Hide Referrer Page from JavaScript

I'm using JavaScript to open a new browser window.  The code is as follows:

<html>
<SCRIPT>
function openwindow(open){
window.open(open,"Popup","toolbar=0, location=0, directories=0, status=0, menubar=0, scrollbars=1, resizable=1, width=600, height=400, top=0, left=0")
}
</SCRIPT>
</head>
<A HREF="javascript:openwindow('http://')">test</A>
</html>

I want the referrer to be blank, as if the URL was manually typed into the browser.  Is there any way to do this?  It actually seems to work already in IE but Netscape and others pass the initial URL along to JavaScript.
rl9022Asked:
Who is Participating?
 
labcoatConnect With a Mentor Commented:
rl9022,

Sorry, I thought that you controlled (were loading an internal URL) the window that you were popping up.

There is no way of "clearing" the referrer using JavaScript for security reasons (and no, I am not implying that there is a way to do it using Java, because I do not think that there is even a way with Universal Browser Privileges).

After extensive testing, I do not believe that there is any work around when it comes to opening a window with an external URL and then cleaing its' referrer.

-------------

coreyit,

Cool, no apology required. I took no offense :-)

--labcoat
0
 
Y_eeCommented:
Well I don't know if I got your question right but if you are tring to open a blank page this is how you do

window.open('','myWin','toolbar=0, location=0, directories=0, status=0, menubar=0, scrollbars=1, resizable=1,
width=600, height=400, top=0, left=0')

ciao
Y
0
 
rl9022Author Commented:
I am sorry if I was unclear.  I'm actually trying to open a specific webpage in a new browser using javascript without giving the target a referring page.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
nilapennCommented:
still not clear
0
 
coreyitCommented:
Well, you're right. Netscape does carry it over and IE does not. The problem is, you have no way (for security reasons) of modifying the user's history. You can cycle through it, but cannot modify it in any way.

-corey
0
 
rl9022Author Commented:
what do you mean by cycle through it?
0
 
nimaigCommented:
If you want to open a blank window, u can try this.
<html>
<SCRIPT>
function openwindow(){
     window.open("about:blank","Popup","toolbar=0, location=0, directories=0, status=0, menubar=0, scrollbars=1, resizable=1, width=600, height=400, top=0, left=0")
}
</SCRIPT>
</head>
<A HREF="javascript:openwindow()">test</A>
</html>
0
 
coreyitCommented:
Hey Y_ee and nimaiq, the question:

"I want the **referrer** to be blank, as if the URL was manually typed into the browser"

and

"I'm actually trying to open a **specific** webpage in a new browser using javascript without giving the target a referring page"

is not about how to open a window with javascript (rl9022 already had that down).


rl9022, your window opening script works fine (although I'd recommend changing the variable name from "open", a reserved word, to something else (ie. "myURL").

What I mean by "cycle through it" is that you can use javascript to redirect a page to another page already in the browser's history (eg. <a href="javascript: history.go(-1)">back</a> will go back one step in the history). So, you can "cycle" the browser forward and back through it's history, but you cannot modify the history by trying something like javascript: history.length=0 (history is read-only).
-corey
0
 
labcoatCommented:
You can modify the history of the web browser by doing document.location.replace, and if you get a little creative with that, you will find your answer.

Try the following code at within the head of your popup window. This will not clear out the document.referrer (which is a read-only property), but at least it will not contain the URL the opened the window.

<!-- CODE --

<html>
<head>
    <title>popup referrer test</title>
    <script language="JavaScript">
    var bLoaded=false, oLoc=document.location;
    if (oLoc.search && /loaded=true/.test(oLoc.search)) bLoaded=true;
    if (document.referrer && !bLoaded) location.replace(location.href+'?loaded=true');
    else onload=function() { alert(document.referrer) };
    </script>
</head>
<body>

</body>
</html>

-- END CODE -->

Does this help?
0
 
rl9022Author Commented:
When a webpage is requested the server receiving the request has some specific information sent to it.  One item that is sent is called HTTP_Referer.  HTTP_Referer tells the server what page on the internet (if any) linked to it.  So if I created a link from this page to lets say www.yahoo.com, if someone clicked that link, yahoo's server would know from the HTTP_Referer that the request came from this page at exeperts-exchange.

What I'm looking to do is open a new browser and request a page http://www.whatever.com/ but have the HTTP_Referer remain blank (as if the web user typed it into a browser window manually).

Please note - I am not, I repeat NOT, looking to just open a blank window.
0
 
coreyitCommented:
Hi labcoat,

welcome to ee,
you may want to check out this link regarding posting practices:

http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp

also, you should try your proposal in netscape, doesn't work.

