Results 1 to 3 of 3

Thread: Injecting data into an IFRAME...is this the best way?

  1. #1
    Ext JS Premium Member cmeans's Avatar
    Join Date
    Jun 2010
    Location
    Chicago, IL USA
    Posts
    117
    Answers
    3

    Question Injecting data into an IFRAME...is this the best way?

    ExtJS 4.1.3

    I'm providing an option for users to email the results of some analysis.

    But to avoid misuse, I'm first presenting a reCAPCHA.

    To make my life easy, I'm injecting the content that I want emailed into the form that will be submitted to my server.

    My questions are:
    1. Is there a better (read cleaner, more ExtJSy) way to do it?
    2. Are there any "additional" security type issues I should be aware of (I'm only sending plain text), and it will only go into the email...not to be displayed anywhere else)?

    Here's the "core" code:

    Code:
                {
                    xtype: 'container',
                    style: 'background-color: white',
                    width: 330,
                    height: 220,
                    autoEl : 
                    {
                        tag : 'iframe',
                        src: 'Email.aspx'
                    },
                    listeners:
                    {
                        render:
                            function(component)
                            {
                                var me = this;
                                
                                component.getEl().on(
                                    'load',
                                    function()
                                    {
                                        var control =
                                            this.dom.contentDocument.forms.form1.Content;
                                            
                                        control.value = me.up('email').emailContent;
                                    },
                                    component.getEl());
                            }
                    }
                }
    Thanks!

    -Chris

  2. #2
    Sencha User
    Join Date
    Feb 2013
    Location
    California
    Posts
    11,985
    Answers
    506

    Default

    The biggest security concern I see would be emailing in plain-text which is not very secure. Is your data of a sensitive nature?

  3. #3
    Ext JS Premium Member cmeans's Avatar
    Join Date
    Jun 2010
    Location
    Chicago, IL USA
    Posts
    117
    Answers
    3

    Default

    No not sensitive data. It's either store details (location, phone #, hours), a list of stores, or directions to a particular store. None of that info is sensitive.

    I am encoding the data prior to upload, and decode it as it's going into the message body.

    We have a reCAPTCHA in place, so it shouldn't be too useful as a conduit for abuse.

    I just added a feature that's now letting me auto-close the popup window (based on a value in the form returned from the server (after it's been submitted)).

    Thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •