Jump to content

url encryption using javascript


psneha
 Share

Recommended Posts

Hi,I need to encrypt a url with javascript and open it with window.open function. Presently i have a url in which certain parameters are visible when opened directly. I need to avoid this. Can anyone provide some pointers, if possible with some code to encrypt url with only javascript.

Link to comment
Share on other sites

Please note encodeURI is a funtion to encode the url not encrypt. Endcoding is easily decoded and read (encoding standards are available to know how it was done and how to reverse it). Encoding is just to make the data easier to transport. It does nto protect it.

Link to comment
Share on other sites

Javascript doesn't have any native encrypting functions.I misunderstood, I thought you were asking to make a URL not have problems in the window.open function by encoding it.

Link to comment
Share on other sites

If possible, I think using HTTPS and POST to open the page would be much more secure. However, a friend recently referred me to this JS implementation of the MD5 encryption algorithm for a similar project: http://www.farnorthchristianschool.net/cla...-include/md5.jsEDIT: If you do use that, you probably should make the popup window lack its toolbars so the user can't easily copy-and-paste or bookmark the URL.

Link to comment
Share on other sites

If possible, I think using HTTPS and POST to open the page would be much more secure. However, a friend recently referred me to this JS implementation of the MD5 encryption algorithm for a similar project: http://www.farnorthchristianschool.net/cla...-include/md5.jsEDIT: If you do use that, you probably should make the popup window lack its toolbars so the user can't easily copy-and-paste or bookmark the URL.
Hi Chris,Thanks for the reply.I am learning javascript just from few days and i am not through with it. So, can you explain a little more..i have referred the javascript file which you have sent. can i test that. i am looking for a detailed code which i can implement and encrypt the url..Thanks again...
Link to comment
Share on other sites

Here's how I'm expecting you to open your window... (See http://w3schools.com/htmldom/met_win_open.asp.)

var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win');

But that will open a normal window with a menu bar, location bar, and toolbars, which can be used to preserve the URL for one's own use or send it to a friend. This would be a more responsible popup for this purpose:

var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win', 'location=no, menubar=no, toolbar=no');

The HTTPS+POST alternative would look like this... (HTTPS stands for HyperText Transfer Protocol Secure or something like that. The browser will automatically encrypt data sent via a page with the https:// scheme, although I'm not sure whether you need a certificate for this...)(link to the form that takes sensitive info)

<a href="https://www.example.com/mySensitiveForm.html">Enter sensitive info.</a>

(the actual form that takes sensitive info)

<form method="someScript.php" action="post">	...</form>

The page that would go in the popup with the JS method would be served (or redirected) by someScript.php if you use that last method. However, you could combine them like this, getting all the security of the HTTPS+POST form but still keeping the old page open and allowing the user all their normal browser bars:

var win = window.open('https://www.example.com/mySensitiveForm.html', 'win');

EDIT: It looks like you probably need a digital certificate to use HTTPS. See http://www.cacert.org/ for a free certificate authority.

Link to comment
Share on other sites

Here's how I'm expecting you to open your window... (See http://w3schools.com/htmldom/met_win_open.asp.)
var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win');

But that will open a normal window with a menu bar, location bar, and toolbars, which can be used to preserve the URL for one's own use or send it to a friend. This would be a more responsible popup for this purpose:

var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win', 'location=no, menubar=no, toolbar=no');

The HTTPS+POST alternative would look like this... (HTTPS stands for HyperText Transfer Protocol Secure or something like that. The browser will automatically encrypt data sent via a page with the https:// scheme, although I'm not sure whether you need a certificate for this...)(link to the form that takes sensitive info)

<a href="https://www.example.com/mySensitiveForm.html">Enter sensitive info.</a>

(the actual form that takes sensitive info)

<form method="someScript.php" action="post">	...</form>

The page that would go in the popup with the JS method would be served (or redirected) by someScript.php if you use that last method. However, you could combine them like this, getting all the security of the HTTPS+POST form but still keeping the old page open and allowing the user all their normal browser bars:

var win = window.open('https://www.example.com/mySensitiveForm.html', 'win');

EDIT: It looks like you probably need a digital certificate to use HTTPS. See http://www.cacert.org/ for a free certificate authority.

Hi Chris,Thanks for the reply.I will try it and get back if i need any clarification.
Link to comment
Share on other sites

Hi Chris,Thanks for the reply.I will try it and get back if i need any clarification.

Here's how I'm expecting you to open your window... (See http://w3schools.com/htmldom/met_win_open.asp.)
var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win');

But that will open a normal window with a menu bar, location bar, and toolbars, which can be used to preserve the URL for one's own use or send it to a friend. This would be a more responsible popup for this purpose:

var win = window.open('myUrl.php?data=' + encrypt('sensitive'), 'win', 'location=no, menubar=no, toolbar=no');

The HTTPS+POST alternative would look like this... (HTTPS stands for HyperText Transfer Protocol Secure or something like that. The browser will automatically encrypt data sent via a page with the https:// scheme, although I'm not sure whether you need a certificate for this...)(link to the form that takes sensitive info)

<a href="https://www.example.com/mySensitiveForm.html">Enter sensitive info.</a>

(the actual form that takes sensitive info)

<form method="someScript.php" action="post">	...</form>

The page that would go in the popup with the JS method would be served (or redirected) by someScript.php if you use that last method. However, you could combine them like this, getting all the security of the HTTPS+POST form but still keeping the old page open and allowing the user all their normal browser bars:

var win = window.open('https://www.example.com/mySensitiveForm.html', 'win');

EDIT: It looks like you probably need a digital certificate to use HTTPS. See http://www.cacert.org/ for a free certificate authority.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...