tags:

views:

64

answers:

3
Q: 

How can I put a small panel from my website onto someone else's website but still handle the submit?

On a classic ASP website I'm maintaining, on our landing page we have a small panel that our visitors use to enter their phone number as an identifier, then they proceed into the site. We now have an opportunity to place this login panel on some other websites, pretty much like an ad, the idea being that not only would clicking it get them to our site, but we want to actually have them type in the phone number in THAT panel (i.e. on the external site), click the submit button, then do the redirect straight into the site, bypassing the landing page.

I don't know how many sites we're going to be doing this with, so I'd like to just have a snippet of code I can provide to the other webmasters, that they can drop in and have it work. It doesn't seem like it should be that hard, but as I think it through I don't have an easy-peasy idea in my head for it. Can I, for example, give them a <form></form> snippet and have its action set to post to my site instead of theirs? Is it that simple? Would this cause any security concerns? Or is there a standard or better way to accomplish this?

+1  A: 

Yes, your form example would work. Just make the form POST to wherever your own landing page posts to.

The only thing to make sure of is to validate and sanitize any inputs your ASP page will receive. For example, if you use POST in your form, only check for POST variables in your ASP page. Make sure any arbitrary parameters passed to your page won't break or hijack anything. Although, if it's just a phone number, you probably don't have much to worry about.

Alex Beardsley  2010-03-02 18:33:31
A: 

The <form action="http://yoursite.com/..."&gt;&lt;/form&gt; approach will work fine.

In terms of whether this is good practice, i'm not sure... i think you might want to inform the user in your snippet who they are actually sending their phone number to.

On the whole, it is accepted that forms may post to other domains. See Client-side Cross-domain Security for other information.

David_001  2010-03-02 18:43:53
A: 

I would make an iframe whos source is a page you create that has a phone box and a submit button. External sites could them put the iframe on their site, however when the user clicks submit your page would handle it.

If you wanted to redirect the user you could call parent.location.href='whatever' in js.

 2010-03-02 18:47:27
Is there an advantage to placing the form inside an iframe? Would the handling be different?
Mike at KBS  2010-03-02 19:16:53
Using an iframe allows you to handle the submit click, not the page which contains the iframe.
 2010-03-03 15:23:39

related questions

Is there a way to clear a user's brower of my page, or say not to use cache?
Displaying the current authenticated Sharepoint user from an asp.net Page Viewer Web Part
Tools for converting from ASP to ASP.NET?
XML based website - how to create?
IIS ASP Caching
"Expires" in http header for static content? how-to
Asp XML Parsing
Checking if another web server is listening from asp
Membership bulk email software
Customizing Search Results Display in Sharepoint Services 3.0 Wiki
What to put in a session variable
Looking for ways to automate web site testing
python cgi on IIS
asp consuming a web service, what do do with recordset object ?
Asp.net path compaction
How to compress JPEG images with ASP on Windows CE
Best practices for refactoring classic ASP?
What's the best way to manage a classic asp front-end using Visual Studio 2008?
IIS 6/COM+ hangs
Printers not available unless shared.
Calling REST web services from a classic asp page
Creating iCal Files in c#
Best references for secure coding practices in ASP.NET and classic ASP.
LinqDataSource - Can you limit the amount of records returned?
ASP, need to use SFTP