Legacy code: window.parent.location.href="https:/home"

Question

I have inherited some code from our former developer and I found this piece of code.

<?php
   if($this->loginAction->isAuthenticated()){
?>
   <script type="text/javascript">
      window.parent.location.href="https:/home";
   </script>
<?php
}
?>

I have been looking on it for a while and I have no idea why he put there the shortcut for the URL. I think that the URL should be https://mysite.com/home. I basically don't know what does this code do.

Edit: I know that this code is redirection if user is authenticated, but I don't know what the strange URL(https:/home) is doing there. This code is working.

Thank you for any help.

Edit2: According to my colleague, this is one of the JS secrets:) Going to test it. This two lines of code should have equal functionality:

window.parent.location.href="https:/home";
window.parent.location.href="https://www.my-testing.com/home";

Answer 1

This is the URI and it is valid according to the spec here: https://www.ietf.org/rfc/rfc2396.txt in section 3 as quoted here: ( the bold and highlights are mine) This says that the scheme https followed by the separator colon : then the rest is optional. Thus the single forward slash is likely interpreted as the root or "full" URI of "https://home" or simply the "/home" of the current provider. Likely this then looks like "https://www.example.com/home" if your site is www.example.com (it isn't but that one is in the specifications as a reserved name as well) which is the DNS address of your site. Note that if the scheme were missing as "//www.ourbug.net" then that would be translated into the current scheme in use (http or https for most resources)

Quote from the reference:

3. URI Syntactic Components

The URI syntax is dependent upon the scheme. In general, absolute URI are written as follows:

  <scheme>:<scheme-specific-part>

An absolute URI contains the name of the scheme being used () followed by a colon (":") and then a string (the ) whose interpretation depends on the scheme.

The URI syntax does not require that the scheme-specific-part have any general structure or set of semantics which is common among all URI. However, a subset of URI do share a common syntax for representing hierarchical relationships within the namespace. This "generic URI" syntax consists of a sequence of four main components:

  <scheme>://<authority><path>?<query>

each of which, except , may be absent from a particular URI. For example, some URI schemes do not allow an component, and others do not use a component.

  absoluteURI   = scheme ":" ( hier_part | opaque_part )

URI that are hierarchical in nature use the slash "/" character for separating hierarchical components. For some file systems, a "/" character (used to denote the hierarchical structure of a URI) is the delimiter used to construct a file name hierarchy, and thus the URI path will look similar to a file pathname. This does NOT imply that the resource is a file or that the URI maps to an actual filesystem pathname.

  hier_part     = ( net_path | abs_path ) [ "?" query ]

  net_path      = "//" authority [ abs_path ]

  abs_path      = "/"  path_segments"

Answer 2

Well, it appears to say if the login action is authenticated then redirect the user to a new url.

Seems like a bug to me. I don't believe https:/home is anything more than a typo.

Answer 3

Try:

<script type=text/javascript>
   window.parent.location="https://www.my-testing.com/home";
</script>