I'm trying to make a Bookmarklet to grab an id value from the Clipboard, and navigate to a URL that is built with that id.
javascript:(function(){
window.location="index.php?module=Accounts&action=DetailView&record="
+ clipboardData.getData('Text');
})()
(this is only supposed to work when clicked on a specific site that is expecting that URL form)
The basics of the Bookmarklet are working fine, the tricky part is getting the Clipboard value, because clipboardData is not working.
I am using Firefox v64 (although I would like this to be generic across more browsers, at least modern ones).
Now, upon searching about this issue I realize what I'm trying to do is not as simple as it seems - clipboard API's in browsers are a tricky issue. I found several answers about this, the best one seems to be this:
JavaScript get clipboard data on paste event (Cross browser)
I also tried this one but couldn't get it to work either: https://stackoverflow.com/a/27908501/1189711
My question here is: are any of those techniques applicable in a Bookmarklet? If so, I would appreciate some help with this. My skills in Javascript are too low to understand how to translate these answers to my case - namely the asynchronous stuff.
PS - if someone wants a place to test this, just put 84f1bb99-7017-e8dc-94f9-5c179da9f102 in your clipboard and try it on this demo site, credentials will/will.
Clipboard copy cannot works from scripts. It must comes from an user action.
Similary, in the same way, you can't call a fullscreen from a bookmarklet.
From the Firefox console:
document.execCommand(‘cut’/‘copy’) was denied because it was not
called from inside a short running user-generated event handler.
I try this method and it works:
SAME WINDOWS:
javascript:location.href='https://www.ricerca.com?search%27+escape(location.href)
NEW WINDOWS: (by https://9to5answer.com/window-location-href-and-window-open-methods-in-javascript)
window.open()
javascript:window.open("https://www.ricerca.com?search="+window.getSelection());
Related
I'm trying to set the value of a textarea on the following page by executing something similar the below javascript:
javascript:alert(document.getElementsByClassName('uiTextareaNoResize uiTextareaAutogrow _1rv DOMControl_placeholder')[0].value='blabla');
This works if I manually enter the code into the address bar on the target page, but I want to pass this argument through a link.. ie...
<a href="/nextpage.php?javascript:alert(document.getElementsByClassName('uiTextareaNoResize uiTextareaAutogrow _1rv DOMControl_placeholder')[0].value='blabla');"
Just wondered if anything like this is possible at all?
You can send the arguments via the url like you would for GET requests. Then have the receiving page parse location.search.
For instance, you can send it like this:
http://example.com/?arg1=foo&arg2=bar
And the receiving page have a script like this:
var queryString = location.search; //?arg1=foo&arg2=bar
You'll have to parse it manually though, removing the ?, split by & then each by =
This is called XSS or Cross-Site-Scripting, and as many comments have already pointed out, it is a security issue. This is why most major browsers do NOT allow it.
However, I believe that some browsers do allow it, for example Opera - although I can't recall exactly which version.
If you are looking to make your own "browser", I would recommend using C# .Net WebBrowser, then use the runtime package XULRunner (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/XULRunner).
Despite all this, I would not recommend doing anything that may be against laws of your current location, or doing anything to displease the site owner.
I'm doing a couple of things with jQuery in an MTurk HIT, and I'm guessing one of these is the culprit. I have no need to access the surrounding document from the iframe, so if I am, I'd like to know where that's happening and how to stop it!
Otherwise, MTurk may be doing something incorrect (they use the 5-character token & to separate URL arguments in the iframe URL, for example, so they DEFINITELY do incorrect things).
Here are the snippets that might be causing the problem. All of this is from within an iframe that's embedded in the MTurk HIT** (and related) page(s):
I'm embedding my JS in a $(window).load(). As I understand it, I need to use this instead of $(document).ready() because the latter won't wait for my iframe to load. Please correct me if I'm wrong.
I'm also running a RegExp.exec on window.location.href to extract the workerId.
I apologize in advance if this is a duplicate. Indeed - after writing this, SO seems to have a made a good guess at this: Debugging "unsafe javascript attempt to access frame with URL ... ". I'll answer this question if I figure it out before you do.
