I want to prepare a Chrome Extension for my password manager program. The password manager program keeps the usernames and passwords encrypted locally and is therefore not on any server. Instead of copying and pasting every time, I send the usernames and passwords to the Google address line as follows:
https://stackoverflow.com/users/login?user_name=USERNAME&password=PASSWORD
I want the Google Extension to automatically add the username and password in the address line to the corresponding textboxes. Unfortunately, I have no idea for this. I downloaded and reviewed Google Extensions like Daslane, but they are all very complicated and I could not understand. Your ideas and examples, if possible, on how to do this very simply are very valuable for me.
First you need to find simple chrome extension sample code.
This is the simple source from chrome developer page.
After that, you have to detect the control name using chrome developer tool and use this script to auto fill and click login button.
function AutoFill() {
var html = window.location.href + "\n\n";
if (html.includes("example.com") == true)
{
document.getElementById("username").value = "username"
document.getElementById("password").value = "password"
document.getElementsByName("login")[0].click();
}
return html;
}
chrome.extension.sendRequest(AutoFill());
To fill the form on the document you need access to the document. You can use for this content scripts - https://developer.chrome.com/extensions/content_scripts
I'm not sure why you would like to pass credentials via URL. I think it is a bad practice and it can break website behavior. It is better to get credentials from background script - https://developer.chrome.com/extensions/background_pages
Communication between content script and background page can be implemented via chrome.runtime.onMessage event.
If you really need to get parameters from URL, you can do this in the content script by using URLSerachParams - https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams
Example:
var url = new URL(location.href);
console.log(url.searchParams.get('user_name'));
Related
I have the following situation:
a static site, only html pages
a cookie notice system, with my own cookies, accept and refuse system of cookies setup
Now I need to inject the GA4 script into the head of pages when cookies are accepted, but...
I have already made made that, by appending the script to the head and it is visible on browser, on page reload with inspect elements...and it's working perfect.
When users click on accept cookies, the cookies accept is saved on client's side, and the script is APPENDED to page.
But I need the GA4 script to be somehow INJECTED, to be visible on the source page. Like when I preview the source page in browser to have it there. I don't need it to be injected into the html file itself, but only into the browser.
I did my own research about these days, and now it's killing me, as all I could find was the append way, but that is not injecting it into the source page on browser.
Any advice or guidance would be greatly appreciated.
Note (as I have been asking all the time. I don't want to offend anyone, but that's the best way I can explain where I want to do and what):
the source page I'm talking about is when right click on browser and view source page (there is where I need the GA4 code to be inserted)
and the way I got it to work is when right click > inspect > elements tab - (there i have it now working)
Thank you!
First question would be, why do you want it to be in the actual source code? A common way of inserting these scripts is through a tag-management-solution, which basically follows similar logic as appending scripts to the page (i.e. similar to what you meant by the inspect elements route).
To answer your question;
There is an option to get it into the sourcecode, and that is by checking on the server delivering the HTML whether a user has accepted the cookies, if that is the case deliver the HTML file (or adjust the HTML) to contain the GA4 script, if the user didn't accept: deliver the page without the GA4 script.
Since you mention these are static HTML files, I assume there is no server in place where this kind of logic can be inserted. So the best option is to insert the script afterwards.
