Hiding the Web.show_document URL

8

Last week I delivered a Forms module which invoked the Oracle Reports server by submitting report requests displaying the report on the screen using the Web.Show_document procedure. One thing that I was always been surprised about was the fact that when the document is displayed the complete URL is displayed in the address bar of the new window. This will make the Url of the reports server public to anybody running a report. How can you resolve this was my question....

So I had a look at the internet and found the answer. The following link gave me the answer. And it is easier than I expected Smiley . Making use of Java script will enable you to manipulate the way your document window is opened and displayed. Normally you would issue the call:
Web.show_document(‘the url’,’_blank’);

By issueing the following command:
Web.show_document(‘javascript:window.open("TARGET=_blank>the_url","","fullscreen=no,titlebar=no,
location=no,toolbar=no,menubar=no,resizable=yes");self.close()’,’_blank’);


Now you will get the document without displaying the titlebar,toolbar,location and menubar resulting into a non disclose of your reports server URL.

 

Share.

About Author

8 Comments

  1. Thanks for this info!
    I have combined it with Francois Degrelle’s blog entry about document.write to show database clob content with web.show_document.
    BTW. I had to add a semicolon to self.close() to get it to work. Like this (Sorry if it looks strange, I’m a PL/SQL programmer…):
    Web.show_document(‘javascript:(window.open(“”, “”,”location=no,titlebar=no,menubar=no”)).document.write(”<h1>Test</h1>”);self.close();’,’_blank’);

  2. Marcos Claver on

    As stated prior it could be caused by the fact that your browser does not allow the call of java script. Also read the prior comments regarding security

  3. When used like this:

    if (reportobjstatus=’FINISHED’) then

    /* Report run was successful
    Get the Report output to the Browser */

    –the_url := rroVirtualDir||rroReportsInterface||’?’||server||’=’||rroReportServer||rroreportother;
    – web.show_document(rroVirtualDir||rroReportsInterface||’?server=’||rroReportServer||rroreportother,’_blank’);
    –the_url := ‘javascript:window.open(“‘||rroVirtualDir||rroReportsInterface||’?’||’server’||’=’||rroReportServer||rroreportother||’”,”Reports”,”fullscreen=no,titlebar=no,location=no,toolbar=no,menubar=no,status=no,resizable=yes”);self.close()’;

    if (upper(rroDestype) =’CACHE’) then

    – Web.show_document(‘javascript:window.open(“www.yahoo.com”,””,”fullscreen=no,titlebar=no,location=no,toolbar=no,menubar=no,resizable=yes”);self.close()’,’_blank’);

    v_URLin := rroVirtualDir||rroReportsInterface||’?server=’||rroReportServer||rroreportother;

    v_URLout := ‘javascript:window.open(“‘|| v_URLin || ‘”,””,”fullscreen=no,titlebar=no,location=no,toolbar=no,menubar=no,status=no,resizable=yes”);self.close()’;

    WEB.SHOW_DOCUMENT (v_URLout, ‘_blank’);

    –WEB.SHOW_DOCUMENT (the_url, ‘_blank’);

    else
    – Reports output is send to printer or file, there is nothing to download to the client
    null;
    end if;

    end if;
    end if;

    The report doesn’t run and the page remains blank

  4. Marcos Claver on

    The link in the blog tell me that it will not work correctly with IE 6.0 if you have applied recent service packs. This is due to a change in Microsoft security enhancements.

    The solution Francois Degrelle proposes is better since the translationof parameters is performed on the server.

  5. Interesting, but doesn’t work for me… Nothing appends when I press on the button. Code :

    WEB.SHOW_DOCUMENT (‘javascript:window.open(“TARGET=_blank> http://www.apple.com“,””,”fullscreen=no,titlebar=no,location=no,toolbar=no,menubar=no, status=no,resizable=yes”);self.close()’,’_blank’);

    Any change in IE prefences ???

  6. Hello,

    Keep in mind that you can also mask the connexion string (and other parameters) by using the cgicmd.dat Reports configuration file to launch reports from the Web.Shwo_Document() built-in.

  7. Great stuff.

    Two (minor) things: self.close instead of clase(). And I guess you mean “disclosure” instead of “disposure”. It means almost the same, but in this case the latter is closer to what you meant to say.