame SUBMIT.
    > >>
    > >> thanks for your help anyway

    > >
    > > If these search engines:
    > > a) don't accept forms submitted from your domain, and
    > > b) don't allow search by url
    > >
    > > Then they're sending a pretty clear message, or else their own system
    > > is built wrong.

    >
    >
    > Or you are simply submitting them improperly.
    >
    > > What you are describing is cross-site scripting,

    >
    > Technically, it is cross-domain scripting.
    >
    > > and can be a serious security threat,

    >
    > True.
    >
    > > so most web-browsers prevent it.

    >
    > "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    > a default security environment.


    Good to know. I said "most" because I didn't know if there were any
    major exceptions.

    > --
    > Randy
    > comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    > Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    darwinist, Aug 4, 2006
    #6
  7. Randy Webb Guest

    darwinist said the following on 8/4/2006 4:28 AM:
    > Randy Webb wrote:
    >> darwinist said the following on 8/4/2006 3:50 AM:


    >>> so most web-browsers prevent it.

    >> "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    >> a default security environment.

    >
    > Good to know. I said "most" because I didn't know if there were any
    > major exceptions.


    It doesn't take knowing, it only takes a little reasoning to figure it
    out. If a browser did allow it, it wouldn't take long for people to
    figure it out and stop using the broken outdated piece of crap.

    Too bad your posting Agent isn't any better than a browser that did
    allow cross-domain scripting.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Aug 4, 2006
    #7
  8. Guest

    >
    > If these search engines:
    > a) don't accept forms submitted from your domain, and
    > b) don't allow search by url
    >
    > Then they're sending a pretty clear message, or else their own system
    > is built wrong.
    >
    > What you are describing is cross-site scripting, and can be a serious
    > security threat, so most web-browsers prevent it.
    >


    They may as you say "sending a clear message" that they dont want
    there systems used in that way. I have written to all the owners of
    the sites I will be using and do have their permission.

    Since most browsers will not allow cross-site scripting.

    Does anyone know how to do this:

    send to a new window a variable in the URL
    then have that variable appear in the new windows text box and then
    after a period
    the submit is automatically clicked.
    , Aug 4, 2006
    #8
  9. darwinist Guest

    wrote:
    > >
    > > If these search engines:
    > > a) don't accept forms submitted from your domain, and
    > > b) don't allow search by url
    > >
    > > Then they're sending a pretty clear message, or else their own system
    > > is built wrong.
    > >
    > > What you are describing is cross-site scripting, and can be a serious
    > > security threat, so most web-browsers prevent it.
    > >

    >
    > They may as you say "sending a clear message" that they dont want
    > there systems used in that way. I have written to all the owners of
    > the sites I will be using and do have their permission.
    >
    > Since most browsers will not allow cross-site scripting.
    >
    > Does anyone know how to do this:
    >
    > send to a new window a variable in the URL
    > then have that variable appear in the new windows text box and then
    > after a period
    > the submit is automatically clicked.


    If you have their explicit permission, then they need to know it's not
    technically possible for security reasons, although a very small change
    on their part could make it so (eg the url interpretation).

    It's up to them if they let you search their website. If it's only a
    small technical problem standing in the way, rather than their
    intentions, then they may be happy to fix it.

    hth
    darwinist, Aug 5, 2006
    #9
  10. darwinist Guest

    Randy Webb wrote:
    > darwinist said the following on 8/4/2006 4:28 AM:
    > > Randy Webb wrote:
    > >> darwinist said the following on 8/4/2006 3:50 AM:

    >
    > >>> so most web-browsers prevent it.
    > >> "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    > >> a default security environment.

    > >
    > > Good to know. I said "most" because I didn't know if there were any
    > > major exceptions.

    >
    > It doesn't take knowing, it only takes a little reasoning to figure it
    > out. If a browser did allow it, it wouldn't take long for people to
    > figure it out and stop using the broken outdated piece of crap.


    People who knew about these things, sure. A lot of people use shitty
    browsers in blissful ignorance of the dangers lurking.

    > Too bad your posting Agent isn't any better than a browser that did
    > allow cross-domain scripting.


    What's wrong with google groups?

    > --
    > Randy
    > comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    > Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    darwinist, Aug 5, 2006
    #10
  11. Randy Webb Guest

    darwinist said the following on 8/5/2006 1:35 AM:
    > Randy Webb wrote:
    >> darwinist said the following on 8/4/2006 4:28 AM:
    >>> Randy Webb wrote:
    >>>> darwinist said the following on 8/4/2006 3:50 AM:
    >>>>> so most web-browsers prevent it.
    >>>> "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    >>>> a default security environment.
    >>> Good to know. I said "most" because I didn't know if there were any
    >>> major exceptions.

    >> It doesn't take knowing, it only takes a little reasoning to figure it
    >> out. If a browser did allow it, it wouldn't take long for people to
    >> figure it out and stop using the broken outdated piece of crap.

    >
    > People who knew about these things, sure. A lot of people use shitty
    > browsers in blissful ignorance of the dangers lurking.


    All browsers are susceptible to the dangers lurking. Some just more so
    than others.

