hiding xataface URL

[mikewassil]

I'm setting up an online demo. I don't want the users to see the xataface query in the page URL. I can hide it by loading xataface in a frameset, but then anyone can get past that by just looking at the frameset source and then copy/paste that into the browser URL. To prevent this I normally stick a little js stuff in the header of the frame source to redirect back to the frame page.

I need to put my js redirect in the xataface header, but I don't know where that is. Would appreciate it much if you would advise where I find the headers. Thanks.

PS: maybe there's another way of accomplishing this?

[shannah]

Hi Mike,

You can place this javascript in any number of slots. A couple that come to mind are:
"custom_javascripts" and
"head_slot"

I.e. implement the following in your Application delegate class:

Code: Select all

function block__custom_javascripts(){
    echo '.... your custom javascript here ....';
}


If you want to see a full list of slots available, just add:

Code: Select all

debug=1


to the beginning of your conf.ini file.

-Steve

[mikewassil]

Hi Mike,

You can place this javascript in any number of slots. A couple that come to mind are:
"custom_javascripts" and
"head_slot"

I.e. implement the following in your Application delegate class:

Code: Select all

function block__custom_javascripts(){
    echo '.... your custom javascript here ....';
}


If you want to see a full list of slots available, just add:

Code: Select all

debug=1


to the beginning of your conf.ini file.

-Steve

Thanks for the prompt reply. I put debug=1 in the conf.ini file and it displays the following list:

Block "custom_stylesheets2"
Block "head"
Block "body_atts"
>
Block "before_body"
Block "before_header"
...plus lots more.

I apologize if I should already know, it looks like "Block head" would be a good place to stick my js, but where exactly is the code for "Block head" located, ie what file am I looking for.

Same for Application delegate class, what exactly is the file name.

Thanks again.

Michael

[shannah]

it looks like "Block head" would be a good place to stick my js

Yes you could put it in there. That will place the code just inside the <body> tag. With debug turned on, if you look at the html source for your page it will also show you "slots" that can be filled in, that might not show up in the regular page. E.g. look for the slot named "head_slot". (i.e. view source then do a find for "head_slot". That should give you a feel for how the slots are marked, so you can browse through the rest.

Same for Application delegate class, what exactly is the file name.

Check out
http://xataface.com/wiki/Application_Delegate_Class

[mikewassil]

it looks like "Block head" would be a good place to stick my js

Yes you could put it in there. That will place the code just inside the <body> tag. With debug turned on, if you look at the html source for your page it will also show you "slots" that can be filled in, that might not show up in the regular page. E.g. look for the slot named "head_slot". (i.e. view source then do a find for "head_slot". That should give you a feel for how the slots are marked, so you can browse through the rest.

Same for Application delegate class, what exactly is the file name.

Check out
http://xataface.com/wiki/Application_Delegate_Class

I'm sorry, I don't mean to be obtuse. I know you're trying to point me in the right direction, but I still don't know where I have to paste in my little javascript to get it into the "head_slot". I can see all the "slots" indicated in the source code of the displayed page. But I need to know where exactly my js code has to be pasted, what file. Where does "head_slot" get its content? From the xataface-1.1.2 directory? In the xataface-1.1.2/Dataface directory? If so what file do I modify to add my js?

I tried adding conf/ApplicationDelegate.php but I got php errors, likely due to nested ";"s in the javascript. As well, I'd rather put this js redirection in the html header portion of the page anyway.

[shannah]

For example, in your conf/ApplicationDelegate.php file:

Code: Select all

<?php
class conf_ApplicationDelegate {
    block__head_slot(){
        echo '<script></script>';
    }
}


Then put your js code in a file named myscript.js

-Steve

[mikewassil]

For example, in your conf/ApplicationDelegate.php file:

Code: Select all

<?php
class conf_ApplicationDelegate {
    block__head_slot(){
        echo '<script></script>';
    }
}


Then put your js code in a file named myscript.js

-Steve

I copied conf/ApplicationDelegate.php as above and put my javascript in conf/myscript.js. I get the following error when I attempt to run xataface:

Code: Select all

Parse error: syntax error, unexpected T_STRING, expecting T_FUNCTION in /home/name/public_html/demo1/dmoz/conf/ApplicationDelegate.php on line 3


Doesn't like line 3, or is myscript.js in the wrong place?

