Jump to content

JSON post

beanymanuk

By beanymanuk
in Javascript Help

 Share

Recommended Posts

beanymanuk Regular Member

beanymanuk

Posted
Posted

Hi I am trying to replicate this JSON post from online any ideas where I'm going wrong
 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<title>TEST JSON</title>
<head>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script language="javascript" type="text/javascript">
        j$(document).ready(function () {

        j$("#doVote").click(function () {

            var girlId = 'ctl00_Body_VotingPanel_hidGirlID'
            var searchString = 'ctl00_Body_VotingPanel_hidSearchString'

            if (j$("#" + girlId + "").val() == "") {
                girlId = 0;
            }
            else {
                girlId = j$("#" + girlId + "").val();
            }

            var x = j$.ajax({
                type: "POST",
                contentType: "application/json; charset=utf-8",
                url: "http://www.fhm.com/site/pages/girls/100sexiest2010/VotePopup.aspx/InsertVotee",
                data: "{girlId:" + girlId + ",girlName:'" + escape(j$("#" + searchString + "").val()) + "', shareType:3}",
                dataType: "json",
                error: function (xhr, status, error) {
                    //j$("#voteError").show("slow");
                    //alert(xhr.statusText);
                    //alert(error);
                },
                success: function (voteid) {
                    j$("#hidVoteId").val(voteid);
                    j$(".coverflowContainer").animate({ left: '-=631px' }, 500);
                    displayCompetitionBox();
                }
            });
        });
    });    
</script>
</head>
<body>
<input type="hidden" value="1124" id="ctl00_Body_VotingPanel_hidGirlID" name="ctl00$Body$VotingPanel$hidGirlID">
<input type="hidden" id="ctl00_Body_VotingPanel_hidSearchString" name="ctl00$Body$VotingPanel$hidSearchString">
<a id="doVote" class="voteButton">Vote Now</a>
</body>
</html>

 

 

 

Link to comment
Share on other sites
.josh Advanced Member

.josh

Posted
Posted

my guess is you are trying to run that script on a domain other than www.fhm.com, which is a violation of the same origin policy.  IOW unless fhm.com is specifically setup to allow cross domain scripting (XSS), that's not allowed, can't do that. If by some chance the page you are running the script on is that domain, or else you know for a fact that domain allows XSS...then please explain what the problem is.  Tell us what what you are expecting it to do and what it is not doing. 

 

@teynon: $ is the default namespace for the jQuery library, but it allows for you to specify its namespace in order to prevent conflict with other libraries which use that namespace (for instance Prototype). 

Link to comment
Share on other sites
beanymanuk Regular Member

beanymanuk

Posted
  • Author
Posted

Appologises copied wrong version of code version without the j$
 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<title>My jQuery JSON Web Page</title>
<head>

<script language="javascript" type="text/javascript">
/*        $(document).ready(function () {

        $("#doVote").click(function () {

            var girlId = 'ctl00_Body_VotingPanel_hidGirlID'
            var searchString = 'ctl00_Body_VotingPanel_hidSearchString'

            if ($("#" + girlId + "").val() == "") {
                girlId = 0;
            }
            else {
                girlId = $("#" + girlId + "").val();
            }

            var x = $.ajax({
                type: "POST",
                contentType: "application/json; charset=utf-8",
                url: "/site/pages/girls/100sexiest2010/VotePopup.aspx/InsertVote",
                data: "{girlId:" + girlId + ",girlName:'" + escape($("#" + searchString + "").val()) + "', shareType:3}",
                dataType: "json",
                error: function (xhr, status, error) {
                    //$("#voteError").show("slow");
                    //alert(xhr.statusText);
                    //alert(error);
                },
                success: function (voteid) {
                    alert("SUCCESS");
                    $("#hidVoteId").val(voteid);
                    $(".coverflowContainer").animate({ left: '-=631px' }, 500);
                    displayCompetitionBox();
                }
            });
        });
    });
*/    
</script>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script type="text/javascript">

