Solved

Can you Save a doc loaded in an iframe?

Posted on 2003-11-22
10
692 Views
Last Modified: 2012-06-27
I have a document (xls or ppt) loaded in an iframe.  Can I have a button outside of the iframe allow the user to Save that document?
0
Comment
Question by:econy1
  • 6
  • 3
10 Comments
 
LVL 15

Expert Comment

by:JakobA
ID: 9805085
lets rephrase the question:
    Can I use some javascript code to save a virusfile on the clients PC when he visit my website.
Right. that MUST NOT be possible.

And so, eventhough you are a nice guy and just want to save a harmless file, that action has to be illegal. It must be the users decision if he want to save your file on his PC.

so make a link pointing to your file
   <a href="http://yourplace.com/yourfile.doc">my essay on breeding spotted garter snakes</a>
and tell the user how he can dovnload it if he wants. (right click and save target as)

regards JakobA
0
 
LVL 11

Expert Comment

by:Zontar
ID: 9805092
<a href="myfile.ppt" title="Right-click or control-click to save this file">Powerpoint File</a>

That's the simplest way. Doesn't depend on any scripting tricks or anything.
0
 

Author Comment

by:econy1
ID: 9805107
jakoba - you have no right making aligations like that.  you are absolutely incorrect in your assumption.  my project is an intranet site where the published content consists of pdf/xls/ppt documents.  when the pdf loads in the iframe, the acrobat toolbar is available which offers the Save option, Print option, etc.  however, with the other file types - xls/ppt - no toolbar loads.  i want to provide a simple way for the user to save that file.  I'M LOOKING FOR A SAVE AS DIALOG.  for users who have not set their browsers to automatically load these filetypes, they will be given the dialog allowing them to choose Save.  But other users will simply see the file open up in a new browser window.  i would appreciate any constructive feedback.
0
 
LVL 15

Expert Comment

by:JakobA
ID: 9805121
I made neither assumptions or allegations.
Please read and understand before flaming like that.
0
 
LVL 11

Expert Comment

by:Zontar
ID: 9805130
First of all, don't jump down JA's throat... if you actually read his post, you'll see he wasn't accusing YOU of anything, he was pointing out that being able to force downloads via JavaScript would be a major security problem.

Now... What is your server running? PHP? ASP? Python Server Pages? And what kind of server? IIS Apache?

This is because if you want to prompt with a "Save As..." dialogue, you must present the file to the user's Web browser as content-type application/octet-stream. You can't do this with JavaScript alone (see above), because content types are determined by the Web server, and by the Web server only.

Using JavaScript + PHP, this is how I'd do that:

1. Your iframe & button:
<iframe id="myIFrame" src="myfile.ppt">
<input type="button" value="Download The File" onclick="doDownload();">
<script type="text/javascript">
  function doDownload()
  {
    var file = document.getElementById("myIFrame").src;
    self.location.href = "download.php?file=" + file;
  }
</script>

2. PHP file (download.php):
<?php
  $file = $_GET["file"];
  $data = file( realpath($file) );

  header("Content-Type: application/octet-stream");
  header("Content-Disposition: attachment; filename=$file");
  print($data);
?>

JS + ASP version...
1. iframe/button code:

<iframe id="myIFrame" src="myfile.ppt">
<input type="button" value="Download The File" onclick="doDownload();">
<script type="text/javascript">
  function doDownload()
  {
    var file = document.getElementById("myIFrame").src;
    self.location.href = "download.asp?file=" + file;
  }
</script>

2. ASP page (download.asp)

<%@LANGUAGE="VBSCRIPT"%>
<%
FileName = Request.QueryString("file");
FilePath = Server.MapPath(FileName)

Response.ContentType = "application/octet-stream"
Response.AddHeader "content-disposition","attachment; filename=" & FileName

Set Stream = Server.CreateObject("ADODB.Stream")
Stream.Open()
Stream.Type = 1
Stream.LoadFromFile(filePath)
Response.BinaryWrite Stream.Read()
Stream.Close
SET adoStream = Nothing
Response.End
%>
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 11

Accepted Solution

by:
Zontar earned 50 total points
ID: 9805137
Whoops, let me try that ASP file again... I usually do my ASP coding in JScript... anyway...

<%@LANGUAGE="VBSCRIPT"%>
<%
FileName = Request.QueryString("file");
FilePath = Server.MapPath(FileName)

Response.ContentType = "application/octet-stream"
Response.AddHeader "content-disposition","attachment; filename=" & FileName

Set Stream = Server.CreateObject("ADODB.Stream")
Stream.Open()
Stream.Type = 1
Stream.LoadFromFile(FilePath)
Response.BinaryWrite Stream.Read()
Stream.Close
Set Stream = Nothing
Response.End
%>
0
 
LVL 11

Expert Comment

by:Zontar
ID: 9805141
Oh bugger -- One... More... Time...

<%@LANGUAGE="VBSCRIPT"%>
<%
FileName = Request.QueryString("file")
FilePath = Server.MapPath(FileName)

Response.ContentType = "application/octet-stream"
Response.AddHeader "content-disposition","attachment; filename=" & FileName

Set Stream = Server.CreateObject("ADODB.Stream")
Stream.Open()
Stream.Type = 1
Stream.LoadFromFile(FilePath)
Response.BinaryWrite Stream.Read()
Stream.Close
Set Stream = Nothing
Response.End
%>

(I really wish we could edit posts here, I hate having to repeat myself if I make a typo the first time round...)
0
 
LVL 15

Expert Comment

by:JakobA
ID: 9805145
Only now those files will never open in the browser, not even for those users who have set their browser to automatically load those filetypes.
0
 
LVL 11

Expert Comment

by:Zontar
ID: 9805231
The original request was for a *download* link, not an "open" link, mate. :^)
0
 
LVL 11

Expert Comment

by:Zontar
ID: 9805233
Actually, I meant to say, "a *download* button, not an "open" button" but you get the idea, hopefully <G>
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Angular - data is there but why isn't search working? 51 56
Disabled form text field 2 22
How can I   ajax html table  rows? 20 60
alert before form submission 6 27
This article shows how to create and access 2-dimensional arrays in JavaScript.  It includes a tutorial in case you are just trying to "get your head wrapped around" the concept and we'll also look at some useful tips for more advanced programmers. …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now