psneha Posted June 11, 2008 Share Posted June 11, 2008 Hi,I need to encrypt a url with javascript and open it with window.open function. Presently i have a url in which certain parameters are visible when opened directly. I need to avoid this. Can anyone provide some pointers, if possible with some code to encrypt url with only javascript. Link to comment Share on other sites More sharing options...
Ingolme Posted June 11, 2008 Share Posted June 11, 2008 Everything is in the W3Schools reference.encodeURI()Encodes a string as a URIencodeURIComponent()Encodes a string to be used as a query string value (characters like ? and = are encoded) Link to comment Share on other sites More sharing options...
aspnetguy Posted June 11, 2008 Share Posted June 11, 2008 Please note encodeURI is a funtion to encode the url not encrypt. Endcoding is easily decoded and read (encoding standards are available to know how it was done and how to reverse it). Encoding is just to make the data easier to transport. It does nto protect it. Link to comment Share on other sites More sharing options...
Ingolme Posted June 11, 2008 Share Posted June 11, 2008 Javascript doesn't have any native encrypting functions.I misunderstood, I thought you were asking to make a URL not have problems in the window.open function by encoding it. Link to comment Share on other sites More sharing options...
Jesdisciple Posted June 11, 2008 Share Posted June 11, 2008 If possible, I think using HTTPS and POST to open the page would be much more secure. However, a friend recently referred me to this JS implementation of the MD5 encryption algorithm for a similar project: http://www.farnorthchristianschool.net/cla...-include/md5.jsEDIT: If you do use that, you probably should make the popup window lack its toolbars so the user can't easily copy-and-paste or bookmark the URL. Link to comment Share on other sites More sharing options...
psneha Posted June 13, 2008 Author Share Posted June 13, 2008 If possible, I think using HTTPS and POST to open the page would be much more secure. However, a friend recently referred me to this JS implementation of the MD5 encryption algorithm for a similar project: http://www.farnorthchristianschool.net/cla...-include/md5.jsEDIT: If you do use that, you probably should make the popup window lack its toolbars so the user can't easily copy-and-paste or bookmark the URL.Hi Chris,Thanks for the reply.I am learning javascript just from few days and i am not through with it. So, can you explain a little more..i have referred the javascript file which you have sent. can i test that. i am looking for a detailed code which i can implement and encrypt the url..Thanks again... Link to comment Share on other sites More sharing options...
Jesdisciple Posted June 13, 2008 Share Posted June 13, 2008 Here's how I'm expecting you to open your window... (See http://w3schools.com/htmldom/met_win_open.asp.) var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win'); But that will open a normal window with a menu bar, location bar, and toolbars, which can be used to preserve the URL for one's own use or send it to a friend. This would be a more responsible popup for this purpose: var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win', 'location=no, menubar=no, toolbar=no'); The HTTPS+POST alternative would look like this... (HTTPS stands for HyperText Transfer Protocol Secure or something like that. The browser will automatically encrypt data sent via a page with the https:// scheme, although I'm not sure whether you need a certificate for this...)(link to the form that takes sensitive info) <a href="https://www.example.com/mySensitiveForm.html">Enter sensitive info.</a> (the actual form that takes sensitive info) <form method="someScript.php" action="post"> ...</form> The page that would go in the popup with the JS method would be served (or redirected) by someScript.php if you use that last method. However, you could combine them like this, getting all the security of the HTTPS+POST form but still keeping the old page open and allowing the user all their normal browser bars: var win = window.open('https://www.example.com/mySensitiveForm.html', 'win'); EDIT: It looks like you probably need a digital certificate to use HTTPS. See http://www.cacert.org/ for a free certificate authority. Link to comment Share on other sites More sharing options...
psneha Posted June 16, 2008 Author Share Posted June 16, 2008 Here's how I'm expecting you to open your window... (See http://w3schools.com/htmldom/met_win_open.asp.)var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win'); But that will open a normal window with a menu bar, location bar, and toolbars, which can be used to preserve the URL for one's own use or send it to a friend. This would be a more responsible popup for this purpose: var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win', 'location=no, menubar=no, toolbar=no'); The HTTPS+POST alternative would look like this... (HTTPS stands for HyperText Transfer Protocol Secure or something like that. The browser will automatically encrypt data sent via a page with the https:// scheme, although I'm not sure whether you need a certificate for this...)(link to the form that takes sensitive info) <a href="https://www.example.com/mySensitiveForm.html">Enter sensitive info.</a> (the actual form that takes sensitive info) <form method="someScript.php" action="post"> ...</form> The page that would go in the popup with the JS method would be served (or redirected) by someScript.php if you use that last method. However, you could combine them like this, getting all the security of the HTTPS+POST form but still keeping the old page open and allowing the user all their normal browser bars: var win = window.open('https://www.example.com/mySensitiveForm.html', 'win'); EDIT: It looks like you probably need a digital certificate to use HTTPS. See http://www.cacert.org/ for a free certificate authority. Hi Chris,Thanks for the reply.I will try it and get back if i need any clarification. Link to comment Share on other sites More sharing options...
psneha Posted June 16, 2008 Author Share Posted June 16, 2008 Hi Chris,Thanks for the reply.I will try it and get back if i need any clarification. Here's how I'm expecting you to open your window... (See http://w3schools.com/htmldom/met_win_open.asp.)var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win'); But that will open a normal window with a menu bar, location bar, and toolbars, which can be used to preserve the URL for one's own use or send it to a friend. This would be a more responsible popup for this purpose: var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win', 'location=no, menubar=no, toolbar=no'); The HTTPS+POST alternative would look like this... (HTTPS stands for HyperText Transfer Protocol Secure or something like that. The browser will automatically encrypt data sent via a page with the https:// scheme, although I'm not sure whether you need a certificate for this...)(link to the form that takes sensitive info) <a href="https://www.example.com/mySensitiveForm.html">Enter sensitive info.</a> (the actual form that takes sensitive info) <form method="someScript.php" action="post"> ...</form> The page that would go in the popup with the JS method would be served (or redirected) by someScript.php if you use that last method. However, you could combine them like this, getting all the security of the HTTPS+POST form but still keeping the old page open and allowing the user all their normal browser bars: var win = window.open('https://www.example.com/mySensitiveForm.html', 'win'); EDIT: It looks like you probably need a digital certificate to use HTTPS. See http://www.cacert.org/ for a free certificate authority. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.