I'm trying to figure out a way to perform a trusted event programmatically in the browser.
https://developer.mozilla.org/en-US/docs/Web/API/Event/isTrusted
I know it says it's a readonly event but I figure there must be some sort of work around if the user really wants it. After all the browser/frontend is entirely client side so you should be able to manipulate it yourself if you so choose (via some option in the browser etc)
I came across this answer https://stackoverflow.com/a/53488689/3097821 but I can't figure out to to implement it.
It can either be a click or a keyboard event.
Can anybody help me out on this?
Web content cannot generate a trusted event under any circumstances -- that is the whole point. Some actions don't care if an event is trusted or not (clicking a link, for example), but some do need to distinguish between a legitimate user-triggered event and a synthetic one create by untrusted web content.
Web Extensions are assumed to be working on the user's behalf, so they are allowed to create trusted events.
Related
I'm developing cross-browser extension using WebExtensions API. It's focused on monitoring some HTTP request and blocking potentially malicious ones. I need to get user input for each blocked host (because it could have been falsely blocked and user might want to unblock it right away). Originally I wanted to use popup, but then I found out, that popups are only allowed to be thrown up in User Action event handler, which is a problem, I need to to that independently on the user's action. After that I found second option - the Chrome's notification API. But again, found out, that Firefox does not implement buttons in notifitacions (even though Chrome does). OnClicked event is supported for notification, but that's not enough (mainly because of users accidentally clicking on the notification to close it).
TL;DR - Looking for a way to alert/notify user and get the input from him by clicking on one of two presented buttons. Popups and Notifications does not seem like sufficient way.
Can you suggest ways to implement desired behaviour?
Possible solutions:
1) Injecting content script that implements popup window and communicates via messages with bacgkround script.
2) Simulating animation of extension's icon to draw user's attention.
I have a device, which uses JSP to create the webpage, to maintain itself. There are some onclick events, and I would like to get some information from this device via a stand alone application, which only connects via IP to this device, and get all the information.
So, is it somehow possible to get directly to the functions, which are normally triggered via onclick events, so that non-human programs can open these pages?
Thank you
I'm writing a chrome extension which will perform some actions when a system notification pops up. Specifically, I want to close them.
For example: the "Restore pages?" notification:
My manifest file has nothing particularly interesting, here is my event page:
function anyAlarmHandler (Alarm anyAlarm) {
// For now, just clear any alarm when one pops up.
chrome.alarms.clear(anyAlarm);
}
chrome.alarms.onAlarm.addListener(anyAlarmHandler);
But it doesn't clear the system notification as expected.
I suspect that I'm listening for the wrong event, that system notifications are not actually considered an alarm. But the 'notifications' API doesn't have anything regarding catching notifications.
I've looked at this question regarding catching notifications, which might work, but it doesn't help with the following:
I need to catch notifications created by the browser itself, not another extension (this might not matter, I'm not sure)
I need to modify that notification. Change the text, close it, whatever.
I've tried using the code in the link above and just popping some dialogue box when a notification happens (to test if that solution works for detecting browser notifications), but even that didn't work. I'm hoping that I'm just missing some method/event listener in some API, but I can't seem to find it anywhere. Any help is appreciated.
You cannot detect, or override, any of the Chrome's own UI popups like this.
Only another native app could potentially interact with them (e.g. simulate a click).
Short of patching Chrome (in-memory or on disk), you won't be able to change the wording.
I am building an offline web application, and I want to be able to change the html of the page before the user saves it. since I cannot seem to find a way to trigger the save as function from javascript (except from IE), I need to just do some prep work before letting the browser save the page. I am not trying to force the user to do anything, just trying to update the page so that it saves it's state to the actual html of the page being saved. I can do this with a button, but i have to then ask the user to press Ctrl+S which is not smooth at all.
So I either need to be able to trigger a browser save from JavaScript, or handle the save event myself before allowing the default callback to happen.
Can this be done in a cross-browser supported way? I have found several pages dealing with the issue, but none clear it up as I wished, so sorry if this sounds like a duplicate.
You could do it using Data URI's. This question is similar, a javascript-generated CSV file that would be prompted for the user to download.
There may be other solutions but I think they would be proprietary so not future-proof.
This has now become possible with blobs. FileSaver.js is a cross platform solution. This will allow saving of any binary resource.
Conventional HTML lets you submit data via forms to a website and the destination (target) is usually visible in the sourcecode. Now, with JS it's a bit more difficult. You have to go through the JS files and find out what happens and where all the data is being sent to.
Is there an easier way to pin down where my data ends up (i.e. what file/address it is being sent to)??
Something like: I click on the button and it shows me what type of action was used and the destination URL?!
I'm on Ubuntu.
Are you trying to prevent phishing attacks or merely capture redirects/ajax calls on button clicks .. what's the purpose of this experiment?
Because Firebug (a firefox add-on) or Chrome Inspector (native to Chrome, not quite as robust as Firebug) will do the things that you're asking for, and give you lots more information to boot.
Additionally, you might consider setting up a local proxy on your machine and capturing all http traffic. It really depends on what you're trying to accomplish.
$("form").live("submit", function(){
alert("The page will be going to: "+this.action);
});
Of course, you will need to know if the window is being unloaded, because the submit could be handled and stopped by the javascript...