I have a private system that requires a user to login. It links to a separate webmail login page that requires users to en开发者_JAVA技巧ter the same credentials twice. I can pre-fill these fields in with html parameters, but I can't seem to find a way to auto-submit. Is it possible? How?
A lo-tech solution would be to have a javascript fire on page load, which checks for a hidden form field, and based on the value, submits the form using document.forms['<form name>'].submit().
You can use the submit method of forms, with Javascript.
Just assign an id to your form:
<form id="form_id">
then find it in Javascript and run the submit method
var form = document.getElementById('form_id');
form.submit();
It's not a good practice but you could use it with window.onload:
window.onload = function() {
var form = document.getElementById('form_id');
form.submit();
}
You can exploit CSRF to log users in, if the webmail isn't protected against CSRF attacks (yes, attack, as automatically submitting forms on 3rd party site is a risk).
<form action="https://*address of the webmail login page*" target="_blank">
<input type=hidden
name="*find what field names are used for login/pass*"
value="username, etc">
</form>
<script>document.forms[document.forms.length-1].submit()</script>
精彩评论