Search code examples
javascripthttp-redirectlocation-hrefwindow.parent

Legacy code: window.parent.location.href="https:/home"


I have inherited some code from our former developer and I found this piece of code.

<?php
   if($this->loginAction->isAuthenticated()){
?>
   <script type="text/javascript">
      window.parent.location.href="https:/home";
   </script>
<?php
}
?>

I have been looking on it for a while and I have no idea why he put there the shortcut for the URL. I think that the URL should be https://mysite.com/home. I basically don't know what does this code do.

Edit: I know that this code is redirection if user is authenticated, but I don't know what the strange URL(https:/home) is doing there. This code is working.

Thank you for any help.

Edit2: According to my colleague, this is one of the JS secrets:) Going to test it. This two lines of code should have equal functionality:

window.parent.location.href="https:/home";
window.parent.location.href="https://www.my-testing.com/home";

Solution

  • This is the URI and it is valid according to the spec here: https://www.ietf.org/rfc/rfc2396.txt in section 3 as quoted here: ( the bold and highlights are mine) This says that the scheme https followed by the separator colon : then the rest is optional. Thus the single forward slash is likely interpreted as the root or "full" URI of "https://home" or simply the "/home" of the current provider. Likely this then looks like "https://www.example.com/home" if your site is www.example.com (it isn't but that one is in the specifications as a reserved name as well) which is the DNS address of your site. Note that if the scheme were missing as "//www.ourbug.net" then that would be translated into the current scheme in use (http or https for most resources)

    Quote from the reference:

    3. URI Syntactic Components

    The URI syntax is dependent upon the scheme. In general, absolute URI are written as follows:

      <scheme>:<scheme-specific-part>
    

    An absolute URI contains the name of the scheme being used () followed by a colon (":") and then a string (the ) whose interpretation depends on the scheme.

    The URI syntax does not require that the scheme-specific-part have any general structure or set of semantics which is common among all URI. However, a subset of URI do share a common syntax for representing hierarchical relationships within the namespace. This "generic URI" syntax consists of a sequence of four main components:

      <scheme>://<authority><path>?<query>
    

    each of which, except , may be absent from a particular URI. For example, some URI schemes do not allow an component, and others do not use a component.

      absoluteURI   = scheme ":" ( hier_part | opaque_part )
    

    URI that are hierarchical in nature use the slash "/" character for separating hierarchical components. For some file systems, a "/" character (used to denote the hierarchical structure of a URI) is the delimiter used to construct a file name hierarchy, and thus the URI path will look similar to a file pathname. This does NOT imply that the resource is a file or that the URI maps to an actual filesystem pathname.

      hier_part     = ( net_path | abs_path ) [ "?" query ]
    
      net_path      = "//" authority [ abs_path ]
    
      abs_path      = "/"  path_segments"