[shannah]

Typo.. should be

Code: Select all

function block__head_slot(){
...


[mikewassil]

Typo.. should be

Code: Select all

function block__head_slot(){
...


Thanks Steve. Much appreciated. I'm going to read the documentation more thoroughly before bothering you with my problems.

In case anyone is interested, I also developed another fairly simple way to accomplish this that requires no fiddling with xataface:

(NOTE: I had to remove the <and> from the following html code to get it to display)

Framepage 1

Code: Select all

html
  frameset rows="100%" cols="100%"
    frame src="Framepage2"
  /frameset
/html


Framepage 2

Code: Select all

noscript
meta http-equiv="Refresh" content="0;URL=http://path/to/Framepage1"
/noscript
script language="Javascript"
!--
if (top == self) self.location.href = "http://path/to/Framepage1";
// --
/script
frameset rows="100%" cols="100%"
  frame src="path/to/xataface-application"
/frameset


Only the Framepage 1 URL will ever display in the browser's URL address field. When you look at the page source you will see the url to Framepage 2. If you try to copy/paste that URL into another tab/window it will take you to Framepage 1. The URL to the xataface application will never show. Works with or without Javascript enabled.

[shannah]

If you select "Disable HTML in this post", the forum will leave your HTML alone.

Took me a while to figure that one out.

-Steve

[mikewassil]

Typo.. should be

Code: Select all

function block__head_slot(){
...


Thanks Steve. Much appreciated. I'm going to read the documentation more thoroughly before bothering you with my problems.

In case anyone is interested, I also developed another fairly simple way to accomplish this that requires no fiddling with xataface:

(NOTE: I had to remove the <and> from the following html code to get it to display)

Framepage 1

Code: Select all

<html>
  <frameset rows="100%" cols="100%">
    <frame src="Framepage2">
  </frameset>
</html>


Framepage 2

Code: Select all

<noscript>
<meta http-equiv="Refresh" content="0;URL=http://path/to/Framepage1">
</noscript>
<script language="Javascript">
<!--
if (top == self) self.location.href = "http://path/to/Framepage1";
// -->
</script>
<frameset rows="100%" cols="100%">
  <frame src="path/to/xataface-application">
</frameset>


Only the Framepage 1 URL will ever display in the browser's URL address field. When you look at the page source you will see the url to Framepage 2. If you try to copy/paste that URL into another tab/window it will take you to Framepage 1. The URL to the xataface application will never show. Works with or without Javascript enabled.

Thanks about "Disable HTML in this post", looks like it works!

Anyway, upon further testing, I find that if you right click on xataface you can then use the "context menu" to reveal the frame source and URL. Javascript can disable the mouse context menu, but it's still accessible via keyboard with a [SHFT][F10]. So, it appears that I still need to add my redirect javascript to xataface so it refuses to open itself in a new tab or window.

I'll report back. Thanks for your help with this.

Michael

[shannah]

Sounds like you're running an uphill battle here if you're trying to prevent your users from viewing the HTML source. If they really want to see your HTML source, there's nothing you can do to stop them.

[mikewassil]

Sounds like you're running an uphill battle here if you're trying to prevent your users from viewing the HTML source. If they really want to see your HTML source, there's nothing you can do to stop them.

Yes, agreed, however, with the double frameset and the redirect working within xataface I have successfully hidden the URL. I can disable the mouse context menu and I might be able to disable [SHFT][F10].

I realize that someone who knows how to do so could look in their browser cache no matter what I do. But this is an online working demo and I'd like to make it as incovenient as possible to find a path to the files and try to abuse it.