The code is for adding a password on the webpage, which working for all other browser but not for IE.
<HEAD>
<SCRIPT language="JavaScript">
<!--hide
var password;
var pass1="cool";
password=prompt('Please enter your password to view this page!',' ');
if (password==pass1)
alert('Password Correct! Click OK to enter!');
else
{
window.location=".htm";
}
//-->
</SCRIPT>
</HEAD>
The code is for adding a password on the webpage, which working for all other browser but not for IE.
<HEAD>
<SCRIPT language="JavaScript">
<!--hide
var password;
var pass1="cool";
password=prompt('Please enter your password to view this page!',' ');
if (password==pass1)
alert('Password Correct! Click OK to enter!');
else
{
window.location="http://www.pageresource./jscript/jpass.htm";
}
//-->
</SCRIPT>
</HEAD>
- 7 You know that JS runs at client side? Everyone can see the password by just doing a 'view source'. – BalusC Commented Dec 15, 2009 at 22:32
- 4 Do you realize that anyone can read the source to your page and discover the password? If you want to password protect your services, you need to validate the passwords at the server. – Mark Byers Commented Dec 15, 2009 at 22:32
- 2 Give him a break, I'm pretty sure he's just practicing. We all started somewhere. – Jage Commented Dec 15, 2009 at 22:34
-
2
@Michiel: Actually, client-side validation can provide faster feedback for data that doesn't make sense, but the server has to do all the validation it might need in addition. While this is not the question asked, what he's doing is a Bad Idea, and the sooner the questioner knows that the better. I'd do the same with, say, a C question involving the use of
gets(). – David Thornley Commented Dec 15, 2009 at 22:49 - 4 "x not working in IE, but ok elsewhere" - what else is new? – Tor Valamo Commented Dec 15, 2009 at 23:09
11 Answers
Reset to default 5window.location doesn't work in IE6. You probably want document.location.
if ("cool" == prompt('Please enter your password to view this page!', '')) {
alert('Password Correct! Click OK to enter!');
} else {
document.location = "http://www.pageresource./jscript/jpass.htm";
}
IE7 has the prompt functionality disabled by default.
And as everyone before me has said unless this is just a learning javascript type endevour - the "protection" is useless. All anyone has to do is disable JS and/or look at your source for where youre redirecting.
Try wrapping curly braces around your if:
if (password==pass1){
alert('Password Correct! Click OK to enter!');
} else {
window.location="http://www.pageresource./jscript/jpass.htm";
}
You probably don't really need that hide stuff anymore either. Good luck on your learning.
Ok, firstly I hope you are just doing this to play with javascript because anyone will be able to bypass your security in a snap just by looking at the source code. To manage login access to a site you really should be using a server side implementation such as php, jsp, asp etc. Those sites take the password login and pare it on the server which the normal user cannot see. Anyway your code below should work:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>HTML Test</title>
<script type="text/javascript">
function check()
{
var password;
var pass1="cool";
password=prompt('Please enter your password to view this page!',' ');
if (password==pass1)
alert('Password Correct! Click OK to enter!');
else
document.location="http://www.pageresource./jscript/jpass.htm";
}
</script>
</head>
<body onload="check()">
</body>
</html>
- I think you are missing one squiggly at end of 'if' line, and another at beginning of 'else' line, or, remove the two that are existing now .
So, either this:
if (password==pass1) {
alert('Password Correct! Click OK to enter!');
} else {
window.location="http://www.pageresource./jscript/jpass.htm";
}
.. or this (although I never code this way personally) ..
if (password==pass1)
alert('Password Correct! Click OK to enter!');
else
window.location="http://www.pageresource./jscript/jpass.htm";
should work.
Also, try window.location.href instead of just window.location.
window.location.href = "http://www.pageresource./jscript/jpass.htm";
Of course, as mentioned ny others, your approach is not secure using password on client side (<!--hide does NOT hide the javascript from the source code view).
Hope this helps -
it looks like your first line of js:
<!--hide
should be :
// <!-- hide
But it looks liek you may have other problems as well. Try that first!
If my JavaScript only breaks in IE, the very first thing I do is run it through JSLint, a free tool that checks your JS code for errors. This will likely reveal what's causing IE to choke.
DON'T DO THAT!!! You're sending the user the password. All the user has to do is "View Source" and it's right there. Alternatively, the user can get whatever information the password was hiding from the Javascript source.
Client-side validation is great for things like data formats, but nothing that is sensitive should ever be done client-side, and all data should be validated again on the server. Remember, a malicious user can send you anything, bypassing your Javascript entirely.
its this bit of code here
if (password==pass1)
alert('Password Correct! Click OK to enter!');
else
{
window.location="http://www.pageresource./jscript/jpass.htm";
}
first of all wrap the alert bit in curly braces to read
if (password==pass1){
alert('Password Correct! Click OK to enter!');
}
secondly, unlike php and other C like languages, do not start braces in a new line...
in javascript, when a script is evaluated by the interpreter, it looks for a semicolon designating the end of a statement,
if a semicolon is not found, the closest previous line break is replaced with a semicolon
So, your else block is evaluated as :
else;
{;
window.location="http://www.pageresource./jscript/jpass.htm";
};
instead write it as
else{
window.location="http://www.pageresource./jscript/jpass.htm";
}
When I used the IETester's "open URL in all IE versions", it failed to work in all windows expect of the first window where the prompt was entered, regardless of the IE window used.
However, it works fine here in all known browsers (including IE6/7/8) when tested individually. I haven't change anything from the code as outlined here.
So your actual problem lies somewhere else than in the as far provided information.
Needless to say, this approach is far from secure.
FROM window.location TO document.location is all you need to change for a bug-free cross-browser implementation of your code. Never use window unless you are truly referencing the window object; Example: window.close()