Path: csiph.com!usenet.pasdenom.info!gegeweb.org!usenet-fr.net!nerim.net!novso.com!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <python.list@tim.thechases.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.036
X-Spam-Evidence: '*H*': 0.93; '*S*': 0.00; 'modifying': 0.07; 'lawyer.': 0.09; 'python': 0.11; "(you're": 0.16; '-tkc': 0.16; 'browsers.': 0.16; 'displaying': 0.16; 'fetches': 0.16; 'from:addr:python.list': 0.16; 'from:addr:tim.thechases.com': 0.16; 'from:name:tim chase': 0.16; 'iframe': 0.16; "others'": 0.16; 'subject:party': 0.16; 'wrote:': 0.18; 'trying': 0.19; 'browsers': 0.24; 'server.': 0.24; 'header:In-Reply-To:1': 0.27; 'points': 0.29; "i'm": 0.30; 'getting': 0.31; '(on': 0.31; '(unless': 0.31; 'filed': 0.31; 'this.': 0.32; 'third': 0.33; 'copying': 0.34; 'subject:with': 0.35; 'problem.': 0.35; 'test': 0.35; 'but': 0.35; 'there': 0.35; 'doing': 0.36; 'charset:us- ascii': 0.36; 'two': 0.37; 'project': 0.37; 'server': 0.38; 'to:addr:python-list': 0.38; 'sure': 0.39; 'to:addr:python.org': 0.39; 'users': 0.40; 'new': 0.61; 'email addr:gmail.com': 0.63; 'occur': 0.65; 'techniques': 0.66; 'receive': 0.70; 'bag': 0.74; 'received:50.22': 0.84; 'subject:third': 0.84; 'virus:<iframe': 0.84; 'thoroughly': 0.91
Date: Sun, 9 Jun 2013 13:31:56 -0500
From: Tim Chase <python.list@tim.thechases.com>
To: python-list@python.org
Subject: Re: Redirecting to a third party site with injected HTML
In-Reply-To: <422dd712-2bc5-4c48-b6ca-62face5320c7@googlegroups.com>
References: <422dd712-2bc5-4c48-b6ca-62face5320c7@googlegroups.com>
X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - boston.accountservergroup.com
X-AntiAbuse: Original Domain - python.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - tim.thechases.com
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.2930.1370804668.3114.python-list@python.org>
Lines: 30
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1370804668 news.xs4all.nl 15895 [2001:888:2000:d::a6]:44314
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:47482

On 2013-06-09 10:09, guytamir1@gmail.com wrote:
> I'm working on a new project and i want to receive a request from a
> user and to redirect him to a third party site, but on the page
> after i redirect my users i want to them to see injected html (on
> the third party site.)

As others have stated, I'm not sure this is a Python problem.  Two
possibilities occur to me:

1) Your server returns a page with an <iframe> that points to the
page they want, but then injects HTML into that iframe using
ECMAScript.  Some browsers may thwart you from doing this.  Test
thoroughly in multiple browsers.

2) Your server goes and fetches the contents of the requested page,
then mungs it, and returns it from your server.  This might also
require modifying internal links on the target page so that they
redirect through your local site.  Be sure to test thoroughly, and
this may also have legality concerns (you're copying others' content
and displaying it on your site, so there may be copyright issues), so
also check with your lawyer.

Generally, these techniques are in the same bag of tricks that
phishers use, so you might also have to make sure that your site is
not getting filed as a phishing site (unless you are trying to make a
phishing site, in which case don't).

-tkc