Is it possible to disable a user's "Tab" key with ASP? 3

[toefuzzies]

I have a "secret link" hidden on a page and currently a user could just keep hitting tab..enter...tab..enter...tab..enter until they found this secret link. I'd like to be able to disable their "Tab" key so they have to find the link with their mouse (via something like a mouse over/hover button).

Is that possible?

 

[toefuzzies]

I found a way to do this in javascript...maybe asp would work similarly...but I don't know. I'm remapping the TAB key to the ESC key (which does nothing) and it works just fine. Thanks to anyone who was researching...

<script>
document.onkeydown = function(){

if(window.event && window.event.keyCode == 9)
{ // Capture and remap TAB
window.event.keyCode = 9;
}

if(window.event && window.event.keyCode == 9)
{ // New action for TAB is ESC
window.event.keyCode = 27;
return false;
}
}

</script>

 

[Genimuse]

ASP is server-side technology. A user hitting the Tab key happens on the client, not on the server, so ASP has absolutely nothing to do with it.

toefuzzies' Javascript example is client-side, right where the user is, so that's what you want.

Just think of it this way: If you want the page to do something special before it's sent to the user or after the user sends it back then it's server-side technology like ASP (or PHP, JSP, etc.). If you want the page to do something special while the user has it then it's client-side technology like browser Javascript.

 

[lebisol]

this sounds just as posts requesting "how can I prevent users for coping my image of the page"......the answer is "NO".
If u limit it with Client Side -JS then malicious user has to just turn JS off and your desing fails.
The bigger isue would be WHY are u attempting to do this? waht is the fear of "tab" key.....?
post some more!
All the best!

> need more info?
:: don't click HERE ::

 

[ChrisHirst]

No 'secret' links on pages can be 'secret' if the page is getting crawled by the SE's! The linked page would soon be very publicly available.

I'm not sure why creating pages that cripple browsers seems to be popular, especially with the accessibility regulations etc that are coming into force.



Chris.

Indifference will be the downfall of mankind, but who cares?

 

[Tarwn]

You could try asigning it a tabindex with value of "-1". Not sure if this attribute is still supported or not, been to many browser and W3C revisions

<a href="whatever.asp" tabindex="-1">you can't see me</a>

That should keep it from being tabbable,
-T

[sub]01000111 01101111 01110100 00100000 01000011 01101111 01100110 01100110 01100101 01100101 00111111[/sub]
The never-completed website:

http://www.tiernok.com/

 

[toefuzzies]

Re: Viewing source... yes, I disabled it, thanks!!
Re: Posting some more...
Purpose of the eliminating the <TAB> key is so the user can't just use it to tab down the page (and therefor stopping at each link). Obviously if they were to be able to do that, they would find the "hidden" link w/ no trouble.

Re: Pages being "crawled by SE's"...I'm not familiar w/ that term ('splain it to me like I'm 6 please). My page's hidden links will change frequently (each month or so), so hopefully that will help - I don't know for sure, until I understand more of your "SE" concern.

Thanks!!

 

[ClaytonQ]

I bet "SE" means "Search Engine."
Search Engines will see the link and follow it, and index the contents of your "secret" page, and display them to anyone who asks.
Also, if the Tab key is disabled, not a single blind or handicapped person will be able to visit your site. This would hurt you more than it would hurt them.
Also, the Tab key is also used by a lot of able-bodied people who prefer using the keyboard to using the mouse. A lot of people in this category are computer nerds. They'll be annoyed, and they'll know how to disable JavaScript, and they'll discover your secret.
An alternative would be to make a page called "secret.asp" or whatever. You could put whatever content or links you wanted on that page. You could use meta tags to ask seach engines not to crawl the page. You could use ASP to require a password.
Accomplishing your goal is within reach without disabling the Tab key.

 

[ChrisHirst]

SE = Search Engine

you know Google,Yahoo, MSN etc and by the way disabling view source is an exercise in futility as well.




Chris.

Indifference will be the downfall of mankind, but who cares?

 

[Mr3Putt]

Why the heck would you want a "hidden" link on a page? What possible good could that achieve? I'm guessing that you're probably just playing with the user, planting an easter-egg or something... which is okay, I guess.

But, if you suppose that you've "disabled" viewing the source... you're almost assuredly wrong.

And, to find a hidden link: If I tell my browser to "always apply my personal style sheet to all pages", I can underline/outline/red-text/bolden/background-color any link on the page.

Also, in your current design, if I disable javascript, then I can tab to it.

If I wanted to tab past a particular control/link I'd try Tarwn's suggestion (always try Tarwn's tips... they're usually best-of-show quality). I cannot remember, either, if tab-index is still supported... but it's probably still "quirk-supported" in most browsers.

 

[toefuzzies]

Thanks.

Should have figured out SE...

Re: hiding source code - why is it futile? Are you saying it's impossible to hide it?

 

[ChrisHirst]

Yes it is pretty pointless trying, even the so called "encryption techniques" are easily defeated.

http://www.vortex-webdesign.com/help/hidesource.htm

http://www.vortex-webdesign.com/help/

You can cripple the browser by disabling Right Clicks if you wish, but what about View -> Source on the menu or locating the page in the cache and reading it there or File -> Save As?




Chris.

Indifference will be the downfall of mankind, but who cares?

 

[toefuzzies]

I should point out that these are easter eggs that people will hunt for - they will sign up to do this. I just didn't want to make it too easy for people to cheat. I think you've all done a great job in challenging me to make it a little harder to compromise.

Thanks

 

[ChrisHirst]

why not use CSS to size and position a transparent .GIF as a link somewhere on the page, set the z-index to a high number so it is always above everything and use an absolute position for it.

