AJAX and refresh/location bar/backbutton woes (adding to history) - comp.lang.javascript

The old Google Groups will be going away soon, but your browser is incompatible with the new version.

« Groups Home

comp.lang.javascript

Discussions

+ new post

About this group

Subscribe to this group

This is a Usenet group - learn more

AJAX and refresh/location bar/backbutton woes (adding to history)

Options

5 messages - Collapse all

petermich...@gmail.com

View profile

More options Jul 7 2006, 3:48 pm

Newsgroups: comp.lang.javascript

From: petermich...@gmail.com

Date: 7 Jul 2006 12:48:00 -0700

Subject: AJAX and refresh/location bar/backbutton woes (adding to history)

Print | Individual message | Show original | Report this message | Find messages by this author

Hi,

If I type http://domain.com/product/5 into my browser I will see the
product details in the main div plus a side bar div containing links to
other products. This side bar is common to all product views. I click a
sidebar link to product 6 and an ajax request updates the main cell
with the product 6 information. My location bar will still say
/product/5. If I refresh the browser I will see product 5. If I
bookmark the page it will be for product 5. If I click the back button
I will go to the page I saw before product 5. I know none of these
problems with AJAX are new. Why is it that JavaScript can't tell the
browser "Now you are looking at http://domain.com/product/6"? Is there
a security risk? Is this just something not yet implemented?

Thanks,
Peter

Jim Ley

View profile

More options Jul 7 2006, 3:54 pm

Newsgroups: comp.lang.javascript

From: j...@jibbering.com (Jim Ley)

Date: Fri, 07 Jul 2006 19:54:33 GMT

Local: Fri, Jul 7 2006 3:54 pm

Subject: Re: AJAX and refresh/location bar/backbutton woes (adding to history)

Print | Individual message | Show original | Report this message | Find messages by this author

On 7 Jul 2006 12:48:00 -0700, petermich...@gmail.com wrote:

> Why is it that JavaScript can't tell the
>browser "Now you are looking at http://domain.com/product/6"? Is there
>a security risk? Is this just something not yet implemented?

It's a security risk, the URL needs to reflect where you are:

Imagine this URL
<URL:
https://www.google.com/ig/feeds?q=http://ha.ckers.org/blog/feed/?%3CS...

It looks a bit fishy right? but a couple of days ago that would've
shown you a page that looked indistinguishable from

https://www.google.com/adsense/

only the log in details would be stolen. The inability to make the
url look like you want is an important protection, even within the
same site.

Jim.

Matt Kruse

View profile

More options Jul 7 2006, 3:59 pm

Newsgroups: comp.lang.javascript

From: "Matt Kruse" <newsgro...@mattkruse.com>

Date: Fri, 7 Jul 2006 14:59:43 -0500

Local: Fri, Jul 7 2006 3:59 pm

Subject: Re: AJAX and refresh/location bar/backbutton woes (adding to history)

Print | Individual message | Show original | Report this message | Find messages by this author

petermich...@gmail.com wrote:
> Why is it that JavaScript can't tell the
> browser "Now you are looking at http://domain.com/product/6"? Is there
> a security risk?

Most certainly.

If javascript could change the url displayed by the browser, yet not
actually cause it to make a request and load the new page, I could make a
fake Paypal sign-on page, for example, and change the url to
www.paypal.com - you wouldn't even know the difference!

The challenges you face with Ajax are just some issues you need to consider
in the design. If you want bookmarkable pages, don't use ajax. Or provide a
link to the permanent url which represents the view you are seeing, so it
can be bookmarked. Etc.

--
Matt Kruse
http://www.JavascriptToolbox.com
http://www.AjaxToolbox.com