homepage Welcome to WebmasterWorld Guest from 50.17.66.61
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
script
wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4429447 posted 10:48 am on Mar 15, 2012 (gmt 0)

Initally I was not aware of hat type of coding this was, and posted a question in the CSS forum.
A few friends responded because I used a wrong word in the subject line.

This is to allow page anchors to function within Firefox, in which it functions as intended.

$(document).ready(function(){
$(window.location.hash).append('<a name="' + window.location.hash.replace('#','')+ '"></a>');
window.location.href=window.location.href;
});

FWIW, if I place these lines in a page header the lines show on the active html page.
The lines REQUIRE CSS file placement.

Could anybody tell me if the lines present any vulnerability to the server and possibly allow hijacking of links?

 

Fotiman

WebmasterWorld Senior Member fotiman us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4429447 posted 2:22 pm on Mar 15, 2012 (gmt 0)


This is to allow page anchors to function within Firefox

Huh? I don't know what you mean by this. Page anchors work just fine in Firefox.

$(document).ready(function(){
$(window.location.hash).append('<a name="' + window.location.hash.replace('#','')+ '"></a>');
window.location.href=window.location.href;
});

This bit of script can be dangerous, though not in the way you're thinking.
Here's what it's doing:
When the document is ready (just before onload), it will execute a function which gets window.location.hash (a string containing the hash value, if there is one, or an empty string... for example, if you were viewing "http://example.com/index.html#foo" this would get the string "#foo"). It wraps that in a jQuery object using $(window.location.hash), and since ID selectors in jQuery use this same format, it creates a jQuery object representing the element on the page with that ID. It then appends to that element a page anchor with a name that matches the id. For example, if your page had this:

<div id="foo">
Some content
...
More content
</div>

Then you would end up with this in the DOM:


<div id="foo">
Some content
...
More content
<a name="foo"></a>
</div>


Notice, the anchor is inserted at the END of the content (that's what append does).

Next comes the piece that doesn't make any sense:

window.location.href=window.location.href;

This will cause the page to reload the current location if there was no hash value. And since this script is included on every page, you can end up in an endless loop of page reloads, and you'll probably need to kill the browser process to get out of it.

I don't really understand what the purpose of this script is, since browsers will correctly jump to elements with a matching id value as the hash. Are you trying to get the browser to jump to the END of the element?

Also, I don't know what you mean about the lines showing on the active html page or requiring CSS file placement.

Do they present a vulnerability to the server? Only a potential Denial of Service attack in the event that a URL with no hash value is entered.
Hijacking of links? Nope.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4429447 posted 2:56 pm on Mar 15, 2012 (gmt 0)

the deprecated html is <a name"smith">content phrase</a>

<a name> does not function in any version of FF.

The url to the section of the page would be:
example.com/folder/page.html#smith

I don't really understand what the purpose of this script is, since browsers will correctly jump to elements with a matching id value as the hash. Are you trying to get the browser to jump to the END of the element?


Most of the pages on my sites are in excess of 1,000 words. Some pages are in the 2-3k work range.

Page anchors "<a name>" allow links to specific portions of the page. As many time per page as you wish.

I tested the Div id and it failed (at least within paragraph anchors). It was also my understanding that it may only be used once per page

The pages function fine with the standard URl absent the anchor. No loop and pages load immediately.

Also, I don't know what you mean about the lines showing on the active html page or requiring CSS file placement.



Do they present a vulnerability to the server? Only a potential Denial of Service attack in the event that a URL with no hash value is entered.
Hijacking of links? Nope.


The hijacking portion was what I was looking for.

If I insert those script lines in a page <head></head>
Than when the page is displayed, the script appears as text at the pages top.

With the script in a CSS file (which the same page utilizes) the script does not appear on page anywhere.

Many thanks for your time and reply.

Fotiman

WebmasterWorld Senior Member fotiman us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4429447 posted 3:23 pm on Mar 15, 2012 (gmt 0)

I think you mean:
<a name="smith">content phrase</a>

And that will work in ALL versions of Firefox, assuming you don't have duplicate names.

It was also my understanding that it may only be used once per page

Well of course! If you're trying to link to a specific section of page and you're using an anchor that's not unique, then how will the browser know which section to link to? If you're creating multiple named anchors all with the same name, well, that's just invalid.

Page anchors "<a name>" allow links to specific portions of the page. As many time per page as you wish.

You can have as many named anchors as you want, but the names MUST be unique. I'll refer to the HTML Spec: [w3.org...]


The pages function fine with the standard URl absent the anchor. No loop and pages load immediately.

Not in the example I created. In my example, when I visited the page with no hash, it reloads over and over again. I verified this in several browsers.


If I insert those script lines in a page <head></head>
Than when the page is displayed, the script appears as text at the pages top.

With the script in a CSS file (which the same page utilizes) the script does not appear on page anywhere.

You need to put scripts inside <script></script> tags. If you're just putting that code in your head and it's not in <script></script> tags, then it will just appear in your page and will not actually DO anything (which is probably why you didn't see the page refreshing over and over... because the script wasn't running). Putting it in a CSS file is also incorrect, as it's not CSS.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4429447 posted 9:38 pm on Mar 15, 2012 (gmt 0)

Many thanks for the <script></script>

And the other explanations.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved