tags:

views:

229

answers:

4
+2  Q: 

2 ways to get page url in java applets, what's the difference and/or benefits of each?

Hi experts,,,

the two ways that I know to get the page url are: 1.through the applet class: Applet.getDocumentBase()

2.through the netscape javascript library: JSObject.getWindow(this).eval("location.href")

First, what are the differences between those two methods and advantages of each,

Secondly, can users trick the url of those methods in someway? to make the applet think it's embeded in http://www.stackoverflow.com/index.html for example?

+3  A: 

If you look at the code for Applet.getDocumentBase() (sun's implementation of AppletStub), you'll see that it is also getting the location using JSObject. But it has a lot of additional code around it, and is guaranteed to work across all browsers and setups. So better use Applet.getDocumentBase()

Bozho  2009-12-30 14:05:52
does this mean that the JSObject is included in the JDK? in other words no need for me to ship it with my applet package?
Bassel Alkhateeb  2009-12-30 14:33:00
part of plugin.jar - so yes, included.
Bozho  2009-12-30 14:50:21
+1 Vendor-recommended ways are preferred above other ways.
BalusC  2009-12-30 17:49:48
A: 

JSObject is buggy in some browsers (IE and Safari especially). Applet.getDocumentBase() is a lot safer.

Josh Yeager  2009-12-30 14:06:15
but Applet.getDocumentBase() uses JSObject in the background to achieve that according to Bozho
Bassel Alkhateeb  2009-12-30 14:34:04
+2  A: 

The answer is easier than you think.

You should use Applet.getDocumentBase in case the implementation varies between platforms or JVMs, or is altered at a later date. Just because JSObject is the way that Sun's JVM gets this value doesn't mean that, say, IBM's JVM works that way.

R. Bemrose  2009-12-30 14:33:17
+2  A: 

Pretty sure users could spoof it:

  1. Download your .jar and host on a server controlled by the user
  2. Change their etc/hosts file so that stackoverflow.com points to the IP of their server
  3. Configure the server to serve requests for stackoverflow.com
  4. Visit the page on the server with the applet embedded

And the applet will believe it's on stackoverflow.com. There is probably a simpler way to spoof it though!

ZoFreX  2009-12-30 17:34:10
Exactly. there isn't a sure way to prevent spoofing.
Pool  2010-01-01 14:51:17
What about getCodeBase(), can that be spoofed too?I mean, in the example you mentioned.. will Applet.getCodeBase() return stackoverflow.com ?
Bassel Alkhateeb  2010-01-01 15:46:27
Yes, it certainly could. What in particular are you worried about? Someone stealing and rehosting your applet?
Pool  2010-01-01 16:58:52
As The Feast said, to really answer this for we need to know why you're worrying about spoofing?
ZoFreX  2010-01-01 17:57:56

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java