Welcome Guest, Not a member yet? Register   Sign In
JavaScript and Anchors?
#1

[eluser]Bl4cKWid0w[/eluser]
I am trying to use onmouseover and onmouseout with my anchors. I've tried many different codes but none of them seem to be working. This is my code:

Code:
<?php
$atts = array(
              'onmouseover' => "window.status='Payment Options';return true;",
              'onmouseout' => "window.status='';return true;",
              'title' => 'Payment Options',
              'rel' => "moodalbox"              
              );
?>
<h1 style='text-align: right;margin-right: 20px;'>&lt;?=anchor('http://www.unholydesigns.com/system/application/views/payment_options.html', "Download File", $atts); ?&gt;</h1>

This is how the link is displayed in the source html:
Code:
href="http://www.unholydesigns.com/system/application/views/payment_options.html" onmouseover="window.status='Payment Options';return true;" onmouseout="window.status='';return true;" title="Payment Options" rel="moodalbox">Download File

Edit: These lame forums wouldn't let me post the source of the link so I removed the a tags from the post.

I've never tried this method before. I want to hide the url in the status bar because the url is that of an html file in my views directory. Nothing I've tried seems to work.

Thanks for any help in advance,
Scott.
#2

[eluser]Colin Williams[/eluser]
No matter what you do, your source is laid bare. There are real security steps you can take. Might be a good idea to scour the Web for primers on security.
#3

[eluser]Bl4cKWid0w[/eluser]
...Huh?
#4

[eluser]Pascal Kriete[/eluser]
What Colin is saying is that there is no reliable way to hide the url. Javascript is an interpreted language and as such, the browser receives the code in human-readable format. You can fuzz/obfuscate it to make it smaller and less readable (try looking at the google mail source), but that isn't a reliable way to hide data.

Not to mention that the request will show up in Firebug.

Have you considered making a proxy script (controller)? It could take the view name (encrypted if you're very worried) and spit out the view. Five lines of code - problem solved.




Theme © iAndrew 2016 - Forum software by © MyBB