0

i have a webpage that loads certain JavaScript packages.

www.mySite.com

If i enter JavaScript commands in the browser console, i am able to interact with them.

Lets take 

alert('5')

as a simple example.

I would like the same JavaScript calls to be executed without the browser console but through a specific URL like:

www.mySite.com/?value=5

so that this leads to an execution of my JavaScript commands?

Without the Page beeing reloaded/refreshed but staying in the actual state.

My approach was to catch the extended URL in my Django View and execute the JavaScript command.

View:

class ShowPage(View):
    def get(self, request, caseId):

        value = request.GET.get('value', '')

        if(value is not ''):
            // execute JavaScript here...
            return HttpResponse("<script>alert(" + value + ")</script>")
        else:
             ...
             return render(request, 'template.html', context)

But this leads to a loss of my page where i entered the URL.

Does anyone has an idea how to preserve the actual Browser content? So that it is possible to call the loaded Javascript packages?

Another idea was to call JavaScript through Ajax. But how do i map a URL in Django to a Ajax request?

TVK
  • 1,042
  • 7
  • 21

2 Answers2

1

Your current code is problematic on many levels, particularly because it allows the user to execute arbitrary JS on your page. This is called a Cross-site Scripting (XSS) attack.

Another issue is that you seem to want to add a GET parameter without "changing the state" of the page. Here you must remember that a GET request is, by definition, a communication between the client and server. You can artificially change what the URL looks like using JS, but you cannot submit a GET request on the same page without reloading it.

This is why you certainly want to use AJAX, which allows you to fetch the contents from another page and return them to the current page in the background. Usually this is done by creating a view that returns a JsonResponse (in Django 1.7+) (see Creating a JSON response using Django and Python).

A simplified example would be to encode a view that simply displays some text. You could then retrieve this text using AJAX (I recommend the jQuery for this--it's simple and well-documented) and do whatever you want with it, including alert it.

Community
  • 1
  • 1
brianpck
  • 8,084
  • 1
  • 22
  • 33
-1

Try to use a '#':

www.mySite.com#command

This doesn't reload the site.

Maybe this helps too:

url: https://css-tricks.com/snippets/javascript/get-url-and-url-parts-in-javascript/

url: Get current URL in web browser

'#': http://www.w3schools.com/html/html_links.asp

EDIT:

use 'eval()' to execute the input:

http://www.w3schools.com/jsref/jsref_eval.asp

Community
  • 1
  • 1
jl005
  • 110
  • 3
  • 8
  • Using `eval`? Usually a bad idea. Using it to execute a GET input? Yeah, don't do that :) – brianpck Sep 28 '16 at 15:04
  • Yeah the user can do bad stuff, but only the things he could do anyway with the appropriate knownledge (copy and edit the page manually). But in a real application it would be good to filter the usable commands / don't use `eval`. – jl005 Sep 29 '16 at 20:27