Another way would be to insert the tag by default, but disable tracking (haven't tested the below part, also, verify yourself whether in your situation this actually blocks tracking when cookies aren't accepted):
window['ga-disable-GA_MEASUREMENT_ID'] = true;
https://developers.google.com/analytics/devguides/collection/gtagjs/user-opt-out
You could try to add this in your HTML before loading the GA4 tag, similar to something like:
<script>
const gaMeasurementId = 'G-12345678'; //replace with your own MeasurementID
let cookiesDeclined = true; //default to declined cookies
document.cookie.split(';').forEach( (cookie) =>{ //loop through all cookies
const cookie_arr = cookie.split('='); //get key/value pairs for cookies
let name = cookie_arr[0]; //cookiename
let val = cookie_arr[1]; //cookieval
if(name === 'cookieConsent' && val === 'accepted' ){
cookiesDeclined = false; //set the declined status to false when user has accepted the cookies
}
})
window['ga-disable-'+gaMeasurementId] = cookiesDeclined;
//->insert ga4 tag here
</script>
For the past few years, I've been using Sheets as a data source for a web app by using the following code to turn the id into a direct link to a TSV file:
let id="1zD3eIL8LCTJ8F_8U3kWA6k5WPJNKr_UZ_93bnARlMxQ"
let str="https://docs.google.com/spreadsheets/d/"+id+"/export?format=tsv";
var xhr=new XMLHttpRequest();
xhr.open("GET",str);
xhr.onload=function() {/* act on data */ };
xhr.send();
xhr.onreadystatechange=function(e) {
if ((xhr.readyState === 4) && (xhr.status !== 200)) {
/* Show error */
}
It still works on old files, but new ones yield a CORS error:
Access to XMLHttpRequest at 'https://doc-00-0g-sheets.googleusercontent.com/export/l5l039s6ni5uumqbsj9o11lmdc/5filqetsf3ohbeiq2e8vbtf8ik/1593267040000/112894833168181755194/*/1zD3eIL8LCTJ8F_8U3kWA6k5WPJNKr_UZ_93bnARlMxQ?format=tsv' (redirected from 'https://docs.google.com/spreadsheets/d/1zD3eIL8LCTJ8F_8U3kWA6k5WPJNKr_UZ_93bnARlMxQ/export?format=tsv') from origin 'https://viseyes.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Works: www.viseyes.org/scale?1LSnAM3A62AQipZfqxDtlOjt4MWJ0fBP22cdyqJqEj5M
Error: www.viseyes.org/scale?1zD3eIL8LCTJ8F_8U3kWA6k5WPJNKr_UZ_93bnARlMxQ
I believe your goal as follows.
You want to retrieve the data with TSV format from the Google Spreadsheet using Javascript.
Your spreadsheet is publicly shared.
For this, how about this answer?
Issue and workaround:
I could confirm the same situation from your question. Unfortunately, I couldn't remove this error. So, in this case, as a workaround, I would like to propose to use Web Apps created by Google Apps Script as the wrapper. By this, the error can be removed. The flow of this workaround is as follows.
Request to Web Apps from Javascript.
At Web Apps, the data is retrieved from "https://docs.google.com/spreadsheets/d/"+id+"/export?format=tsv".
Return the data with the TSV format from Web Apps.
Usage:
Please do the following flow.
1. Create new project of Google Apps Script.
Sample script of Web Apps is a Google Apps Script. So please create a project of Google Apps Script.
If you want to directly create it, please access to https://script.new/. In this case, if you are not logged in Google, the log in screen is opened. So please log in to Google. By this, the script editor of Google Apps Script is opened.
2. Prepare script.
Please copy and paste the following script (Google Apps Script) to the script editor. This script is for the Web Apps.
function doGet() {
let id = "1zD3eIL8LCTJ8F_8U3kWA6k5WPJNKr_UZ_93bnARlMxQ"; // This is from your script.
let str = "https://docs.google.com/spreadsheets/d/"+id+"/export?format=tsv"; // This is from your script.
const value = UrlFetchApp.fetch(str);
return ContentService.createTextOutput(value.getContentText());
}
If your Google Spreadsheet is not publicly shared, please modify as follows.
function doGet() {
let id = "1zD3eIL8LCTJ8F_8U3kWA6k5WPJNKr_UZ_93bnARlMxQ"; // This is from your script.
let str = "https://docs.google.com/spreadsheets/d/"+id+"/export?format=tsv"; // This is from your script.
const value = UrlFetchApp.fetch(str, {headers: {authorization: "Bearer " + ScriptApp.getOAuthToken()}});
return ContentService.createTextOutput(value.getContentText());
// DriveApp.getFiles() // This is used for automatically detecting the scope.
}
3. Deploy Web Apps.
On the script editor, Open a dialog box by "Publish" -> "Deploy as web app".
Select "Me" for "Execute the app as:".
By this, the script is run as the owner.
Select "Anyone, even anonymous" for "Who has access to the app:".
In this case, no access token is required to be request. I think that I recommend this setting for your goal.
Of course, you can also use the access token. At that time, please set this to "Anyone". And please include the scope of https://www.googleapis.com/auth/drive.readonly and https://www.googleapis.com/auth/drive to the access token. These scopes are required to access to Web Apps.