It'd be great to get a good high-level reference on where to learn about this kind of thing. It doesn't fit naturally into any topic that I know - maybe learn about cross-site scripting so I can avoid it?
** If you don't know, an MTurk HIT is the unit of work for folks doing tasks on MTurk. You can see what they look like pretty quick if you navigate to http://mturk.com and view a HIT.
I've traced the code to the following chunk run within jquery from the inject.js file:
try {
isHiddenIFrame = !isTopWindow && window.frameElement && window.frameElement.style.display === "none";
} catch(e) {}
I had a similar issue running jQuery in MechanicalTurk through Chrome.
The solution for me was to download the jQuery JS files I wanted, then upload them to the secure amazon S3 service.
Then, in my HIT, I called the .js files at their new home at https://s3.amazonaws.com.
Tips on how to make code 'secure' by chrome's standards are here:
http://developer.chrome.com/extensions/contentSecurityPolicy.html
This isn't a direct answer to your question, but our lab has been successful at circumventing (read hack) this problem by asking workers click on a button inside the iframe that opens a separate pop-up window. Within the pop-up window, you're free to use jQuery and any other standard JS resources you want without triggering any of AMT's security alarms. This method has the added benefit of allowing workers to view your task in a full-sized browser window instead of AMT's tiny embedded iframes.
I have just been altered to the fact that a user of my website is using a very old browser which does not run jquery (in this case Safari 1.x) and as a result can not access the login panel which uses jquery's slideToggle function.
Can anyone think of a fix which detects whether a browser is able to use jquery - and if not make that link go to a different page rather than showing the login panel?
You could a little conditional check like
if(!'jQuery' in window) {
// jQuery is not available
}
or, if Safari 1.x doesn't know about the IN operator (I'm not sure) use
if(!window.jQuery) {
}
I think there are alternative answers to this, but for me, I would have to weigh up the time it will take you to support his obsolete browser (I'm sure there may be other things inside the site), versus the payback to you...
In the plain HTML source code for the the href= of the login link, set that to a plain HTML login page.
Using jQuery, attach the click handler to the link, if this part fails, thats ok, the browser will just follow the href in the link to the plain login page, allowing your old-browser-user to login still.
$(document).ready(function(){
$('#login_link_id').click(function(){
// Your code here
});
});
If you use javascript/jQuery you should ALWAYS ensure your site works perfectly without it. In this case if you have a login popup box; you probably assign a click event assigned after the DOM has loaded.
What you should do is ensure that if jQuery isn't present the link loads a "normal" login webpage as opposed to the popupbox. I use something similar to this:
Log in
<script>
if(!'jQuery' in window) {
$(document).ready(function(){
//assign on click event to loginlink
});
}
</script>
If jQuery doesn't exist then login.html will be opened normally.
Wow, seriously?! Safari 1.x?? Anyhow, try this...
var isJQSupported = false;
$(function() { //shorthand for document.ready
isJQSupported = true;
//your usual code
});
if (!isJQSupported) {
window.location = "http://www.apple.com/safari/download/";
}
To me it sounds like safari 1.X has problems with jQuery internally. Which means simple checks like whether $ exists in the global space or whether $(function) does anything are not going to help.
The most likely root cause will be that javascript throws an error in loading of jQuery itself which will then stop the rest of your javascript code from execution.
There are four viable options here.
Either make the website work with noscript. Replace your login control with pure HTML and postbacks and ask the user to turn javascript off. This option is useful since you won't be fixing the issue for safari 1.x problems specifically.
You can make javascript check for safari 1.X and other non-supported browsers and only load jQuery through script tag injection or ajax if your user is using a supported browser. If the user is using a browser not compatible with jQuery then you can instead use plain javascript.
Get a copy of safari 1.x and see why jQuery breaks. Then fix it and ask for it to pulled into the release of jQuery 1.5. This relies on the fix being something that does can be done without hacking and that the jQuery team agrees is worth adding in.
Ask the user to use a compliant browser.
There might be some more options. I would personally lean towards asking the user to use a compliant browser because supporting Safari 1.x is ridiculous.
This seems like a case where progressive enhancement is needed.
