I want to know whether there is a way to take an action ( ex: clicking a button ) when directing to a third party website (ex: facebook.com ) from our website.
Ex: When someone clicks the Facebook icon on my website, it directs to a Linkedin page while opening the chat with a draft message.
No. At least not in the general case.
If it was possible to build a UI automation tool into a webpage which could take actions on completely different sites then you could set things up so that clicking a button on your site would cause my browser to visit my bank's website and transfer you money.
Browser vendors take some basic security precautions to prevent that sort of thing.
Related
I am creating a WordPress website for a client. This website offers support for victims of abuse, and my client wishes for a "panic" button on the website that, when clicked, either:
a) sends the user to a specified website (for example google.com) and then erases the history of the Back button
b) opens a specified website in a new tab (which eliminates the Back button issue) and then closes the current one.
I tried adding a simple button like this:
<button onclick="window.close();">Close</button>
But then I get this in the console:
[Warning] Can't close the window since it was not opened by JavaScript
If this is not possible to do by using Javascript, are there any other ways I can go about doing it?
Not possible.
The problem you're up against is that the browser doesn't allow Javascript to control things like opening and closing tabs, and rightly so. A web page really shouldn't be able to access or control things outside of its tab, this is a concept called sandboxing. Web pages are free to play in their own sandbox, but aren't allowed to know about or change things outside their sandbox. "Browser history" and "Other tabs" are both outside your web page's sandbox.
It's not that this is impossible in JavaScript, it's going to be impossible for any well designed browser, full stop. It's not a question of what technology you could use to accomplish this, it's a behavior that's explicitly prohibited by design. If you could do this on a major browser, you would probably be offered a bug bounty. Imagine what a malicious actor could do with the ability to modify the history in the back button, or to close other tabs.
Beyond that, I'm concerned about the approach that your employer is taking. Abusers are often more technically savvy than their victims, and a "panic button" like that won't even affect the browser's overall history, let alone defeat any advanced monitoring like spyware, or a fancy router's DNS monitoring. Victims of abuse should be discouraged from using devices or networks they believe are compromised and should seek help through trusted and secure channels of communication. I'm troubled that any sort of "panic button" functionality could create a false sense of security for a user that is not security-savvy.
I have a web app, part of which opens a 3rd party page in a child tab (I'm unable to iframe it as the headers they send prevent it) Once the user has completed the 3rd party page, the 3rd party present a blank white page with a GET parameter in the URL of "SUCCESS".
I'd like to be able to interrogate the url from the main tab and if it contains "SUCCESS" close the child window.
This needs to be cross browser compliant and written using Javscript / Jquery
Any ideas? is this possible?
As far as i know (someone please mention otherwise), you can not trigger the browser to close an external page.
That would be a major security issue, imagine if you visited a site, and it decided to close all your other tabs ? Opens to many malicious possibilities..
Also regarding PWA, the possibilities are limited as to their power, depending on the phone, they run inside more or less restricted frames of the browser, especially on iOs..
Maybe you can look into “bypassing” the iframe restrictions, that way you’d simply be able to toggle it off with JS or even Css.
What are those restrictions, do you have code?
Also, how you invoked that 3rd party page to open in the background, could be relevant.
I have the next task - I have a page where we have some interaction logic:
After a user clicks a button, my script redirects the user to another site where it must be populate 2 textfields then click button, after redirect to new page it must click on another button.
My project is based on ASP.NET MVC4.
My questions are:
May I do all of this?
If yes, how can I redirect to another page and run my script
P.S.: Second web site isn't my site and everything I know is id of buttons where I need to click.
Elaborating on my comment
You cannot do this in a normal browser. You could write a bookmarklet or two that would navigate and click but there is no script you can write in a web page that will do what you want for security reasons. A long time ago, it was possible in IE to load a banking site into an iFrame and script and monitor user interaction to steal credentials. This has been blocked.
If you save an HTML page with the extension HTA, it can be loaded from harddisk in windows and will have relaxed security so you could load the other site into an iFrame and script the interaction. This is likely not what you want.
The last method is to use for example CURL to get the foreign page, insert stuff and submit the form to the foreign site and return the result. This is not recommended either.
So the question to you is: Why do you need this and are there other ways to do what you want
1) location.href = "http://another.page.com"
2) impossible for security purposes
I would like a javascript bookmarklet that will "click" on the facebook "like" button on my web site. Its for an automated program so it can automatically have that user like the home page of my program.
Is this possible?
This is going to be impossible due to the Single Origin Policy that will not allow you to simulate a click in an iframe that does not belong to your domain (or make a cross-domain request to Facebook, for that matter).
And thank Goodness! What you are trying to do sounds like something Facebook (or any other provider of such buttons) would want to prevent.
I'm using the Telerik RadWindow control in one of my applications. When a user wants to authorize Twitter for the application the window displays the OAuth dialog for Twitter.
However, each time I display the pop-up for Twitter OAuth, or even just the plain Twitter page, the entire browser is redirected.
The control works just fine when the URL is pointed at a site other than Twitter. I'd like to see if I can block that redirect, or if perhaps there's an easier way to accomplish the OAuth confirmation. Any advice on how to implement this functionality would be greatly appreciated.
Thanks in advance.
This behavior is probably caused by Twitter. In fact, it should happen on many other sites as well (Facebook and similar). To prevent malicious sites from stealing user passwords, the login page detects if it is displayed in an inline frame (IFRAME element, such as the one used in RadWindow) and if it is, the whole browser window is redirected. This way they can ensure that no rogue JavaScript will be running while the user enters their username and password.
Twitter has properly created their authorization page to prevent cross-site scripting attacks, which means you can't embed it in a frame, or javascript pop-up.
Unfortunately, the only other way to "authorize" is a full redirect, or with a pop-up window, assuming your users allow pop-up windows.
The problem with the pop-up is that you then need a way to "close" it when twitter redirects back to your application. It can be done, but it's a bit tricky to do and who knows if it'd work in multiple browsers. Best to just let your site do a full redirect for now.