5.6 Configuring a Form Fill Policy for Forms With Scripts

The Form Fill policy created for the Linux Access Gateway works well with forms that contain a Submit button whose onclick action submits the form data to the Web server without executing any JavaScript or VBScript. However, when HTML forms contain complicated JavaScript or VBScript, Form Fill for that form fails.

For example, single sign-on by using the Form Fill policy to fill and autosubmit a form fails if the Submit button or the login button requires execution of a JavaScript function before submitting the form data to the Web server.

The following sections explain why Form Fill fails with the Form Fill policy when the HTML form contains complicated JavaScript. This section also describes the procedure to configure a Form Fill policy for such forms.

5.6.1 Why Does Form Fill Fail with the Default Policy?

The following section explains the process that takes place when a client requests a form that is configured with the Form Fill policy as described in Section 5.0, Creating Form Fill Policies.

Figure 5-3 Sample Login Form with JavaScript

When the Linux Access Gateway is configured with the default Form Fill policy, it adds the following function to the Login page received from the Web server. The bold text indicates where JavaScript is called.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--Generated by Apache Software Foundation (Xalan XSLTC)-->
<html class="detail/detail">

<head>
     <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
          <script type="text/JavaScript">
             /*SET up global vars*/
            //all the variable declaration
         
          <script type="text/JavaScript">
             function dvdRegisterSelect() {
                    }
          </script>

     <title>Login Page</title>

</head>

<body id="tpz_body" style="width:99%; "onload="tpzOnLoad('login.prompt.g'); window.status='login.prompt.g'; ContextMenu.setup({'showForms':true}); ContextMenu.attach('detail/detail', 'cwc_optionsMenu_detail')" onfocus="window.status='login.prompt.g'" >

       <script type="text/JavaScript">
          var arReenable = new Array();
          function enableAll() {return reenableControls(arReenable);}
       </script>

      <script type="text/JavaScript">
         //all the variable declaration
         function verify( f, bSubmitToSelf ){ return verifyFields                                (bSubmitToSelf,"\n");}
     </script>

   <div>
      <a title="Login" class="tabSelected">Login</a>
   </div> 
      <form name="topaz" id="topaz" method="post" action="detail.do"                                                                                                                                                onsubmit="enableAll();return verify(this,true);">
<input type="hidden" name="focus" id="focus" value="var/user.id">
<input type="hidden" name="focusContents" id="focusContents" VALUE="testuser1" >
<input type="hidden" name="focusId" id="focusId" VALUE="X2" >
<input type="hidden" name="formname" id="formname" VALUE="login.prompt.g">
<input type="hidden" id="clientWidth" name="clientWidth" VALUE="1473" >

     <script type="text/javascript">
        function printThisView(){tpzPrintDetail();}
     </script>

<input type="text" id="X2" name="var/user.id" dvdVar="" onclick="handleOnClick(this,event);"  VALUE="testuser1" scripttype="text">
<input type="password" id="X5" name="var/old.password" dvdVar="" onclick="handleOnClick(this,
event);" " VALUE="novell081" >

<input type="button" name="0" id="X8" ButtonID="0" title="Login Page" value="Login" onclick="tpzDrillTable('', 'Login', '0','listdetail')" >
<input type="button" name="3" id="X9" ButtonID="3" title="Exit Login Page" value="Cancel" onclick="tpzDrillTable('', 'Cancel', '3','listdetail')" >
</form>

       <script language="JavaScript">
          <!--
             function LAGSubmitForm()
                  {
            document.forms[0].submit();
                  }
            LAGSubmitForm();
          //-->
       </script>
</body>
</html>

In the above code, the LAGSubmitForm() function calls the default submit action of the form, which uses a POST request to send the data to the Web server. But the submit action for the sample login form requires a JavaScript function to be executed. This function in turn submits the form data to the Web server. However, because the JavaScript is not executed by the default Form Fill policy, posting of the form data fails:

row=&__x=&thread=0&event=0&transaction=0&type=detail&focus=var%2Fuser.id&focusContents=testuser1&focusId=X2&focusReadOnly=&start=&count=&more=&tablename=&window=&close=&_blankFields=&_uncheckedBoxes=&formchanged=&formname=login.prompt.g&_multiSelection=&_multiSelection_tableId=&clientWidth=1473&var%2Fuser.id=testuser1&var%2Fold.password=novell081&var%2FL.language=en&0=Login&3=Cancel

Meanwhile, the browser expects to receive the following POST request and does not autosubmit the form:

row=&__x=&thread=0&event=0&transaction=0&type=detail&focus=var%2Fuser.id&focusContents=testuser1&focusId=X2&focusReadOnly=null&start=&count=&more=&tablename=&window=&close=&_blankFields=&_uncheckedBoxes=&formchanged=&formname=login.prompt.g&_multiSelection=&_multiSelection_tableId=&clientWidth=1217&var%2Fuser.id=testuser1&var%2Fold.password=novell081&var%2FL.language=en

Note the difference in POST requests sent to the browser. The first POST request has &0=Login&3=Cancel appended, which causes the login to fail.

