Latest Posts

combining jQuery and onRequestEnd to change client code

Posted on March 13, 2009, under ColdFusion | 7527 Views

Open source saves lives, closed source is evil. We have all encountered encrypted or pre-compiled Java bytecode cfm/cfc files. Seldom times the original developers have left us options to change links, rename fields, change form action pages, add form fields, and even hide sections of the pages. What if you could (or had to) leave the original code in place and still make the changes on the client side of the code? What if I told you it was FREE?

Using jQuery and onRequestEnd (in Application.cfc or OnRequestEnd.cfm) we can totally transform the client side of the code giving you complete control to make the necessary changes.

WARNING If you are redirecting critical pages, be aware that users with javascript disabled will not see any of these client-side changes. In the cases where I've used this, I made sure that the original pages still functioned. Just keep that in mind.

Getting Started Run to http://www.jquery.com and download the latest copy Create an empty file called OnRequestEnd.cfm or use the existing file if it already is present. Using onRequestEnd in Application.cfc could also give you the same result.

Add the following code to OnRequestEnd.cfm

<script type="text/javascript" src="jquery.js"></script>

Save the file and browse to the page. If you view page source for the page, you should see your jQuery script call at the bottom of the page. Back to our encrypted page which is called secret.cfm. Say the page contains the following simple form and a couple of page links like this:

<form action="secret_encrypted_action.cfm" method="post">

Zip code to attack: <input type="text" name="zip"><br>

<input type="submit" value="Launch Nukes">
</form>

<BR><BR>  <Br><bR>

<a Href="secret1.cfm">Missile??Inventory??</A><br>
<a href="secret2.cfm">Sell Arms</A>

<BR>

Since we know the original developer didn't use selector IDs, we can use the power of jQuery to change the elements for us.

Add the following code to your OnRequestEnd the reload the page.

<script>
$("a[href='secret1.cfm']").attr('href', 'http://www.greenpeace.org');
$("a[href='secret2.cfm']").attr('href', 'http://www.ebay.org');
$("form[action='secret_encrypted_action.cfm']").attr('action', 'unsecret.cfm');
</script>

Walking through the code - find all links with url of secret1.cfm and change them to www.greenpeace.org, find all links with url of secret2.cfm and redirect them to www.ebay.com, and redirect any forms with action page of secret_encrypted_action.cfm to unsecret.cfm.

That is it - we have changed the client side code of encrypted pages. We took back control of the application. Write less, do more indeed.

Recommended Reading: http://simonwillison.net/2007/Aug/15/jquery/
http://docs.jquery.com/How_jQuery_Works