How to handle window.location.href event

Question

I'd like to know which is the location the page is trying to navigate (via Javascript) to and if it is http://foo.com I'd like to abort the redirection.

Example:

function onredirect(url)
{
   if(url == 'http://foo.com')
   { 
      abort();
   }
}

I couldn't find a way to either handle the action let alone getting the target-url in an event handling parameter. Is it possible to :

Listen to page changed event (as a result of window.location.href command) and
Abort navigation if a specific URL is the target?

The intention is that the snippet below does not navigate to the specified website:

function handleNavigation(urlDestination)
{ 
  
    alert('leaving to ' + urlDestination); 
    alert('Now a code for abortion should be executed if URL is foo.com'); 
}

window.onhashchange = handleNavigation;

window.onunload =   handleNavigation ;
window.addEventListener("beforeunload", function (e) {
    handleNavigation()
}, false);
window.addEventListener("unload", function (e) {
   handleNavigation()
}, false);

window.addEventListener('popstate', handleNavigation);
 

window.onload = function(){

    window.location.href = 'http://foo.com'; //I want to know when this happened

}

<body onunload="handleNavigation()">
  </body>

The answer to this question will help me answer Javascript Injection prevention on Wordpress .

What I want is that if the user types http://foo.com he can leave. HOwever, if a script redirects him to http://foo.com, I want to protect him from leaving to that place.

Although this is similar to Event when window.location.href changes I want to see the target-url as a parameter. This could also be useful I wanted to log the pages the users are going to after leaving my website.

check this, it may help http://stackoverflow.com/questions/6390341/how-to-detect-url-change-in-javascript\ — Deep, Jul 03 '16 at 15:26
Generally speaking you can't and shouldn't abort user attempt to leave your site. — Yury Tarabanko, Jul 03 '16 at 15:40
@YuryTarabanko notice that I don't want to block my user to leave my site. I just want to intercept a window.location.href event and abort if eventually it redirects to a site I don't want. If the user types a website he can leave freely. — ClayKaboom, Jul 03 '16 at 17:03
@Deep I made an attemp with your suggestion (improved question) and it didn't work — ClayKaboom, Jul 03 '16 at 17:06
"I just want to intercept a window.location.href event and abort if eventually it redirects to a site I don't want." Don't you think such an option would allow someone to block user from leaving his/her site by simply assuming every site to be "he/she don't want"? :) — Yury Tarabanko, Jul 03 '16 at 17:16
That's true @YuryTarabanko it might sound like that. THis question is actually a subset of this one: http://stackoverflow.com/questions/38161647/javascript-injection-prevention-on-wordpress/38162963#38162963 My site is being hacked and I need to counter attack the hacker, who is injecting window.location.href, and therefore pointing to a malicious website. THanks for your input, and I'll rephrase my question. — ClayKaboom, Jul 03 '16 at 17:39
@YuryTarabanko what I mean is, if the user types 'http://foo.com' he can leave. if a script redirects him to this place, I want to protect him from leaving to that place. — ClayKaboom, Jul 03 '16 at 17:40
If your site is being hacked, you need to fix the security hole and stop the attacker from injecting code to your site! You're in a sinking ship, and you're asking how to pump water out faster instead of asking how to plug the hole where the water is leaking in. — JJJ, Jul 03 '16 at 17:47
You're right @Juhana! That's what I'm working on. I don't understand how the hacker is operating and it will take time to figure out the solution to the root cause. HOwever the question is still valid for knowledge purposes. — ClayKaboom, Jul 03 '16 at 17:53

How to handle window.location.href event

0 Answers0