PDA

View Full Version : Injecting data into an IFRAME...is this the best way?



cmeans
29 Oct 2013, 12:49 PM
ExtJS 4.1.3

I'm providing an option for users to email the results of some analysis.

But to avoid misuse, I'm first presenting a reCAPCHA.

To make my life easy, I'm injecting the content that I want emailed into the form that will be submitted to my server.

My questions are:

Is there a better (read cleaner, more ExtJSy) way to do it?
Are there any "additional" security type issues I should be aware of (I'm only sending plain text), and it will only go into the email...not to be displayed anywhere else)?

Here's the "core" code:


{
xtype: 'container',
style: 'background-color: white',
width: 330,
height: 220,
autoEl :
{
tag : 'iframe',
src: 'Email.aspx'
},
listeners:
{
render:
function(component)
{
var me = this;

component.getEl().on(
'load',
function()
{
var control =
this.dom.contentDocument.forms.form1.Content;

control.value = me.up('email').emailContent;
},
component.getEl());
}
}
}



Thanks!

-Chris

Gary Schlosberg
5 Nov 2013, 11:00 AM
The biggest security concern I see would be emailing in plain-text which is not very secure. Is your data of a sensitive nature?

cmeans
5 Nov 2013, 3:42 PM
No not sensitive data. It's either store details (location, phone #, hours), a list of stores, or directions to a particular store. None of that info is sensitive.

I am encoding the data prior to upload, and decode it as it's going into the message body.

We have a reCAPTCHA in place, so it shouldn't be too useful as a conduit for abuse.

I just added a feature that's now letting me auto-close the popup window (based on a value in the form returned from the server (after it's been submitted)).

Thanks.