ansaurus

Question

Open new https browser window using javascript

Answer 1

A:

JavaScript does not interpolate variable names in string literals. You are literally using the server name Request.ServerVariables["HTTP_POST"], and since that's not a real server name (or even valid in a URL) it won't open.
JavaScript is a client-side language, it does not have access to Request.ServerVariables. You would need to use templating to output variables from ASP into the client document, and if you're putting something in a JavaScript string literal you should in general be JSON-encoding, to stop ' and \ characters (and a few others) in the text breaking the string. If you're outputting to a JavaString string literal inside an HTML event handler attribute, you'd have to JSON-encode the string and then HTML-encode that afterwards. The layers of escaping involved in putting content into event handlers is annoying and error-prone. Avoid it, by not using event handler attributes.
You probably meant HTTP_HOST, not POST.
You don't need javascript: in an event handler; it doesn't do anything. You're thinking of javascript: pseudo-URLs in links, but you should never use those either. Put the real URL in a plain link, so that it still works with JavaScript disabled and doesn't break with options like middle-click, and then use JS to augment the link so it opens in a new window when clicked normally.

This is known as ‘progressive enhancement’:

<a class="newwindow" href="https://&lt;%= Server.HTMLEncode(Request.ServerVariables["HTTP_POST"]) %>/reports/?type=1&amp;id=2">

<!-- at end of document -->
<script type="text/javascript">
    for (var i= document.links.length; i-->0;)
        if (document.links[i].className==='newwindow')
            document.links[i].onclick= newWindowClick;

    function newWindowClick() {
        var w= window.open(this.href);
        return !w || w.closed;
        // stops link being followed in the current page (return false)
        // unless pop-up was blocked
    }
</script>

(In ASP.NET 4, you can use <%: instead of <%= to avoid the need to Server.HTMLEncode anything. There's probably not going to be any HTML-special characters in a host name, but it's a good practice to get used to HTML-encoding, because miss it anywhere more critical and you've got yourself an HTML-injection potentially leading to XSS security holes.)

However this is generally considered an old-fashioned way to template; the ASP.NET HTML controls would often be preferred. You should also consider simply using a target="_blank" attribute instead of all the JS complexity. (Whilst it is not valid in HTML 4 Strict, it is back in HTML5 and is a bit more maintainable.)

<asp:HyperLink id="thelink" Target="_blank" Text="some link text"/>

// VBS in Page_Load:
thelink.NavigateUrl= "https://" & Request.ServerVariables["HTTP_POST"] & "/reports/?type=1&id=2";

Finally, you should also definitely consider not having a pop-up at all. Many users consider it hostile (if I wanted it in a new window, I'd click ‘open in new window’). Plus in some browsers it'll open in a new tab instead of a new window anyway, which you probably don't want.

bobince 2010-07-30 10:56:27

I am sorry I didn't typed the most important thing link it should. Check the top of the question again. Eventhandler is added from code, not the html. Once again it works fine with http on test envirement. Https is problem on production.This becomes so stressing!Monday is the day and this is not working :(And thanks for this long answer but I acan't find answer in here.

100r 2010-07-30 11:20:31

I mean check the Button1.Attributes.Add ...

100r 2010-07-30 11:31:19

If that's the actual code now: you're missing `')` at the end of the attribute value. But this merely demonstrates why you shouldn't do it this way, it's confusing, vulnerable to escaping issues, and difficult to read. Kick the JS out into static code, leaving the URL in a normal link. You can style it like a button if you want to. (And never, ever use `javascript:`.)

bobince 2010-07-30 11:32:33

It's not the actual code, I;m retyping it from another computer, thats why theres an typo. Txn for suggestions, but I think it's something about https, because in regular non secure envirement it works just fine.:(

100r 2010-07-30 11:47:57

He's building the script on the server-side so it won't contain the code literally.

matt-dot-net 2010-07-30 12:52:45

How about you save off a real test case we can actually debug, then? It's rather a waste of everyone's time otherwise. I can assure you there is no reason why you shouldn't be able to `window.open` an `https:` URL.

bobince 2010-07-30 21:32:39

Answer 2

A:

You may also want to add return=false to your script.

    String s= "window.open('" + Request.Url.AbsoluteUri.Replace("http", "https") + "');return false;";
    ButtonTest.Attributes.Add("onclick", s);

matt-dot-net 2010-07-30 12:51:40

it has nothing with javascript or https in the end. something wierd is going on. settings in IIS are same on server where it runs and on server where it doesn't. That page has Crystal report viewer on it. On both machines CR is instaled same way, and there is another reporting page also running CR that work. I don't know, this is not a question anymore. I doubt anyone can help. This is something maybe with IIS we don't see or I don't know..all I know is I'm losing my mind.Tnx anyway!

100r 2010-07-31 07:54:23

Answer 3

A:

Solution found, and I have nothing to say except WOOW! It has nothing to do with ssl or IIS or paths, it's with permisions on windows temp folder, and crystal report couldn't save temporary file.

Hope this will help someone.

100r 2010-07-31 14:53:54

ansaurus

tags:

views:

answers:

Open new https browser window using javascript

related questions