Click "Deploy" button as new "Project version".
Automatically open a dialog box of "Authorization required".
Click "Review Permissions".
Select own account.
Click "Advanced" at "This app isn't verified".
Click "Go to ### project name ###(unsafe)"
Click "Allow" button.
Click "OK".
Copy the URL of Web Apps. It's like https://script.google.com/macros/s/###/exec.
When you modified the Google Apps Script, please redeploy as new version. By this, the modified script is reflected to Web Apps. Please be careful this.
4. Run the function using Web Apps.
When you use this, please modify your Javascript script as follows and test it.
From:
let id="1zD3eIL8LCTJ8F_8U3kWA6k5WPJNKr_UZ_93bnARlMxQ"
let str="https://docs.google.com/spreadsheets/d/"+id+"/export?format=tsv";
To:
let str = "https://script.google.com/macros/s/###/exec";
Note:
When you modified the script of Web Apps, please redeploy the Web Apps as new version. By this, the latest script is reflected to the Web Apps. Please be careful this.
In my environment, I could confirm that when above workaround is used, no error occurs and the data with the TSV format can be retrieved.
References:
Web Apps
Taking advantage of Web Apps with Google Apps Script
We have Dynamics CRM and a webform which is loaded from the ribbon, essentially inside an iframe.
How do we get the logged on user? On the top right, is my name and image as logged in via Active Directory. However, if I do something like:
var UserID = window.parent.Xrm.Page.context.getUserId();
or in C#:
UserPrincipal user = UserPrincipal.Current;
lblUser.Text = user.SamAccountName;
then we get the generic user that CRM is configured to use.
If I do a right click on the entire form and go "View Source", I can see this:
var USER_NAME = 'Rodney Ellis';
In Chrome's developer tools I can run this from the Console, and my name appears:
alert(USER_NAME);
But when I try to access it from javascript in the code it says it can't be found:
Uncaught ReferenceError: USER_NAME is not defined
How can I get the Username from inside the aspx webform, either by c# or js? Cross-side scripting being blocked has stopped a lot of the easy ways, hence why we're looking for a work-around.
The below code should give you what you want. Read more
Xrm.Page.context.getUserName();
But based on popup or inline embedded iframe, you have append in front.
window.parent.Xrm.Page.context.getUserName();
window.opener.Xrm.Page.context.getUserName();
In one of the all time great hacks ... we got around the problem by embedding another iFrame into a web resource!
So the web resource can call Xrm.Page.context.getUserName() and then concatenate that to the querystring which we then pass into an iFrame. because CRM thinks the iframe is just one control, it allows all the webform commands taking place inside of it and doesn't give any 500 errors.
This applies both to Android and iOS. My web page may be sometimes opened by an app (you go to the app, and click a link there which opens the page).
I want to know if the page was accessed through an app or if the user got to it, let's say, by typing the address on the browser.
If accessed through an app, I don't need to know which app it was.
The only thing I know of is document.referrer, but it seems to return "" when the page has been opened by the app. Unfortunately using "" as an indicator is not possible, as other ways of getting to the page may also show "" (for example typing the address). The history object does not seem to contain the info I'm looking for either.
I am using a Zendesk Help Center, so I only have access to the javascript of the page in order to detect this. I can't make changes on the server-side of my page.
Alternatively, I may be able to talk to the people in charge of the app so that they include something when the app opens the browser which would allow me to access that info on the browser, but I am not sure what that could be. Any ideas?
Thank you!
It seems to me like your best bet would be to have specific links for your site that will let you know that the link came from the app.
Like so: http://www.yoursite.com/?openedFromApp
You will use those links inside the app that will be directing users to your website.
That way, if you were using PHP as your server-side language you'd be able to check if the openedFromApp URL parameter was set like so:
<?php
if(isset($_GET['openedFromApp'])) {
echo "The website was opened by an app";
}
else { echo "The website was opened normally"; }
?>
If you want to check if the openedFromApp URL parameter is set using Javascript you'd have to create your own function for accessing URL parameters as Javascript does not have a built-in way of accessing them.
But this link could help you access the URL parameters with Javascript: https://stackoverflow.com/questions/...
