|
Posted by Tim Burkart on August 29, 2007, 8:19 pm
Please log in for more thread options
I don't know where to post this question. It's now been cross-posted here
and the VB.NET forum. I have an HTML form field on a plain HTML page -
<Form method="GET"
action="http://www.someothersite.com/ProductSearch/LinkInQS.aspx">
<input type="hidden" name="ID" value="E8352CCC-DE22-4DC8-829E-69E5BC071195">
<input type="text" name="keyword" size="16" maxlength="500">
<input type="submit" value="Search"></Form>
Because the normal search results display with the someothersite.com URL I
want to put the results page in a frame/iframe on another page. Can I do the
following?
Change the form to GET/POST to the target page with a frame/iframe defined -
<Form action="search.aspx?qid=key" method="POST">
<input type="hidden" name="ID" value="E8352CCC-DE22-4DC8-829E-69E5BC071195">
<table border="1" width="100%">
<tr><td align="center"><input type="text" name="keyword" size="30"
maxlength="500">
<br>
<input name="Submit" type="image" id="Submit"
src="/zoom/images/GO.gif"></td></tr>
</table>
</form>
and then somehow extract the form variables ID and keyword, pass them to the
original link for processing and finally return the results to my search
results page.
Thank you!!
Tim
|
|
Posted by Jukka K. Korpela on August 30, 2007, 3:26 am
Please log in for more thread options
Scripsit Tim Burkart:
> I don't know where to post this question.
The you probably should have studied that question before posting. Newsgroup
descriptions and archives are often helpful in such matters.
> It's now been cross-posted
> here and the VB.NET forum.
No, it's not. You're not crossposting it. Google for "crossposting" to see
what "crossposting" means.
> <Form method="GET"
> action="http://www.someothersite.com/ProductSearch/LinkInQS.aspx">
> <input type="hidden" name="ID"
> value="E8352CCC-DE22-4DC8-829E-69E5BC071195"> <input type="text"
> name="keyword" size="16" maxlength="500"> <input type="submit"
> value="Search"></Form>
Why didn't you post the URL of the page? Is this the actual markup? Is there
no explanatory text, no label for the field?
Is www.someothersite.com really the server where the form handler is? The
domain name exists, though probably just for the sake of selling domain
names, for now. Use the .example pseudo-domain if you wish to refer to an
imaginary domain name.
> Because the normal search results display with the someothersite.com
> URL I want to put the results page in a frame/iframe on another page.
Stop wanting that. In the worst (and quite possible) scenario, you are
planning to do something that can be construed as a copyright infringement:
displaying another site's content (like search result pages) faked as _your_
content.
> Can I do the following?
>
> Change the form to GET/POST to the target page with a frame/iframe
> defined -
> <Form action="search.aspx?qid=key" method="POST">
> <input type="hidden" name="ID"
> value="E8352CCC-DE22-4DC8-829E-69E5BC071195"> <table border="1"
> width="100%"> <tr><td align="center"><input type="text"
> name="keyword" size="30" maxlength="500">
> <br>
> <input name="Submit" type="image" id="Submit"
> src="/zoom/images/GO.gif"></td></tr>
> </table>
> </form>
Why have you obscured the markup now, with pointless use of a table, and
with an image submit button with no textual alternative specified?
Anyway, this is a completely different form, since it has a different
action.
> and then somehow extract the form variables ID and keyword, pass them
> to the original link for processing and finally return the results to
> my search results page.
That's surely not an HTML matter. HTML does not deal with what happens after
the data has been sent to the form handler.
--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/
|
|
Posted by André Gillibert on August 30, 2007, 6:04 am
Please log in for more thread options
Tim Burkart wrote:
> <Form method="GET"
> action="http://www.someothersite.com/ProductSearch/LinkInQS.aspx">
> <input type="hidden" name="ID"
> value="E8352CCC-DE22-4DC8-829E-69E5BC071195">
> <input type="text" name="keyword" size="16" maxlength="500">
> <input type="submit" value="Search"></Form>
>
> Because the normal search results display with the someothersite.com URL
> I want to put the results page in a frame/iframe on another page.
Assuming the iframe or frame is on your current website, you should simply
use the target attribute of the FORM element.
The target frame or iframe must have a name attribute.
Be sure to use HTML 4.01 Transitional. Frames, iframes aren't available in
HTML 4.01 "Strict", and XHTML Transitional is case-sensitive.
<form method=GET target="iframe-or-frame-name"
action=
"http://www.someothersite.com/ProductSearch/LinkInQS.aspx">
> Can I do the following?
>
> Change the form to GET/POST to the target page with a frame/iframe
> defined -
>
You can, as you can shoot in your foot... It doesn't mean you should.
First, why would you want a POST method for a search request?
The HTTP GET method should be used if and only if there are no side effect
(doesn't change the "internal state of your website").
The HTTP POST, PUT and DELETE methods should only be used if there are
side effects.
