Site Network: Personal | Professional | Photography

Technical Blog

This blog will contain content related to Java, Seam, Security, my sites and projects, as well as other technical subjects I am interested in.

Comments and questions are welcome!

Preventing Multiple Submits On An ATG Form

Friday, October 10th, 2008

Often, you'll want to prevent impatient users from clicking a submit button multiple times, as you can end up with multiple actions taking place, or object state can get in a bad way leading to errors. For this example we'll assume you have a final Submit Order form that actually places the order, auth's the credit card, etc...

You can't simply disable the submit button onclick with ATG as typically the submit button is the input field that actually activates the handle method. I tried a bunch of things, before I was able to get something working, so I wanted to share that here.

First thing is to write some javascript that will handle all of the magic (this example uses jQuery):

 
<SCRIPT language="JavaScript">
function submitform() {
	$('#commitOrderButton').attr("href","#");
	document.myFormsName.submit();
}
</SCRIPT>
 

Second, you need to move the input that calls the correct handle method out of the submit button and into a hidden form field:

 
<dsp:input bean="CommitOrderFormHandler.commitOrder" value="submit" type="hidden" />
 

Thirdly you'll want to replace the submit input with a submit <a> which will call your javascript:

<a href="javascript:submitform()" id="commitOrderButton">
    <img src="/myapp/img/button/submitOrder.gif" alt="Submit Order" border="0" class="submitOrder" />
</a>

And that's it.

Posted in ATG | 2 Comments »

Lions and Tigers and Third-Party Javascript

Wednesday, December 27th, 2006

There are many reasons that you may wish to put a third-party javascript reference on your website. Serving ads, making use of tracking and analytics tools such as Google Analytics, and many other features may want to use a remotely referenced third-party javascript. The big issue here is trust. By putting a remotely referenced javascript on your pages you are essentially handing some control of your visitors’ browsers’ over to this third-party. Maliciously crafted javascript can be used to install software, steal form submission data, rewrite elements of pages, send users to fake phishing sites instead of the real site, crash browsers, popup ads or inappropriate content, and much more. The range of possible attacks using javascript is a long discussion in and of itself, and I won’t go into it here. (Google around or ask me if you want more information on this area of things.)

Read about it after the fold....

(more...)

Posted in Security | 2 Comments »