You have to do multiple checks
see if $ exists
see if $.fn exists
[not sure if needed] check if $.support is a function
check for feature support as needed with $.support() http://api.jquery.com/jQuery.support/
At the end of the check, when jQuery reports that features you need are present - the rest of the script can run.
If you're not sure which features mentioned in the support you use, then this might need a single test on Safari 1.x to see what are the values returned by $.support(), but that is what your nasty old-browser-user can do for you (if you prepare code and publish) and report the resulting text. Then you compare the list with other [old] browsers that are accessible and determine features that are required.
The easy way would be to require everything and cancel all scripts if suport for any feature is missing. This will also rule out IE6 and IE7 and opera below 9.something and firefox below 2.0 or including - I'm not sure.
Use a server side language to detect if it's the old safari based on user-agent and load a different javascript file
Please, answer any-of the three-parts:
When I copy (simple text) from the Web into MS Office One-Note the program detects the url where I'm copying from: i.e.
The following example is a working script. Whenever it is running, it
will briefly display...
Pasted from http://www.autohotkey.com/docs/misc/Clipboard.htm
1) On my local machine:
Do you know the code to capture this "Pasted from" variable in AHK?
FYI: %clipboard% prints (returns) the text, but not the "Pasted from" info.
2a) How about basic Javascript to deal with the current clipboard contents?
What is the equivalent of the basic (ahk) %clipboard% var in Javascript? (i.e. Text only / Not the extra info)
2b) Can Javascript detect where Web content-currently in the clipboard-was (copy/) pasted from?
Thank You.
I'm pretty sure this is Meta-information added by the browser (Internet Explorer?), and detected by OneNote by some special format that the browser offers the clipboard cutting in.
Not sure this can be replicated in JavaScript, nor AutoHotkey.
Edit: I did some research, but couldn't find any hard information on how they do this. The only thing I found is a general overview on copying and pasting HTML from one of the OneNote developers.
If this is available from Chrome and Firefox as well, it might be worth investigating whether AutoHotkey can access the clipboard on a more detailed level, to fetch the right format with the annotation in it. The data must be somewhere in the clipboard in that case.
I'm thinking that the reason I can't do this is because it might be a huge security hole, but here goes...
I want to have a bookmark on my browser (FF3, preferably) that is only a snippet of javascript code. It would merely construct a URL based on the current date and then do a window.location = on that URL.
I know that I could make a page and keep it on my local machine and just refer to it that way, but I was just wondering if you could bypass that step and actually have the "location" of the bookmark really just be javascript. I could have sworn that this was possible years ago, but I can't find anything that tells me either way now.
What you want is a bookmarklet they are easy to create and should work in most major browsers.
Edit: Stack overflow seems not to allow creating bookmarklets in the context of the site, basically you can create a new bookmark and type the following in the location field
javascript:window.location='http://www.google.com/search?q='+Date()
to get a bookmarklet that searches google for the current date.
It is worthy of note that you can put that in a function wrapper as well. imranamajeed nicely illustrated that for us... but apparently I'm too new to the site to up his post. :P
so for clarity:
javascript:(function(){
location.href = location.href + "#";
})();
(the carriage returns did not affect performance in chrome and IE)
One minor catch. IE can only handle a 508 character URL in this format. If you save it in IE with a url longer than this, it will truncate without warning and thus fail.
If you need a really complex script, you'll need to use a "hosted" bookmarklet, where you have a short bookmark that injects a script tag into the page, to "call" your hosted bookmarklet.
It isn't as nice/portable, but its the only workaround.
Google Bookmark
javascript:(function(){var%20a=window,b=document,c=encodeURIComponent,d=a.open("http://www.google.com/bookmarks/mark?op=edit&output=popup&bkmk="+c(b.location)+"&title="+c(b.title),"bkmk_popup","left="+((a.screenX||a.screenLeft)+10)+",top="+((a.screenY||a.screenTop)+10)+",height=420px,width=550px,resizable=1,alwaysRaised=1");a.setTimeout(function(){d.focus()},300)})();
Well, I just created a bookmark in FF3, went back and updated it and added the following test:
javascript:alert('Wacky%20test%20yo');
Low and behold, after I saved and loaded, I was able to get my alert.
I'm sure you can work up something similar for your needs.