There's no side effect, thus, you should use GET.
This is one of the "axioms" of the Web defined by Tim Berners Lee:
http://www.w3.org/DesignIssues/Axioms.html#state
Reading RFC-2616 is probably a good idea too.
Now, you *could* send a GET request to your server and make your server
forware the request to someothersite.com, and mirror a part of the
response into the HTML flow that your server-side script outputs (a sort
of irregular HTTP proxy).
But that would be
1) heavy: You would have deal with transfer encoding, translate character
maps (charset), remove HTML headers (maybe translate headings levels too),
replace relative links with absolute links (assuming you have an algorithm
that finds 100% of the links, knowing every current and future extension
to the HTML language).
2) Dangerous:
Interaction of client-side scripts in the two pages would be awful.
There's no viable option but delete all scripting tags...
Invalid HTML code in the someothersite.com page could damage the code of
your site (only 2 or 3% of the HTML pages of the Web have valid code).
3) Might violate some copyrights, or at least steal someothersite.com
identity. You would need the written consent of someothersite.com.
4) Would create issues related to cookies:
4.1) The user may not send the cookies of someothersite.com to your
domain, so you won't be able to forward them to someothersite.com.
Moreover, that would violate the privacy of the user: He didn't ask you to
send his cookies to someothersite.com that he may not trust.
4.2) The cookies sent back by someothersite.com would have to be ignored
or forwarded to the client by your site.
If you apply the latter, the client will tag them with the wrong domain.
5) And probably lots of other problems.
An iframe or frame is a much more viable option.
No frame at all (simply letting the user be directed to someothersite.com)
is viable too.
> and then somehow extract the form variables ID and keyword
This is a server-side issue that you should easily deal with, if you read
the friendly manual of your server and scripting language.
> , pass them to the original link for processing
> and finally return the results to my search
> results page.
Send an HTTP GET request to someothersite.com, and deal with all the
issues I described above, and probably many more.
--
|
|
Posted by Jukka K. Korpela on August 30, 2007, 7:04 am
Please log in for more thread options
Scripsit André Gillibert:
> There's no side effect, thus, you should use GET.
We don't really _know_, do we, whether the particular form has side effects
(or non-idempotent side effects)? Just because it looks like a search form
doesn't mean that it is and that it has no side effects.
Moreover, the principle on using GET is questionable.
> This is one of the "axioms" of the Web defined by Tim Berners Lee:
> http://www.w3.org/DesignIssues/Axioms.html#state
But Sir Tim Berners-Lee's personal writings are not normative. In this
particular issue, his opinion has become outdated. There are many possible
legitimate uses for POST in forms with no side effects. It might even be
argued that GET should _never_ be used for a form that contains a text input
field, since GET restricts - by normative specifications - input data to
ASCII characters, leaving it unspecified what happens if users enter other
characters, as they surely _can_. More on such issues:
http://www.cs.tut.fi/~jkorpela/forms/methods.html
--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/
|
|
Posted by André Gillibert on August 30, 2007, 8:03 am
Please log in for more thread options
Jukka K. Korpela wrote:
> Scripsit André Gillibert:
>
>> There's no side effect, thus, you should use GET.
>
> We don't really _know_, do we, whether the particular form has side
> effects (or non-idempotent side effects)? Just because it looks like a
> search form doesn't mean that it is and that it has no side effects.
>
We've two indications that it probably has no side effect:
1) The original site uses GET.
2) This is a search feature.
Yes, we don't really _know_.
> It might even be argued that GET should _never_ be used for a form that
> contains a text input field, since GET restricts - by normative
> specifications - input data to ASCII characters, leaving it unspecified
> what happens if users enter other characters, as they surely _can_.
There's an existing practice of user-agents: Using the 8 bits charset of
the source page, and URI-encoding it.
There's no norm, but it's usable.
If Google used a POST request, it would be much much less popular, because
it wouldn't be possible to point to a particular request.
Moreover, using a POST request for site 1 and *forwarding* it as a GET
request, takes the *worst* of both world.
Do you still think POST is a good idea?
--
|
| Similar Threads | Posted | | One form, two "actions" - HTML or ASP? | August 31, 2004, 11:24 am |
| HTML form to Excel | July 31, 2008, 11:47 am |
| Embedding a Form in an HTML E-Mail - Possible? | September 16, 2004, 7:10 am |
| HTML Form "Lookup" Fields | May 8, 2005, 4:23 am |
| multi-column html form | July 18, 2005, 7:42 am |
| Saving HTML Form without Submit | December 8, 2005, 4:23 pm |
| html form to populate into an excel sheet? | April 7, 2005, 7:49 pm |
| html contact form on front page | January 19, 2007, 11:52 pm |
| receipt of form values by an HTML page | October 10, 2007, 2:56 pm |
| HTML form (XForms) --> XML Document without a web server? | November 26, 2007, 11:33 am |
|
XML Sitemap