« Lemmings | Main | Accessing properties during loading »

Windows, javascript:-URLs and https://

This one started when I was approached by a former colleague of mine asking for some help with a calendar script they were using in a secure server environment (https://). Entering dates using a calendar tends to be a bit easier for many people than writing them in. I had a look at the script and couldn't really find anything odd about it, the general function for showing the calendar going something like: 
function showCalendar(targetForm, targetDate) {
  // code to create HTML for calendar went here

  // code that opens and writes the calendar
  var calWindow = window.open('', 'calendarWindow', ...);
  calWindow.document.write(lotsaHTML);
  calWindow.document.close();
}
This code was called by links in the calendar window whenever the user wanted to navigate back/forward a month, and that functionality didn't work. I failed to spot obvious errors in the code and sent off some code being a shot off the hip, but it totally failed to solve the problem. I then suggested to rewrite the code so that it reused a global window reference whenever it's available. The code became: 
var globalWindowRef;
function showCalendar(targetForm, targetDate) {
  // code to create HTML for calendar went here

  // code that opens and writes the calendar
  var calWindow;
  if(globalWindowRef && !globalWindowRef.closed) {
    calWindow = globalWindowRef;
  } else {
     calWindow = window.open('', 'calendarWindow', ...);
  }
  calWindow.document.write(lotsaHTML);
  calWindow.document.close();
}
The reason why I believe this worked while the other didn't was that the links in the calendar window were javascript:-URLs calling showCalendar() found in the parent window, which in turn tried to reopen (and then rewrite) the calling window before the function had returned. Something which doesn't seem to be allowed (anyone see any reason why it should?). Goes to show that once you're going secure you should look through your code another time to make sure it's doing what you believe it's done, and doing it in a sane manner.

Posted by morten on August 21, 2003 7:46 PM |

Search


About

This page contains a single entry from the blog posted on August 21, 2003 7:46 PM.

The previous post in this blog was Lemmings.

The next post in this blog is Accessing properties during loading.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 4.2-en