-corey
0
 
rl9022Author Commented:
When a webpage is requested the server receiving the request has some specific information sent to it.  One item that is sent is called HTTP_Referer.  HTTP_Referer tells the server what page on the internet (if any) linked to it.  So if I created a link from this page to lets say www.yahoo.com, if someone clicked that link, yahoo's server would know from the HTTP_Referer that the request came from this page at exeperts-exchange.

What I'm looking to do is open a new browser and request a page http://www.whatever.com/ but have the HTTP_Referer remain blank (as if the web user typed it into a browser window manually).

Please note - I am not, I repeat NOT, looking to just open a blank window.
0
 
rl9022Author Commented:
Sorry about the double post.  I refreshed my browser and it posted again.

Anyway, I'm a little confused with the somewhat conflicting info from labcoat and coreyit.  Corey said "but you cannot modify the history" and Labcoat said "You can modify the history of the web browser by doing document.location.replace".

Since I'm a real amateur with javascript and it's history, I'm not sure where to go from here.

Labcoat, I'm not sure if your source code is intended to be used in the my webpage or not.  The window that opens is not under my control.  I'm gonna see what I can do with it.

Coreyit, is the first element in the history blank?  I know that whenever I open a browser and just type in the URL I want it works in Netscape, IE, Opera, etc.  Is it possible to get back to the very beginning with no referrer?
0
 
coreyitCommented:
Yes, I see what your shooting for. I'm trying to find some definitive documentation on the issue, to no avail so far. My feeling is that IE and Netscape just handle the document.referrer object in different ways for newly spawned windows. Sorry, I was off a bit with the javascript history, thought they might be related.

still looking,
-corey
0
 
coreyitCommented:
Yes, I see what your shooting for. I'm trying to find some definitive documentation on the issue, to no avail so far. My feeling is that IE and Netscape just handle the document.referrer object in different ways for newly spawned windows. Sorry, I was off a bit with the javascript history, thought they might be related.

still looking,
-corey
0
 
coreyitCommented:
Also, you might want to open this question back up (unless you decide that labcoat's proposal is suitable) so that the community will still join in.

Ah! I double posted too!

:p

-corey
0
 
rl9022Author Commented:
If I understand this code correctly it assumes that I control the server getting the request.  That is not the case.
0
 
coreyitCommented:
Hmmm... actually labcoat's code works by (basically) parsing the query portion of the page's current URL (so, on your site) to see if it contains the text "loaded=true". If it does, *and* the document has a referrer (which Netscape does have for this popup), it redirects the browser to the same page, but appends "?loaded=true" to the URL (so that it doesn't happen again).

This doesn't get rid of the Netscape referrer property, but now the referrer is the same page that you're on (shown by the alert).

I don't believe you'll find anyway to clear the document.referrer setting in Netscape. However, if you can do with it being something other than an external site, labcoat has provided you a means for that.

If you can provide us with some more context as to why you don't want there to be a set referrer, perhaps we can offer some other work-arounds.


I should also offer an apology to labcoat regarding my "doesn't work" statement. I suppose it depends on what you're trying to do. I certainly don't mean to discourage anyone.

-corey
0
 
rl9022Author Commented:
Well what I'm actually doing is using free webspace on the net to hold larger my websites larger files.  When using a just opened browser, the URL of these files can be typed in and downloaded, but these files can only be linked to by pages within the freehosts domain (outside of IE which doesn't send the referrer).  My other option besides javascript seems to be perl.  I posted the question there but have received no real response.  In perl, I can do a redirect with Location: http://www.whatever.com, but it doesn't make the referrer blank it just goes back to the page that referred the visitor to me which doesn't help.  The referrer has to be either blank or from there domain.
0
 
rl9022Author Commented:
I now it sounds bad to hotlink, but I want to provide my visitors with larger files, but can't afford the bandwidth.  I assure you the freehost I'm using isn't strapped for cash.
0
 
Asta CuCommented:
Please update the expert here who have so willingly stepped in to help you, since much time has passed since your last comments, and Email notifications may not have been generated to the participating experts here due to some problems at that time.  If you've been helped, accept the respective question by that expert to grade and close it.

Somewhat off-topic, but important.

****************************** ALERT********************************
WindowsUpdate - Critical Update alert March 28, 2002 from Microsoft
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-015.asp
Synopsis:
Microsoft Security Bulletin MS02-015  
28 March 2002 Cumulative Patch for Internet Explorer
Originally posted: March 28, 2002
Summary
Who should read this bulletin: Customers using Microsoft® Internet Explorer
Impact of vulnerability: Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.
Maximum Severity Rating: Critical
Recommendation: Consumers using the affected version of IE should install the patch immediately.
Affected Software:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0

Thought you'd appreciate knowing this.
":0)
Asta
0
 
rl9022Author Commented:
Sorry I've been away from EE for a while.  I noticed I never gave you credit for the help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.