JSONTest = function() {

    var resultDiv = $("#resultDivContainer");
    var girlID = 1124
    var searchString = ''
    
    $.ajax({
        //contentType: "application/json; charset=utf-8",
        url: "http://www.fhm.com/site/pages/girls/100sexiest2010/VotePopup.aspx/InsertVote",
        type: "POST",
       // data: { girlId:1124,girlName:'', shareType:3 },
        data: "{girlId:" + girlId + ",girlName:'" + searchString + "', shareType:3}",
        dataType: "json",
        error: function (xhr, status, error) {
//j$("#voteError").show("slow");
alert(xhr.statusText);
alert(error);
},
        success: function (voteid) {
            switch (result) {
                case true:
                    processResponse(voteid);
                    break;
                default:
                    resultDiv.html(voteid);
            }
        }
    });
};

</script>
</head>
<body>
<input type="hidden" id="ctl00_Body_VotingPanel_hidSearchString" name="ctl00$Body$VotingPanel$hidSearchString">
<h1>My jQuery JSON Web Page</h1>

<div id="resultDivContainer"></div>

<button type="button" onclick="JSONTest()">JSON</button>

</body>
</html>
 
Link to comment
Share on other sites
beanymanuk Regular Member

beanymanuk

Posted
  • Author
Posted

I did wonder this Is there a way of finding out if it allows XSS or not for sure?

 

my guess is you are trying to run that script on a domain other than www.fhm.com, which is a violation of the same origin policy.  IOW unless fhm.com is specifically setup to allow cross domain scripting (XSS), that's not allowed, can't do that. If by some chance the page you are running the script on is that domain, or else you know for a fact that domain allows XSS...then please explain what the problem is.  Tell us what what you are expecting it to do and what it is not doing. 

 

@teynon: $ is the default namespace for the jQuery library, but it allows for you to specify its namespace in order to prevent conflict with other libraries which use that namespace (for instance Prototype). 

Link to comment
Share on other sites
beanymanuk Regular Member

beanymanuk

Posted
  • Author
Posted

I'm just getting "error" not very helpful

 

Heres my latest code

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<title>My jQuery JSON Web Page</title>
<head>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script type="text/javascript">

JSONTest = function() {

    var resultDiv = $("#resultDivContainer");
	var girlID = 1124
	var searchString = ''
	
    $.ajax({
		//contentType: "application/json; charset=utf-8",
        url: "http://www.fhm.com/site/pages/girls/100sexiest2010/VotePopup.aspx/InsertVote",
        type: "POST",
        data: { girlId:1124,girlName:'', shareType:3 },
        //data: "{girlId:" + girlId + ",girlName:'" + searchString + "', shareType:3}",
		dataType: "json",
		error: function (xhr, status, error) {
//j$("#voteError").show("slow");
alert(xhr.statusText);
alert(error);
}, 
        success: function (voteid) {
            switch (result) {
                case true:
                    processResponse(voteid);
                    break;
                default:
                    resultDiv.html(voteid);
            }
        }
    });
};

</script>
</head>
<body>
<input type="hidden" id="ctl00_Body_VotingPanel_hidSearchString" name="ctl00$Body$VotingPanel$hidSearchString">
<h1>My jQuery JSON Web Page</h1>

<div id="resultDivContainer"></div>

<button type="button" onclick="JSONTest()">JSON</button>

</body>
</html>

 

look in your js console, you should see some sort of message screaming at you if it failed because of it.

Link to comment
Share on other sites
.josh Advanced Member

.josh

Posted
Posted

If you look in your actual js console instead of those alerts you made, you would see the following (will vary depending on browser, this is from Chrome):

XMLHttpRequest cannot load [target url]. Origin [current page domain] is not allowed by Access-Control-Allow-Origin.

Which confirms that you are attempting XSS and that domain doesn't allow it.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.