    >> Too bad your posting Agent isn't any better than a browser that did
    >> allow cross-domain scripting.

    >
    > What's wrong with google groups?


    It's easier to tell you what is right with it. It's a great research
    tool to search the archives. For posting, it's a piece of crap.

    The least it could do would be to recognize a properly delimited
    signature and strip it when quoting.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup
    weeklyJavascript Best Practices -
    http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Aug 5, 2006
    #11
  12. darwinist Guest

    Randy Webb wrote:
    > darwinist said the following on 8/5/2006 1:35 AM:
    > > Randy Webb wrote:
    > >> darwinist said the following on 8/4/2006 4:28 AM:
    > >>> Randy Webb wrote:
    > >>>> darwinist said the following on 8/4/2006 3:50 AM:
    > >>>>> so most web-browsers prevent it.
    > >>>> "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    > >>>> a default security environment.
    > >>> Good to know. I said "most" because I didn't know if there were any
    > >>> major exceptions.
    > >> It doesn't take knowing, it only takes a little reasoning to figure it
    > >> out. If a browser did allow it, it wouldn't take long for people to
    > >> figure it out and stop using the broken outdated piece of crap.

    > >
    > > People who knew about these things, sure. A lot of people use shitty
    > > browsers in blissful ignorance of the dangers lurking.

    >
    > All browsers are susceptible to the dangers lurking. Some just more so
    > than others.


    True, but some of them are "safe enough", free, and open, whereas some
    of them are not. Although they're all relatively "free" these days, in
    different ways.

    > >> Too bad your posting Agent isn't any better than a browser that did
    > >> allow cross-domain scripting.

    > >
    > > What's wrong with google groups?

    >
    > It's easier to tell you what is right with it. It's a great research
    > tool to search the archives. For posting, it's a piece of crap.
    >
    > The least it could do would be to recognize a properly delimited
    > signature and strip it when quoting.


    Have you written to them about this? I can't think of a better
    web-based usenet client. And I change terminals so often...

    Would it help if I deleted your signature, like this:

    [ this space left intentionally blank ]

    I like your web page by the way.
    darwinist, Aug 5, 2006
    #12
  13. Randy Webb Guest

    darwinist said the following on 8/5/2006 3:04 AM:
    > Randy Webb wrote:
    >> darwinist said the following on 8/5/2006 1:35 AM:
    >>> Randy Webb wrote:
    >>>> darwinist said the following on 8/4/2006 4:28 AM:
    >>>>> Randy Webb wrote:
    >>>>>> darwinist said the following on 8/4/2006 3:50 AM:
    >>>>>>> so most web-browsers prevent it.
    >>>>>> "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    >>>>>> a default security environment.
    >>>>> Good to know. I said "most" because I didn't know if there were any
    >>>>> major exceptions.
    >>>> It doesn't take knowing, it only takes a little reasoning to figure it
    >>>> out. If a browser did allow it, it wouldn't take long for people to
    >>>> figure it out and stop using the broken outdated piece of crap.
    >>> People who knew about these things, sure. A lot of people use shitty
    >>> browsers in blissful ignorance of the dangers lurking.

    >> All browsers are susceptible to the dangers lurking. Some just more so
    >> than others.

    >
    > True, but some of them are "safe enough", free, and open, whereas some
    > of them are not. Although they're all relatively "free" these days, in
    > different ways.


    I don't see how a browser that is not 100% secure is "safe enough". It
    doesn't make a browser safe, it makes it less exploited is all.

    >>>> Too bad your posting Agent isn't any better than a browser that did
    >>>> allow cross-domain scripting.
    >>> What's wrong with google groups?

    >> It's easier to tell you what is right with it. It's a great research
    >> tool to search the archives. For posting, it's a piece of crap.
    >>
    >> The least it could do would be to recognize a properly delimited
    >> signature and strip it when quoting.

    >
    > Have you written to them about this?


    I am not the first one to complain about it.

    > I can't think of a better web-based usenet client.


    First, it isn't a web-based usenet client. Its a web-based interface to
    Usenet. The difference is monumental.

    > And I change terminals so often...
    >
    > Would it help if I deleted your signature, like this:
    >
    > [ this space left intentionally blank ]


    Actually, it does. It keeps me, and anybody else, that uses true
    Newsreader software from having to strip the signature manually. It
    wouldn't be quite so bad if Google wouldn't strip the trailing space off
    the delimiter so that it becomes <dash><dash><return> instead of
    <dash><dash><space><return>.

    > I like your web page by the way.


