How to reliably send cross-domain and cross-browser requests on the upload page

Question

How to reliably send cross-domain and cross-browser requests on the upload page

I have javascript code downloaded by third parties. Javascript tracks a number of metrics, and when a user exits this page, I would like to send metrics to my server.

Due to XSS checking in some browsers like IE, I cannot make a simple jquery.ajax () call. Instead, I add an src image to the page using jquery. Here is the code overlaid by the browser:

function record_metrics() { //Arbitrary code execution here to set test_url $esajquery('#MainDiv').append("<img src='" + test_url + "' />"); } if ($esajquery.browser.msie) { window.onbeforeunload = function() { record_metrics(); } } else { $esajquery(window).unload( function(){ record_metrics(); } ); }

FF aborts the request "test_url" if I use window.onbeforeunload and IE8 does not work with jquery unload (). IE8 also doesn't work if the arbitrary test_url installation code is too long, although IE8 seems to work fine if it is immediately added to the DOM.

Is there a better way to solve this problem? Unfortunately, this really needs to be done when the user leaves the page.

+4

javascript jquery xss onbeforeunload

Agmin Apr 17 '10 at 0:35

source share

4 answers

Agmin · Answer 1 · 2010-04-20T16:33:42+0000

For posterity, here is what I did:

 if ($.browser.msie) { window.onbeforeunload = function() { $('#div1').append("<img src='record_call' />"); } else { $(window).unload( if ($.browser.webkit) { $.ajax(url:record_call, async:false); } else { $('#div1').append("<script src='record_call' />"); } ); }

I found that IE is working on adding img, but not a script, perhaps because the script is more resource intensive and it shuts down before trying to load it. For webkit, a script application sometimes works, but adding an image never worked. Finally, I default to a script (mainly for FF), because older versions of browsers seem to blend well with it. IE blocks the AJAX call used by webkit due to xss.

In addition, IE never works with the jquery unload function, and other browsers do not work with onbeforeunload, so you need to examine them. This, of course, is not a good solution, but it works most of the time.

Sean · Answer 2 · 2011-03-08T00:14:47+0000

A for those trying to use the Agmin method above: When you use the jQuery append() method to add a script tag, jQuery internal wiring uses jQuery.ajax() to execute the script, so if the script you add is in a different domain , policies of the same origin will prevent script execution.

ken · Answer 3 · 2010-04-17T02:48:09+0000

From what I remember, some browsers accept a text string for the result onbeforeunload. Try something else like this:

 jQuery(window).bind('beforeunload', function() { record_metrics(); return ''; } );

Not sure, but it might even work for all browsers, but I only guess about it.

ps also see. How can I override the OnBeforeUnload dialog and replace it with mine?

Felipe sabino · Answer 4 · 2010-10-23T15:07:35+0000

You should take a look at the easyXDM library

http://easyxdm.net/

I think this will simplify your work with respect to the restriction established under the policy of the same origin.

How to reliably send cross-domain and cross-browser requests on the upload page

More articles: