Javascript getElementById

Question

I've written a php script with simple security-token system, And I used the security-token in a GET way simple example :

 <form action="index.php?act=members&add=member&sec-hash=b0af595dc70755564889457afad47def" method="post" target="add_member" enctype="multipart/form-data">

But I've had a problem with Javascript, while trying to get it to send add some easier way for me to add&edit members, but I couldn't get it from the <form> to use it in other Javascript things :S

this is what I've tried :

document.writeln('<iframe id="iframe" src="http://localhost/panel/index.php?act=members&add=member"onload="read()"></iframe>');
function read()
{
var securitytoken=
document.getElementById("iframe").contentDocument.forms[0].add_member.value;
document.writeln('<form action="add.php?sec-hash='+securitytoken+'" method="POST">');
....extra Javascript code ...
}

please, and its hard for me to re-code the script, I mean its easier for me to try with Java first you feel me ?

Thanks from now :)

Answer 1

To retrieve the <form> located in an iFrame:

var frm = document.getElementById("iframe").contentWindow.getElementsByTagName("form")[0];

To then retrieve the action attribute:

var act = frm.getAttribute('action');

And to parse for the security token:

var securityToken = act.substring(act.indexOf("sec-hash=") + 9);

If I were you, I'd add some error handling / if statements to check if each string/element you are working with isn't null/empty/undefined.