determining inheritance of pop-up windows

Sometimes it is desirable to open up a window that has no menu, toolbars, status bar etc.
This might be if you wish to do a secure socket layer transaction and you wish to disguise the location of the secure socket layer.
While creating these pop-up windows is fairly straight forward, ensuring that the pop-up has been opened from your intended launch page with the properties you have determined is not so straight forward.
For example it is possible for someone to take a copy of your launch page, modify the properties of the popup window so that all the browser window elemnents you have chosen to hide are visible.
What we present here is a method for ensuring that the pop-up window has been launched from the correct parent page, with the desired attributes.

prerequisites

Javascript version 1.5
While making pop-up windows has been possible from the earliest versions of Javascript, the error handling we use to ensure the target page deals with all circumstances in a tidy fashion will only work with Javascript version 1.5. This means that only version 5 browsers and above will be able to use the script as presented here.
As you are using

demonstration

If you click on it it will open a page in a pop-up window. If you launch it from this page it will just contain a close window button.
If you copied this page onto your hard disk (File, Save As...) and then opened the pop-up you will see a message indicating that you have not opened it from the correct location.

the script

<SCRIPT LANGUAGE="Javascript">
<!--HIDE
try {
	if (opener.location.href == "http://www.rylands-internet-solutions.co.uk/javascript/popupinheritance.php"){
		document.writeln('This pop-up window has been opened from the correct location<BR>'); 
		document.writeln('<form>'); 
		document.writeln('<input type="button" name="close_window", value=" c l o s e  w i n d o w "'); 
		document.writeln('onclick="self.close()">'); 
		document.writeln('</form>'); 
	}
	if (opener.location.href != "http://www.rylands-internet-solutions.co.uk/javascript/popupinheritance.php"){
	{
		document.writeln('This pop-up window has not been opened from the correct location<BR>'); 
		document.writeln('<form>'); 
		document.writeln('<input type="button" name="close_window", value=" c l o s e  w i n d o w "'); 
		document.writeln('onclick="self.close()">'); 
		document.writeln('</form>'); 
	}
}
catch(err)
{
if ((err.number & 0xFFFF).toString(16) == "138f"){
	document.writeln('<form>'); 
	document.writeln('<input type="button" name="open_remote_window", value=" o p e n  i n  pop- u p  w i n d o w "'); 
	document.writeln('onclick="open_remote()">'); 
	document.writeln('</form>'); 
	document.write((err.number & 0xFFFF).toString(16));
}
else
{
	document.writeln('This pop-up window has not been opened from the correct location<BR>'); 
	document.writeln('<form>'); 
	document.writeln('<input type="button" name="close_window", value=" c l o s e  w i n d o w "'); 
	document.writeln('onclick="self.close()">'); 
	document.writeln('</form>'); 
}
}
// STOP HIDING-->
</SCRIPT>

description

The heart of the script is the line:

  if (opener.location.href== "http://www.rylands-internet-solutions.co.uk/javascript/popupinheritance.php")

This both detects whether the page has been opened from another page, and whether the opening page is this page.
Because opener.location.href has no value when this page is first opened in a browser error handling is used. The try {} catch(err) {} mechanism is used to catch any errors. If this error handling is invoked then it means that the page is not in a pop-up window so Javascript is used to write the launch button to the window.
If the browser Javascript is of an earlier version then it can not process the try..catch system, and subsequently no launch button is written to the browser.
When the page is in a pop-up window launched from this page the condition:

  if (opener.location.href== "http://www.rylands-internet-solutions.co.uk/javascript/popupinheritance.php")

is satisfied and a close button is written to the screen, other wise a link to this page is displayed.

deployment

In a real life situation you might have a launch page on a normal server and the pop-up login page in a secure socket layer.
Using this script you would replace the close window button in the pop-up window with username/password entry fields IF the opener.location.href test is passed succesfuly.
Having Javascript write the launch button to the browser would also ensure that the browser is of the right version with Javascript enabled, so ensuring that the target file can be processed.

The scenario that lead to the development of this script is one where information is accessed in the secure socket layer in a browser window with no toolbar, menu bar etc. The Alt, Ctrl and Shift buttons were disabled as well as the right mouse button to stop browsers from printing or saving pages.
Using this script we were able to ensure that only our launch page was used to access the site. While it is easy to stipulate browser usage in the context of a corporate information system for which this was developed, it is unlikely that this approach would be appreciated in the wider context of the internet given the wide variety of browsers and versions used.

feedback

This script works in the context for which it was designed, however there may be ways in which it can be improved upon so that it is more widely applicable. In particular there may be ways in which the error trapping could be handled to make it usable by browsers with older verions of Javascript.
If you have any suggestions on enhancements then we would be happy to include them here. Your contribution would be acknowledged.

this script is free for use...

... however we would appreciate it if you gave some acknowledgement of where you got it from.
It would also be nice if you let us know you were using it so that we could let you know of any enhancements that come to light.
contact us at: support@rylands-internet-solutions.co.uk