Kevin did the freelance thing, developing websites for small businesses. Sometimes, they had their own IT teams that would own the site afterwards, and perform routine maintenance. In those cases, they often dictated their technical standards, like “use VB.Net with WebForms”.

Kevin took a job, delivered the site, and moved onto the next job. Years later, that company needed some new features added. They called him in to do the work. He saw some surprises in the way the code base had changed.

It was the “Contact Us” link that drew his attention. The link had a simple job: cause the browser to navigate to a contact form screen. A simple <a href=""> could handle the job. But that tech-savvy boss used this anti-pattern, instead.

First, in the aspx file- the template of the view in WebForms, he added this button:

<asp:LinkButton ID="lnkContactUs" runat="server">Contact Us</asp:LinkButton>

Then, in the click event handler, he could do this:

    Protected Sub lnkContactUs_Click(sender As Object, e As EventArgs) Handles lnkContactUs.Click
      Dim strFullURL As String = String.Format("{0}{1}", Config.PublicWebsiteURL, "/?page_id=38")
      ClientScript.RegisterStartupScript(Me.GetType(), "Load", String.Format("<script type='text/javascript'>window.parent.location.href = '{0}';</script>", strFullURL))
   End Sub

This method runs whenever a click of that button in the browser triggers an HTTP request. In the response sent back, it injects a JavaScript file that forces the parent of this window to navigate to the clearly named URL for the contact page- page_id=38. Now, you might think, “well, if this link is visible due to a window.open call, this kind of makes sense…”, but that doesn’t apply here. Instead, it’s almost certain this code was copy/pasted from StackOverflow without any understanding.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!