Chrome asks if an application should be opened - javascript

We have a website that allows the user to download and open a Word file.
Chrome started recently opening an annoying popup when the users downloads the Word
The javascript code called to open the file is
function webDAVOnLineEditionAcm(docURL) {
try {
setTimeout(function(){ ITHit.WebDAV.Client.DocManager.EditDocument(docURL, "/", protocolInstallCallback); }, 5000);
} catch (e) {
console.log(e);
}
}
Is there some solution to tell Chrome to always open that kind of links? It is annoying our users, that need to frequently click that button but also breaks all our acceptance tests...

Short answer, no. This is a security feature to prevent a malicious script from being able to launch local applications or open executable files.
One solution is to educate your users. Show a notice on the page when they click to open that explains how to suppress the prompt.
Another solution is to trigger a download of the file. They can then open that file by clicking on it in the downloads list. They won't be prompted in this case.
Finally, a more involved solution is to process the word document and convert it to HTML so they can be viewed directly on the site. You could then pair this with the download solution to get the original document.

Related

what is this strange "script" doing?

I am doing some test then find below code would pop up a window:
test
looks like it is trying to open an application.
Can anyone tell me what is the usage/purpose of this "script"?
looks like FF, Chrome, and IE all support it.
script is being used as a protocol. No applications handle the script protocol, so clicking it does nothing useful.
You can register a custom protocol handler and if the user accepts it, your application will be allowed to open all links of that type (there are only a few permitted protocols):
window.navigator.registerProtocolHandler('web+test', 'http://example.org/?handler=%s', 'Test Protocol');
Only example.org will be allowed to run the above code, but if you open your dev tools while visiting http://example.org/ and run the above code, you will get a dialog asking you to allow or deny the protocol association. If you accept it, click the following link on any website:
test
It will redirect to http://example.org/?handler=hello
Trying to open an application? That script is just a hyperlink, it does not tell anything else in the script, just that it will open a link into site that tells "test"

Force Auto Open Dialog in Chrome

FileRun has a beautiful File-Explorer Google-Drive styled. You can testdrive it here FileRunDemoSite
When I download a File I get to choose if I want to open the file directly in a Office Application.
When I click on Office, google prompts me with a Chrome Open File Dialog. The File opens directly from the location instead of being savend in /downloads/ folder.
How can I achieve this behavior? All existing answers on SA state that this is not possible, so this might be interesting to others as well. Not even google has implemented this. Is there a cross-browser solution?
Onedrive does it as well:
Credit to Thomas2D to get me on the right track. How it basically works is:
If you develop an application you can register a new protocol with the operation-system. http:// will be handled by your default browser. applicationX:// will be handled by applicationX, ms-word:// will be handled by word. If you click on a link the browser/operating-system looks up which application should handle the protocol an pass the request on to this application.
For Office documents the URI is a bit more complex ms-excel:ofv|u|http://contoso/Q4/budget.xls. You can open it readonly/ for edit / as a template. Check out this document for a detailed description of all the options: Office URI Schemes
For other applications check the URI Schemes with that application.
How to use it on a website:
It is not advisable to set a link to an application in a Dom element href attribute. You have no way of checking if the application is installed or not.
If you use Javascript you can check if the request times out / fails and use http:// instead.
. Set the protocol in a href: window.location.href = encodeURI('ms-excel:ofe|u|http://example.com/excel.xlsx') or by setting the the location.protocol, https://www.w3schools.com/jsref/prop_loc_protocol.asp
There is a jQuery Plugin to do that :jquery.applink.js
I personally think that this is accomplished by starting application via specific url.
I know that this works on iOS for launching application. In iOS it was done by something (simillar to mailto:example#example.com)
<script type="text/javascript" charset="utf-8">
window.location = "myapplication://myparams";
</script>
EDIT: I finally get it, you have to use application url scheme. For example, if you want to open your Excel file via browser, you have to use this JS code.
window.location.href = encodeURI('ms-excel:ofe|u|http://example.com/excel.xlsx');

