Home/ Questions/Q 8407445
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T23:22:00+00:00

We have a feature in a Windows application that opens a web browser, navigates

  • 0

We have a feature in a Windows application that opens a web browser, navigates to certain pre-configured web sites, and auto-fills the forms with data from our database — it’s a convenience feature for users.

Now we want to build an Asp.Net version of this feature so that from our web app, the user clicks a link/button, and we open the page (with a redirect? with JavaScript?). Then we fill in the form so that the user can review the data and submit it.

To do this, I think that we would either need to inject javascript into the browser frame that is loading the external window, or we would need to be able to interact with that window.

We are worried that browser security might not allow this — it could look like some sort of spoofing attack. What would be a good way to do this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If the Domains, Protocols, and Ports do not match between the website opening the popup and the website being opened in the popup then your code will violate the Same Origin Policy and either be silently ignored or throw an exception.

    Here’s an example to demonstrate:

    <!doctype html>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<script type="text/javascript">
    openPopUp = function(href) {
        var props = "width=500,height=500,menubar=no,toolbar=no,scrollbars=yes";
        var win = window.open(href, href, props);
        if (win == null) alert("Your popup blocker is ruining my demo.");
        return win;
    };

    openMe = function(url){
        href = (url=="")?document.location:url;

        pu = openPopUp(href);

        //This will be ignored silently if Same Origin Policy is violated
        pu.onload = function() { 
            p = pu.document.createElement("p");
            p.appendChild(pu.document.createTextNode("onload was here."));
            pu.document.body.appendChild(p);
        };

        //This will throw an exception if Same Origin Policy is violated
        setTimeout(function() { 
            p = pu.document.createElement("p");
            p.appendChild(pu.document.createTextNode("setTimeout was here."));
            pu.document.body.appendChild(p);
        },3000);

        return false;
    }
</script>
<body>
<a href="" onclick="return openMe(this.href);">Self</a>
<a href="https://www.google.com/" onclick="return openMe(this.href);">Google</a>
    • 0