    Thanks but it's not mine. It was written and is maintained by Matt
    Kruse. I only added it to my signature.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Aug 5, 2006
    #13
  14. darwinist Guest

    Randy Webb wrote:
    > darwinist said the following on 8/5/2006 3:04 AM:
    > > Randy Webb wrote:
    > >> darwinist said the following on 8/5/2006 1:35 AM:
    > >>> Randy Webb wrote:
    > >>>> darwinist said the following on 8/4/2006 4:28 AM:
    > >>>>> Randy Webb wrote:
    > >>>>>> darwinist said the following on 8/4/2006 3:50 AM:
    > >>>>>>> so most web-browsers prevent it.
    > >>>>>> "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    > >>>>>> a default security environment.
    > >>>>> Good to know. I said "most" because I didn't know if there were any
    > >>>>> major exceptions.
    > >>>> It doesn't take knowing, it only takes a little reasoning to figure it
    > >>>> out. If a browser did allow it, it wouldn't take long for people to
    > >>>> figure it out and stop using the broken outdated piece of crap.
    > >>> People who knew about these things, sure. A lot of people use shitty
    > >>> browsers in blissful ignorance of the dangers lurking.
    > >> All browsers are susceptible to the dangers lurking. Some just more so
    > >> than others.

    > >
    > > True, but some of them are "safe enough", free, and open, whereas some
    > > of them are not. Although they're all relatively "free" these days, in
    > > different ways.

    >
    > I don't see how a browser that is not 100% secure is "safe enough". It
    > doesn't make a browser safe, it makes it less exploited is all.


    So you just don't use javascript?

    > >>>> Too bad your posting Agent isn't any better than a browser that did
    > >>>> allow cross-domain scripting.
    > >>> What's wrong with google groups?
    > >> It's easier to tell you what is right with it. It's a great research
    > >> tool to search the archives. For posting, it's a piece of crap.
    > >>
    > >> The least it could do would be to recognize a properly delimited
    > >> signature and strip it when quoting.

    > >
    > > Have you written to them about this?

    >
    > I am not the first one to complain about it.
    >
    > > I can't think of a better web-based usenet client.

    >
    > First, it isn't a web-based usenet client. Its a web-based interface to
    > Usenet. The difference is monumental.


    Do you mean because the code that interfaces to the usenet servers runs
    in google's rooms (not to mention, presumably, google's own usenet
    servers)?

    [...]
    darwinist, Aug 6, 2006
    #14
  15. Randy Webb Guest

    darwinist said the following on 8/6/2006 3:15 AM:
    > Randy Webb wrote:
    >> darwinist said the following on 8/5/2006 3:04 AM:
    >>> Randy Webb wrote:
    >>>> darwinist said the following on 8/5/2006 1:35 AM:
    >>>>> Randy Webb wrote:
    >>>>>> darwinist said the following on 8/4/2006 4:28 AM:
    >>>>>>> Randy Webb wrote:
    >>>>>>>> darwinist said the following on 8/4/2006 3:50 AM:
    >>>>>>>>> so most web-browsers prevent it.
    >>>>>>>> "most"? Name one that doesn't, otherwise, *all* browsers prevent it - in
    >>>>>>>> a default security environment.
    >>>>>>> Good to know. I said "most" because I didn't know if there were any
    >>>>>>> major exceptions.
    >>>>>> It doesn't take knowing, it only takes a little reasoning to figure it
    >>>>>> out. If a browser did allow it, it wouldn't take long for people to
    >>>>>> figure it out and stop using the broken outdated piece of crap.
    >>>>> People who knew about these things, sure. A lot of people use shitty
    >>>>> browsers in blissful ignorance of the dangers lurking.
    >>>> All browsers are susceptible to the dangers lurking. Some just more so
    >>>> than others.
    >>> True, but some of them are "safe enough", free, and open, whereas some
    >>> of them are not. Although they're all relatively "free" these days, in
    >>> different ways.

    >> I don't see how a browser that is not 100% secure is "safe enough". It
    >> doesn't make a browser safe, it makes it less exploited is all.

    >
    > So you just don't use javascript?


    Who said anything about not using javascript? I was referring to
    insecure browsers and they all are.

    >>>>>> Too bad your posting Agent isn't any better than a browser that did
    >>>>>> allow cross-domain scripting.
    >>>>> What's wrong with google groups?
    >>>> It's easier to tell you what is right with it. It's a great research
    >>>> tool to search the archives. For posting, it's a piece of crap.
    >>>>
    >>>> The least it could do would be to recognize a properly delimited
    >>>> signature and strip it when quoting.
    >>> Have you written to them about this?

    >> I am not the first one to complain about it.
    >>
    >>> I can't think of a better web-based usenet client.

    >> First, it isn't a web-based usenet client. Its a web-based interface to
    >> Usenet. The difference is monumental.

    >
    > Do you mean because the code that interfaces to the usenet servers runs
    > in google's rooms (not to mention, presumably, google's own usenet
    > servers)?


    I mean the entire interface is junk for any use other than the archives.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Aug 6, 2006
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Buchan
    Replies:
    1
    Views:
    461
    Eric Lawrence [MSFT]
    Feb 20, 2004
  2. Shankar Ayyachamy
    Replies:
    4
    Views:
    526
    IPGrunt
    Jan 28, 2005
  3. Stefan Caliandro
    Replies:
    2
    Views:
    613
    Beauregard T. Shagnasty
    Feb 14, 2005
  4. Jasbird

    Sites about web-sites ?

    Jasbird, Sep 12, 2006, in forum: HTML
    Replies:
    1
    Views:
    392
  5. imx
    Replies:
    10
    Views:
    791
Loading...

Share This Page