Is this not vaild in IE7 ??

[laPistola]

<input name="login" type="button" class="buttons" id="login" value="login" />

document.getElementById('login').type = 'submit';

 

works perfect in FF but will not work in IE7 i even tryed changing to .value to see if it would change the button name to submit but that didn't work either?

 

Thanks

[Psycho]

I'm sure there's some reason why you want to change a button type to a submit button, but I can't think of any good ones. Can you explain the reason behind what you are trying to accomplish? There might be a better solution. Besides, doing what you describe above would probably block any usesrs w/o JS enabled.

[laPistola]

Hi

 

Thats the point, my site uses alittle javascript as most is done with PHP but the little JS it uses would mean there would be a couple of minor security risks if the user has JS disbled so to prevent this from happening i set all the submit buttons as type=button but if the user has JS enabled the JS changes the type to submit, removing the ablity of any non js users even using the site. The <noscript> explains for them to use the site enable js.

 

anyway i fixed this myself a couple of hours after posting, i used the .innerHTML to change the whole <input type="button" etc etc /> to <input type="submit" etc etc /> which works in ff and ie.

 

cheers anyway

[Psycho]

OK, but I hope you realize that any security holes you think this is closing are still there. Anyone can look at the source of a page and manipulate it however they wish.

[laPistola]

yes but these are very very minor, what i have done is stopped the ones thats not so up on hacking from disabling js and get past what i have used js to stop them, no site is 100% secure its just doing your best to try and prevent what you can, plus they cant view the source of the PHP or external js scripts, to my knowledge anyway.

 

i plan to re-write as much of the java in a PHP driven version in v2 of the site anyway.

[Psycho]

plus they cant view the source of the PHP or external js scripts, to my knowledge anyway.

 

It is very easy to view the source of external JS files. Just look in the code of the HTML page for any references to external JS files and then put that URL into your browser and . . . presto, you can download the JS file.

 

It's your site, but IMHO, I've never understood why some people go through great lengths to try and prevent the casual user from certain actions as a security feature (e.g. disabling right-click) when it is the advanced users that need to be protected against. Especially when those extra measures can really foul up the site depending upon which browsers are being used.

 

But, as long as you have what you want, all is well.

[corbin]

"no site is 100% secure its just doing your best to try and prevent what you can"

 

 

 

>.<

 

 

I will agree that most sites aren't 100% secure, but that's not a very good argument for not securing your site properly.

[laPistola]

im taking steps in every way i can/know of to stop the causal and the advance users. to be honest all me disabling non js users is really just stopping them signing up with invaild details like username and email and skipping the age verfication, but i do plan to change these scripts to PHP alturnatives in v2 of the site