I want to make a script to send my username and password to hotmail so I can be logged in without going through the login page. I don't want to use the "sign me in automatically" option for various reasons. I took a look at the source code to figure try to understand how Hotmail sends the credentials to the server for validation, but I cannot make heads from tails from the source code. Any help is appreciated.
I read a post here asking something very similar, but for different purpose--though the answer given is not what I'm looking for.
Using firefox I just create a bookmark called hm
in the "location" box paste in the code below,
when I load the hotmail page I just click on the bookmark.
javascript:%20document.getElementsByName('login').item(0).value='yourname#hotmail.co.uk';%20document.getElementsByName('passwd').item(0).value='yourpass';%20document.getElementsByName('SI').item(0).click();%20void(0);
Solution to automate this through a browser
Suggested by User574632. This is not the only solution, but it is an easier one.
I've come up with two solutions; one for use with Internet Explorer and the other for use with Firefox. Both solutions work with the browser to automate this task.
Solution 1--Internet Explorer and AutoIt
As it just so happens, AutoIt is very good at automating IE's functions. After reading a similar question on the AutoIt help forum here, I found most of what I needed. I just added support for command line parameters and voila. Here is the code written in AutoIt:
#include <IE.au3>
Opt("WinTitleMatchMode", 2)
$oIE = _IECreate ("http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1227208038&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D1521319951&id=64855")
_IELoadWait ($oIE)
$o_form = _IEFormGetObjByName ($oIE, "f1")
$o_login = _IEFormElementGetObjByName ($o_form, "login")
$o_password = _IEFormElementGetObjByName ($o_form, "passwd")
$o_signin = _IEFormElementGetObjByName ($o_form, "SI")
$username = $CmdLine[1] ; "YOUR_HOTMAIL_ADDRESS#hotmail.com"
$password = $CmdLine[2] ;"YOUR_PASSWORD"
_IEFormElementCheckBoxSelect ( $o_form, "remMe", "", 0)
_IEFormElementSetValue ($o_login, $username)
_IEFormElementSetValue ($o_password, $password)
_IEAction ($o_signin, "click")
WinSetState ( "Internet", "", #SW_MAXIMIZE )
Note that this was not written by me, I only modified it to accept command line parameters.
After compiling, usage is: Executable.exe "EmailAddress#hotmail.com" "Password"
Solution 2--Firefox and iMacros
Install iMacros here: https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox/
Open iMacros and create a marco
Insert the following script, replacing the email address and password with your own:
VERSION BUILD=8601111 RECORDER=FX
TAB T=1
URL GOTO=https://login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=12&ct=1391468097&rver=6.4.6456.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1&bk=1391468099&uaid=9d4d29da2c304ed581e61d3fc51be1eb
TAG POS=1 TYPE=DIV ATTR=ID:idDiv_PWD_UsernameExample
TAG POS=1 TYPE=INPUT:EMAIL FORM=NAME:f1 ATTR=ID:i0116 CONTENT=EMAILADDRESS#hotmail.com
SET !ENCRYPTION NO
TAG POS=1 TYPE=INPUT:PASSWORD FORM=NAME:f1 ATTR=ID:i0118 CONTENT=PASSWORD
TAG POS=1 TYPE=INPUT:SUBMIT FORM=NAME:f1 ATTR=ID:idSIButton9
Then name the macro as "HotmailLogin.iim"
All you need to do to use it is create a shortcut with command line parameters like this:
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" imacros://run/?m=HotmailLogon.iim
This is not possible without actually having your browser visit the hotmail.com login page, for various reasons:
You can not use PHP to do this, since PHP is fully serverside and logging in a server has absolutely no effect on you (the client). It would log itself in, not you.
You can also not use javascript to set any type of cookie / session for hotmail.com from a different domain (that is not hotmail.com) due to security preventions which make sure you can't set a cookie for domain A from a page on domain B.
Making a POST request from a different domain is also not allowed by the HTTP protocol, so no here as well. Your browser will block any POST request from a page at A.com trying to post to server B.com
Hotmail forces you to first go to their login page to get a special cookie with a session-ID. Only if this special session-ID is sent back with the POST request will hotmail allow the request to go through. So you still have to get the sessionID first.
So in short: no.