Coding a command

Marc1Marc

Hi guys,

Please excuse my ignorance as I am a newbie at this.

I would like to know how to code a button that does the following:

Navigates to for example: www.xyz.com and then once there clicks on a link on that page, for example www.abc.com

Thanks, if anyone can give me some sort of guidance.

sneakyimp

I think this is an example of what we call Cross-Site Scripting (XSS) and suspect that you might be trying to do something that's not especially kosher. I'm almost certain that any reasonably secure browser will not permit this because it might allow a malicious coder to exploit other sites.

Marc1Marc

Well your thought is wrong!! Clearly you don't know

laserlight

Marc1Marc wrote:
Well your thought is wrong!! Clearly you don't know

Considering that you preemptively asked to be excused for your "ignorance", being "a newbie at this", you should not be dismissing people so quickly and easily.

Indeed, at first glance it does sound like you have XSS in mind. Looking at the details, perhaps we could give you the benefit of the doubt:

What you can do is to access the www.xyz.com out of band, e.g., using [man]curl[/man], then from there extract the URL for www.abc.com upon which you can call [man]header[/man] to send a location header to the user directing the user to www.abc.com. However, notice that the user never actually visits www.xyz.com, so if you depend on www.xyz.com reacting to the user in some user specific way, e.g., because the user is logged in there, then sorry, that would be XSS.

sneakyimp

Furthermore, using a web server to access someone else's website (e.g., with curl) and then parsing the output of that site with the intention to automate some operation is sometimes colloquially referred to as 'using a bot' and may violate the terms of service of the other person's site. This can be not just a civil offense but a criminal one, depending on the nature of the operation you are trying to perform.

As for it being a security risk, let me give you an example. Suppose I could direct you to this url and automatically click the "one-click purchase" button for this item?
http://www.amazon.com/Saint-Gaudens-Ultra-Relief-Pattern/dp/B00KGK1HEM

Surely you can see that this presents a security risk.