HTML transient modal window

We have a legacy web application. At various places it opens a window with the help of Privilege Manager on Firefox to get the needed result.
Some of these windows open a Java applet or a PDF document.
The client machines are updating Firefox and Privilege Manager is gone.
What is the easiest way around it?
The problems are :
There must be only one instance of the pop-up at anyone time. This could be done by selecting appropriate window name on window.open() call.
If the window is opened again (by means of user action), it should not reload but just focus to bring it to the foreground (I have seen I can keep a reference to the window on JavaScript to do that)
It basically really must be transient/modal so that the client cannot leave the current page or reload or any other kind of interaction with the parent window (except opening/refocusing the child window) without closing the child window first. I have no idea how to do that.
Do anyone has an idea how to do that?
The client is only Firefox (it works in a special kiosk configuration) on Linux.
I read somewhere that I could somehow write an extension but I am basically clueless about extensions and its API.
Edit1:
Example of (simplified) legacy code. Not really sure if all the permissions were required, but this is it: This function opens a window that stays over the parent window and prevents any interaction from the user with the parent window.
function fWindowOpen(url, name) {
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserWrite");
netscape.security.PrivilegeManager
.enablePrivilege("CapabilityPreferencesAccess");
netscape.security.PrivilegeManager
.enablePrivilege("UniversalPreferencesWrite");
netscape.security.PrivilegeManager
.enablePrivilege("UniversalPreferencesRead");
netscape.security.PrivilegeManager.enablePrivilege("UniversalFileRead");
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
window.open(
url,
name,
"screenX=70,dependent=yes,menubar=0,toolbar=0,width=900,height=700,modal=1,dialog=1"
);
}
function fnCapture(){
fWindowOpen("/path/to/document_or_japplet/page","_blank");
}
HTML:
<button value="Capture" property="btnCapture" onclick="javascript:fnCapture();"/>
Edit2: Solution
On a typical extension, on the xul code, define this javascript code:
var dialogExt = {
listener: function(evt) {
// Do work with parameters read through evt.target.getAttribute("attribute_name")
window.openDialog(evt.target.getAttribute("url"), evt.target.getAttribute("name"), evt.target.getAttribute("features"));
}
}
// from examples
document.addEventListener("dialogExtEvent", function(e){ dialogExt.listener(e); }, false, true);
Then, on the web page:
var element = document.createElement("dialogExtElement");
element.setAttribute("url", url);
element.setAttribute("name", name);
element.setAttribute("features", features);
document.documentElement.appendChild(element);
var evt = document.createEvent("Events");
evt.initEvent("dialogExtEvent", true, false);
element.dispatchEvent(evt);
Now, maybe I am missing some security checks to let the code work if it originates from the same host, and how to handle a reference to the document that requested the dialog as means of interaction between the dialog window and it's opener.
The Privilege Manager was deprecated in Firefox 12 and removed in Firefox 17 (briefly restored).
You might want to look into Window.showModalDialog(). However, it is deprecated and is expected to go away within the year, or in 2016 if you go with an extended service release (ESR) of Firefox 38. It may be a temporary solution while you develop an extension.
In order to accomplish the same tasks, you will need to write an extension and ask the user to install it (from Bypassing Security Restrictions and Signing Code, the old information about Privilege Manager):
Sites that require additional permissions should now ask Firefox users to install an extension, which can interact with non-privileged pages if needed.
It is possible to write such an extension using any of the three different extension types:
XUL overlay
Restartless/Bootstrap
Add-on SDK
For the first two types, you would use window.open(). The modal option is in "Features requiring privileges". You will probably also want to look at Window.openDialog().
For the Add-on SDK, you would normally use the open() function in the SDK's window/utils module. Here, again, you will probably want to look at openDialog().
It appears you may be opening content that is supplied from the web in these modal windows. It is unlikely that you will get an extension approved to be hosted on AMO which opens content in such windows which in not included in the add-on release. This does not mean you can not develop the extension and have it installed on your kiosk clients without hosting it on AMO. However, there are additional restrictions in development for Firefox this year which will make this significantly more difficult, see: "Introducing Extension Signing: A Safer Add-on Experience".
You should be able to get similiar window.open behavior, including support for the modal option from the sdk's window/utils module.
You will have to install the onclick listener with a content script, send a message to the addon-main through its port and then open that window from the addon main.

How to save a webpage locally including pictures,etc

I am building an add-on for an application. The clients are paying to view some webpages and download some files out of it. They want to automate this downloading process by add-on. So instead of selecting "Save Page as" and waiting for the download's completion, they can click the add-on and forget the process. The problem is, the webpage is providing some cookies to the browser. So the best way is File-> "Save Page As" . I want to do it through the add-on. Is there any firefox-javascript way for this?. I used nsiDownloader. But it saves only html, not the pictures,etc. Can anybody guide me in this issue?
EDIT:
Hi, This is the code which did the trick, thanks to sai prasad
var dir =Components.classes["#mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
dir.initWithPath("C:\\filename");
var file = Components.classes["#mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
file.initWithPath("C:\\filename.html");
var wbp = Components.classes['#mozilla.org/embedding/browser/nsWebBrowserPersist;1']
.createInstance(Components.interfaces.nsIWebBrowserPersist);
alert("going to save");
wbp.saveDocument(content.document, file,dir, null, null, null);
alert("saved");
EDIT:
But, still some webpages are not saved exactly as "Save Page as". Those saved pages are not rendered like original pages, they are look like some html example.
Since you mention that File->"Save Page As" is working as expected, I tried looking through the source code (chrome://browser/content/browser.xul) and found this:
https://developer.mozilla.org/en/nsIWebBrowserPersist#saveDocument()
Make sure that you shall call this function only after the webpage is completely loaded (not DOMContentLoaded)!!

ActiveXObject issue in javaScript

I wrote a javascript function in my html page to execute an .exe file. for this i used ActiveXObject.
my function is:
//~~~~~~~~~~~~~~~~~~~~~~~~~~~JavaScript~~~~~~~~~~~~~~~~
function openWin(url)
{
if (!document.all) {
alert ("Available only with Internet Explorer.");
return;
}
var ws = new ActiveXObject("WScript.Shell");
ws.Exec(url);
}
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It works fine but there is a alert "An ActiveX control might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" comes up to confirm. If i say YES only it will get loaded.
Pls anyone help me on this how to avoid this pop-up coming every time when i reload my html page.
You can't. Your users can, by giving your page trusted access to their computer (e.g., by adding the URL to the "Trusted Sites" zone).
You should enable activeX in Internet explorer security settings.
http://www.nrc.gov/reading-rm/adams/install/enabling-active-x.html
If you want your users to not seeing this message, then they should enable it. But you can't force them to do it because of security issues.

Categories