Protect the user from leaving the domain

@Vis3RMar 24.2007

Hello,
I have a problem. I need to somehow protect the user from leaving the domain he’s currently at. If he clicks a link directing to an url that’s not on the domain, it should NOT open up that page, but instead direct him to a specified url in the current domain.
It not only should protect the user when clicking on a link, but also clicking on a button or other things that could direct him elsewhere.

Example:
I’m on the domain ~~[url]~~www.domain.com[/url].
If i click on a link ~~[url]~~www.domain.com/whatever.htm[/url], it should work without any problem, but if i click on a link like

~~[url]~~www.notmydomain.com/whatever.htm[/url]

it should NOT open up that page, but instead go to

~~[url]~~www.domain.com/outlink.php?url=www.notmydomain.com/whatever.htm[/url]

The script should protect the user from being directed to a link outside the current domain. I don’t know if that’s achieveable with javascript, or any other language, or if that’s even possible. So your help would be greatly appreciated!

to post a comment

JavaScript

11 Comments(s) _↴

@konithomimoMar 24.2007 — #Well, that is not "protecting" the user, it is forcefully keeping him/her on your domain. For most users that will be an annoyance and they will not return to your site. If it is for an intranet then it would be understandable, and that would be something to have the server admin address by preventing pages from other domains. If you are just trying to do it for you site though, then there really isnt a good way to do it. The best thing to do is to not have links from your site to other sites.

If you merely want to display pages from other sites on your domain then simply use a frame to hold the other page, thus the user is still on your site, and any links that they click from that page will change the location of the frame and not the location of the parent window.

@Vis3RauthorMar 24.2007 — #It is for my website. It's a website that offers a service that needs this. And the clients will still be able to go to the websites outside of the domain, but first need to be directed to a page on the domain. And cannot be done with just framing the other page... I need to be able to detect what's the outside url that the client wants to reach.. and being able to redirect him to a specific url on my domain. And i can't control the links on the page, so i can't delete the links that point outside of the domain...

@konithomimoMar 24.2007 — #It is for my website. It's a website that offers a service that needs this. And the clients will still be able to go to the websites outside of the domain, but first need to be directed to a page on the domain. And cannot be done with just framing the other page... I need to be able to detect what's the outside url that the client wants to reach.. and being able to redirect him to a specific url on my domain. And i can't control the links on the page, so i can't delete the links that point outside of the domain...[/QUOTE]

What you are asking is not possible with JS, since it is a security violation. There is no "service" that needs to prevent users from leaving their domain. The only applicable reason is for an intranet. Even online virus scanners and streaming media sites allow users to leave, although they often through a message first. JS is for affecting the display/control of the document loaded in the browser window, not for changing the way that the browser functions.

The only way to do what you want is to put the page in a frame and gets the frames location, then redirect based on the frames location. Or you can simply have an input box that lets the user tell you where they want to go. And if you can't control the links then you are either trying to alter a page from another server on your site, or you are trying to get around ads.

@Vis3RauthorMar 24.2007 — #Familiar with web proxy? That's what the service looks like. And this service does need to protect users from leaving the domain, that's the point of it. It can't keep people anonymous otherwise. And the clients are free to leave the domain anytime they want, i'm not trapping them there. But untill they decide to leave by themselves, the script should keep them on my domain.

I see there's no way of doing it this with js, so i'll have to go with the slow way. Tnx for the answers.

@felgallMar 24.2007 — #Don't put external links on the pages where you don't want them to follow external links.

Nothing you can do about them entering a different address in their address bar or going back to a different site from their history list or closing their browser though as you have no access whatsoever to block any of those actions on the internet.

@Vis3RauthorMar 24.2007 — #As i've said, check out what a web proxy is. I don't trap people there, they use the service because they want to stay anonymous. My site grabs the website they need ... and displays it to them, which means they don't have direct connection with any site outside ours, they can surf the net from our website. And as i can't control which website they're gonna request, i have to edit all the links to point back to my website so they can just press the links and our service requests it for them. They're surfing the website through our service. They can type a different address in the address bar, or just go off our website, nothing is stopping them from doing so, and that's none of my business. But while they use our service, all the content should go through our service.

Now.. this all works already. Except, that i need to somehow modify the urls in javascript to point back to my website (i handle html and css already). One option is to find a documentation of the javascript functions and find those which i need to modify, which would be slow and hard, or use another way that i don't know of and that's why am asking here.

@konithomimoMar 24.2007 — #We are aware of what a proxy server is, it allows for anonymous surfing. The thing that you have to understand is that what proxy servers do is use either their server, or another servers, IP and load the specified page, and then take that data and display it for you. The server thinks that you are not from your computer, because instead of you directly accessing that page the serer you are using acts as the user.

@konithomimoMar 24.2007 — #The only way to do what you want to do is to load the page from your server, acting as the user, grab the source code, write it to a document, thus allowing you to access the links via getElementsByTagName('a') and then change the href to :

href='http://www.domain.com/outlink.php?ur...m/'+href;

Then your server can create a temp file with that name, and then display it for the user.

@Vis3RauthorMar 24.2007 — #I *do* know what a web proxy does. And i did a web proxy script from scratch, which *does* already get the source and convert links to point back to the script for further anonymous surfing. The problem is not in the links, my proxy already fixes the html and css.

The problem is proxifying javascript. (making sure java scripts also point to the proxy script)

@DranowebJan 13.2008 — #A suggestion:

Instead of preventing them altogether, just force it to load any external pages/sites in a new window.

If this is a way to prevent fraud etc, just encourage them to use popup blocking.

This way, everyone wins...

@Killzone_KidJan 13.2008 — #Try this:

[code=php]
 all_a_tags = document.getElementsByTagName('a');
 for (i=0; all_a_tags.length; i++){
 
  // you can detect the outer link your way
  if (!all_a_tags[i].getAttribute('href').match(/http://(www.)*yoursite.com/)){
 
   all_a_tags[i].setAttribute('href', 'http://yoursite.com/yourscript.php?'+all_a_tags[i].getAttribute('href'));
  }
 
 }
 [/code]

it should rewrite all the links that do not lead to your site to your php script. Make it a body onload function for best results.

Edit: the regular expression does not display correctly under [php tags it should read /http://(www.)*yoursite.com/

Also in #JavaScript _↴

javscript programs - conflicting variables/handlers Submit buttons function replies field names as 1 line

Success!

Help @Vis3R spread the word by sharing this article on Twitter...

Tweet This

Protect the user from leaving the domain

11 Comments(s) _↴

Also in #JavaScript _↴

Success!

Social

Version

Protect the user from leaving the domain

11 Comments(s) ↴

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

11 Comments(s) _↴

Also in #JavaScript _↴