And if you write the link onto the page in in unicode the browsers can understand and will use the link but it is almost impossible to read from the source.

' convert input string to unicode
Function StrToUnicode(strIN)
dim zz
dim tmp

tmp = ""
for zz = 1 to len(strIN)
tmp = tmp & "&#" & AscW(Mid(strIN,zz,1)) & ";"
next

StrToUnicode = tmp
end function

also good for hiding mailto links from the harvesters.



Chris.

Indifference will be the downfall of mankind, but who cares?

 

[toefuzzies]

Ok, so...something like:

<HTML>
<HEAD>

<TITLE>Look On This Page For Easter Egg</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<!-- Script that generates congrats window if egg is found -->
<script>
function openpopup(){
var popurl="congrats.html"
winpops=window.open(popurl,"","width=400,height=438,")
}
</script>

<style type="text/css">
img.x
{
position:absolute;
left:100px;
top:100px;
z-index:999
}
</style>
</head>
<body>
<!-- larger (background image) that loads first
<img src="large_background_image.gif"
width="900" height="650>

<!-- smaller transparent gif-->
<a href="javascriptpenpopup()">
<img class="x" border="0" src="hidden_picture.gif" width="5" height="5">
</a>

</body>
</html>

I'm not sure where to call the function StrToUnicode(strIn). I'm also not sure if this has to reference a .css file...

Thanks for any help you can provide - I'm lovin' it!!

 

[ChrisHirst]

add the function into the document above the <html> tag (or below the </html>)
then use this in the body.

<%
response.write StrToUnicode("<!-- smaller transparent gif-->") & vbCrlf
response.write StrToUnicode("<a href='javascript:openpopup()'>") & vbCrlf
response.write StrToUnicode("<img class='x' border='0'")
response.write StrToUnicode(" src='hidden_picture.gif'")
 response.write StrToUnicode(" width='5' height='5'>" & vbCrLf
response.write StrToUnicode(" </a>") & vbCrLf
%>

you could also write the the attributes for the style sheet on to the page as well using the same method.


Chris.

Indifference will be the downfall of mankind, but who cares?

 

[toefuzzies]

Chris,

Here's what I'm trying, but I'm not able to view the .asp page...Any idea why?

<%@ Language="VBScript"%>
<%
' convert input string to unicode
Function StrToUnicode(strIN)
Function StrToUnicode(strIN)
dim zz
dim tmp

tmp = ""
for zz = 1 to len(strIN)
tmp = tmp & "&#" & AscW(Mid(strIN,zz,1)) & ";"
next

StrToUnicode = tmp
end function
%>
<HTML>
<HEAD>

<TITLE>Look On This Page For Easter Egg</TITLE>
</HEAD>
<!-- Script that generates congrats window if egg is found -->
<%
<SCRIPT Language="Javascript">
<script>
function openpopup(){
var popurl="congrats.html"
winpops=window.open(popurl,"","width=400,height=438,")
}
</script>
%>

<style type="text/css">
img.x
{
position:absolute;
left:100px;
top:100px;
z-index:99
}
</style>
<body>

<%
'response.write StrToUnicode("<!-- smaller transparent gif-->") & vbCrlf
'response.write StrToUnicode("<a href='javascriptpenpopup()'>") & vbCrlf
'response.write StrToUnicode("<img class='x' border='0'")
'response.write StrToUnicode(" src='hidden_picture.gif'")
'response.write StrToUnicode(" width='50' height='50'>" & vbCrLf
'response.write StrToUnicode(" </a>") & vbCrLf
%>
<!-- Main (larger) image -->
<img src="dashboard.jpg"
width="900" height="650>

</body>
</html>

 

[toefuzzies]

Whups, sorry...this is what I actually had:


<%@ Language="VBScript"%>
<%
' convert input string to unicode
Function StrToUnicode(strIN)
dim zz
dim tmp

tmp = ""
for zz = 1 to len(strIN)
tmp = tmp & "&#" & AscW(Mid(strIN,zz,1)) & ";"
next

StrToUnicode = tmp
end function
%>
<HTML>
<HEAD>

<TITLE>Look On This Page For Easter Egg</TITLE>
</HEAD>
<!-- Script that generates congrats window if egg is found -->
<%
<SCRIPT Language="Javascript">
<script>
function openpopup(){
var popurl="congrats.html"
winpops=window.open(popurl,"","width=400,height=438,")
}
</script>
%>

<style type="text/css">
img.x
{
position:absolute;
left:100px;
top:100px;
z-index:99
}
</style>
<body>

<%
response.write StrToUnicode("<!-- smaller transparent gif-->") & vbCrlf
response.write StrToUnicode("<a href='javascriptpenpopup()'>") & vbCrlf
response.write StrToUnicode("<img class='x' border='0'")
response.write StrToUnicode(" src='hidden_picture.gif'")
response.write StrToUnicode(" width='50' height='50'>" & vbCrLf
response.write StrToUnicode(" </a>") & vbCrLf
%>
<!-- Main (larger) image -->
<img src="dashboard.jpg"
width="900" height="650>

</body>
</html>

 

[ChrisHirst]

What error are you getting ?

make sure you uncheck "show friendly HTTP error messages" first




Chris.

Indifference will be the downfall of mankind, but who cares?

 

[toefuzzies]

Chris,

Thanks, I had just checked and it was on "show friendly ..."

I got that fixed and I was missing a ')' after the line:

response.write StrToUnicode(" width='50' height='50'>" & vbCrLf (I think this was the line)

Right now I'm double-checking my image size, I couldn't find it (which is good, I guess). I'll let you know in a minute if it works.