In order for the browser to send the proper POST data, the Linux Access Gateway must add the following JavaScript statement to the Statements to execute section.

tpzDrillTable('','Login','0','listdetail');

5.6.2 Understanding How a Form Is Submitted

For the Access Gateway Appliance, you can configure the Form Fill policy to submit the form in the following ways:

  • Manual Submit: When a form is configured for manual submission, all the fields configured in the Form Fill policy are automatically filled by the Linux Access Gateway for the user. The user must then manually click the Submit button in the form to submit the form to the Web server protected by Linux Access Gateway.

  • Autosubmit: When Autosubmit is configured, the actual form is processed in such a way that all additional scripts not required to submit the form data to the Web server are removed. A temporary form is created on runtime with necessary form data in hidden format and with an additional LAGSubmitForm() function as follows:

    function LAGSubmitForm()
    {
    executeJavaScript();
    }
    LAGSubmitForm();
    

    In this example, executeJavaScript() is the function that executes the JavaScript or the VBScript statements configured in the Statements to execute section. If statements to be executed are present, you can also find the function definition for executeJavaScript() as follows:

    executeJavaScript()
    {
    document.forms[0].submit();
    }
    

    In this example, form[0] is the single form in the HTML page and submit is the default action associated with the submit or login button of the form that automatically submits the form to the Web server. This approach works for forms where the default action of the Submit button is to submit a POST request for the form data.

  • Autosubmit with Masking: When Autosubmit with masking is enabled for a form, the form data is submitted automatically to the Web server, but the data sent to the Web browser over the network is masked for additional security.

  • Submitting with the help of touch files: If your form requires the execution of JavaScript when the form is submitted, you cannot use the Autosubmit options.This also means that single sign-on is disabled.

    To create a policy that allows autosubmitting for this type of form, you need to create the policy as described in Section 5.6.3, Creating a Form Fill Policy for Autosubmission and create two touch files as described in Section 5.6.4, Creating Touch Files for Autosubmission.

5.6.3 Creating a Form Fill Policy for Autosubmission

  1. In the Administration Console, click Policies > Policies.

  2. Select the policy container, then click New.

  3. Specify a display name for the policy and select Access Gateway: Form Fill for its type.

  4. (Optional) Specify a description for the Form Fill policy.

  5. In the Actions section, click New, then select Form Fill.

  6. In the Form Selection section, select Form Name and specify topaz in the text box.

  7. In the Fill Options section, specify all the input fields and select the options that you want.

  8. In the Submit Options section, select Auto submit.

  9. Select Enable JavaScript Handling.

  10. Select Functions to Keep, then specify the JavaScript functions that need to be retained when the form is being automatically submitted. For the example form, specify the following functions:

    function dvdRegisterSelect()
    function enableAll()
    function verify(f, bSubmitToSelf)
    function printThisView()
    function tpzDrillTable(a,b,c,d)()
    
  11. Click OK.

  12. Select Statements to Execute and specify the form action that needs to be performed when the form is submitted. For the sample form, specify the following statement:

    function executeJavaScript()
    {
        tpzDrillTable('','Login','0','listdetail');
    }
    executeJavaScript();
    

    You must perform this step in order to execute the functions configured in the Functions to keep section because the Linux Access Gateway does not process HTML to include the LAGSubmitForm() function.

  13. Click OK.

  14. On the Policies page, click Apply Changes.

5.6.4 Creating Touch Files for Autosubmission

When HTML forms contain complex JavaScript or VBScript, you must enable two touch files, .enableInPlaceSilentFill and .enableInPlaceSilentFillNew. These touch files are essential to execute functions in the form before autosubmitting it.

When the /var/novell/.enableInPlaceSilentFill touch file is present, Form Fill does not generate a new page when autosubmit is enabled, but fills the page received from the Web server just as it is done when autosubmit is disabled. This touch file also disables the text/password/unspecified type fields.

However, even when you use the /var/novell/.enableInPlaceSilentFill touch file, options such as Debug Submit and Functions to Keep used in the Form Fill policy do not work. To work around this issue, you must also use the /var/novell/.enableInPlaceSilentFillNew touch file. When this touch file is used, complex JavaScript or VBScripts functions are executed in the form.

To create both touch files:

  1. Log in as root.

  2. Specify the following command to create the.enableInPlaceSilentFill file:

    touch /var/novell/.enableInPlaceSilentFill

  3. Specify the following command to create the enableInPlaceSilentFillNew file:

    touch /var/novell/.enableInPlaceSilentFillNew

  4. Specify the following command to restart the Linux Access Gateway:

    /etc/init.d/novell-vmc stop

    /etc/init.d/novell-vmc start