MegaZone (zonereyrie) wrote,
MegaZone
zonereyrie

  • Mood:
  • Music:

Looking for a little JavaScript advice

OK. So our payment system uses a desktop wallet for the consumer, which sits and listens on port 8129. The problem there is that when the payment form posts to localhost;8129 and the wallet isn't running, you just get a browser timeout and nothing helpful.

So I'm trying to find a way to detect the wallet from the HTML document before posting - which seems to mean ECMAScript/JavaScript. After bashing on this all night I've found one method that appears to work in Mozilla, and another that works in IE - as long as the security level hasn't been cranked up. What makes this non-trivial is the security domains. Since the page will come from some merchant's server, it is in a different domain than localhost. And, to prevent hacking, browsers generally don't allow scripts from one domain to poke at another domain. Yes, I know about signed scripts - but since this will be served by any number of merchants, asking all of them to go through signing isn't really viable. And Mozilla makes you sign everything - the script, the page that loads it, etc.

Now, going forward we have an idea for a 'fix'. We can have the Wallet serve an image on request. Then you can load the image in the HTML document - and use the onerror handler to trip if the image fails to load. That's fairly trivial - but I was kind of hoping I might find something at least fairly useful to cover things until that goes through engineering, and for ongoing legacy users who won't have upgraded yet.


<html>
<head><title>Merged Test</title>
<body>
<p>This is a test.</p>
<iframe src="http://127.0.0.1:8129/wallet" width="0" height="0"
border="0" style="visibility: hidden;" id="testframe"
name="testframe"></iframe>
<script type="text/javascript">
function testWallet() {
var test;
var xmlhttp;
/*@cc_on @*/
/*@if (@_jscript_version >= 5)
try {
xmlhttp=new ActiveXObject("Msxml2.XMLHTTP")
} catch (e) {
try {
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP")
} catch (E) {
xmlhttp=false
}
}
@else {
xmlhttp=false
}
@end @*/
if (xmlhttp) {
try {
xmlhttp.open("GET", "http://127.0.0.1:8129/wallet", true);
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4) {
if (xmlhttp.responseText == "") {
alert("Your wallet is not running!");
}
}
}
xmlhttp.send(null);
} catch (e) {
}
}
else {
try {
IFrame = document.getElementById('testframe');
if (IFrame.contentDocument) { // Moz/Gecko
test = IFrame.contentDocument.domain;
} else {
test = "Unknown";
}
if (test == null) {
alert("Your wallet is not running!");
}
}
catch(e) {
}
}
}
setTimeout("testWallet();",500);
</script>
</body>
</html>


I know it isn't very pretty - I've been hacking on this as I go just to try things. You can hit it here. If anyone has some spare clue to throw my way, I'd appreciate it. And if you want to test it with a wallet, you can download a demo one here. (Windows only.) Or if you want, go for it and grab a real one.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 2 comments