Why is the following example not working? Additionally, I would like to hide window of cmd.exe in createEmptyFile() function. The browsers should probably not block this code :
<!doctype html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Default Page Title</title>
</head>
<body>
<script type="text/javascript" language="javascript">
function pingItjs(ipAddress) {
var oShell = new ActiveXObject("wscript.shell");
oShell.Run("cmd.exe /k ping" + ipAddress);
}
function createEmptyFile() {
var oShell = new ActiveXObject("wscript.shell");
oShell.Run("cmd.exe /c cd %tmp% && echo hello > EmptyFile");
}
</script>
<script language="VBScript">
function pingIt(ipAddress)
set WshShell = CreateObject("WScript.Shell")
WshShell.Run("cmd.exe /k ping " & ipAddress)
end function
</script>
ping
<div onclick="call pingIt('216.58.215.78')">ping</div>
ping
</body>
</html>
ActiveX
The MDN reference states:
Note: Creating an ActiveXObject on a remote server is not supported in Internet Explorer 9 standards mode, Internet Explorer 10 standards mode, Internet Explorer 11 standards mode, and Windows Store apps or later.
So, unless the script is being run in your local machine, the code will not run. It appears that this can be stretched somewhat in the case of intranets, where the MDN says:
Important: ActiveX objects may present security issues. To use the ActiveXObject, you may need to adjust security settings in Internet Explorer for the relevant security zone. For example, for the local intranet zone, you typically need to change a custom setting to "Initialize and script ActiveX controls not marked as safe for scripting."
VBScript
VBScript is a proprietary Microsoft language and as such only works in IE. See this Answer. This link (from the Answer just referenced) states that VBScript has been deprecated in IE 11 and will not work in IE 11 in Edge mode.
Possibly, this may help you make VBScript work in IE 11 even in Edge compatibility mode,
<meta http-equiv="x-ua-compatible" content="IE=10">
Related
The following code shows an <iframe sandbox... pointing to a page that opens a test websocket with a message on successful open. It works correctly on Chrome and Edge printing the It worked! message immediately.
On Firefox it fails with Uncaught DOMException: The operation is insecure. and no further reasoning.
<!DOCTYPE html>
<html lang="en">
<body>
<iframe
sandbox="allow-scripts"
src="https://firefox-wss-example.tiiny.site/"></iframe>
</body>
</html>
The linked websocket page source code is simply as follows:
<!DOCTYPE html>
<html lang="en">
<body>
<script>
const ws = new WebSocket('wss://demo.piesocket.com/v3/channel_1?notify_self');
ws.addEventListener('open', () => {
console.log('It worked!');
});
</script>
</body>
</html>
I have tried a mixture of wss:// and ws://, as well as permissive CORS headers, but none of my attempts fix the issue on Firefox despite having an appropriate setup. I am starting to think this is a Firefox 97 bug but am unsure of how to verify.
Why does this snippet work on most browsers but fails on Firefox?
I've been through this before, spend weeks on investigations, what I found is: Firefox runs sandboxed JavaScript under the blob:// protocol, and you're only allowed to upgrade to WebSocket from http:// and https:// connections. blob:// isn't either.
Although it's not very clear in their documentation, you may take a look into the websocket upgrade implementation as well as in this issue about CSP inheritance to understand it better, but it's basically the way Firefox have chosen to implement Sandboxing.
We never found a workaround for this, the only way was to drop the Sandboxing, or drop Firefox support for this specific feature.
On the other hand, Chromium based browsers saves the script file locally (I cannot say with 100% of confidence if it is stored in a temporary directory or virtual file system), and still uses the http:// protocol to access them, this way you can upgrade to ws:// or wss://. Those browsers may also inherit CSP, since they keeps the opener instance.
Edit: This problem is not tied to an specific Firefox version, it has been implemented this way for a long time. I has been 5 or 6 releases from the time I went into this problem, it still this way, and will probably stay this way, it's not considered a bug and it's not close to a highly requested feature.
The CHM viewer on Windows 10 does not allow me to use the 'window' object in JavaScript, although on Windows 7 it works perfectly with the same version of Internet Explorer.
To reproduce this problem:
Copy this code into a file 'index.htm'
<!DOCTYPE html>
<html>
<body>
<script>
document.write("Inner width: " + window.innerWidth + "<br>");
try
{
window.addEventListener('scroll', function(e)
{
document.write("Scroll<br>");
} );
document.write("All right.<br>");
}
catch (ex)
{
document.write("Exception: " + ex.message + "<br>");
}
</script>
</body>
</html>
Then copy this code into a file 'Test.hhp'
[OPTIONS]
Binary Index=No
Compatibility=1.0
Compiled file=Test.chm
Default Window=>MainHelp
Default topic=index.htm
Display compile progress=Yes
Language=0x409 Englisch (USA)
Title=Testing
[WINDOWS]
>MainHelp="Testing",,,"index.htm",,,,,,0x40000,,0x0,[50,50,900,750],,,,,,,0
Copy both files into the same directory and compile them with the Html Help Workshop.
On Windows 7 it works as expected:
On Windows 10 it works in Internet Explorer, but not in the CHM file:
There seems to be a security restriction in Windows 10 which is not in Windows 7.
Is there any registry key or any Internet Explorer setting which I can modify to give the CHM viewer the permission to access the 'window' object ?
Edit: After reading the answer from Dai I found why it worked on Windows 7 and not on Windows 10. It has nothing to do with the Windows version. The reason is that on my Windows 7 another software already had set the registry key
[HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION]
hh.exe = 9000
I could reproduce this behavior on my German Windows10 PC.
Add the following statement to the <head> section of the index.htm file.
This works for me even if the HTML topic file is compiled into a .chm help file.
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE11"/>
e.g.:
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE11"/>
</head>
is resulting in following help viewer window:
Edit: A comprehensive answer related to x-ua-compatible was given on SO for following question:
What does <meta http-equiv="X-UA-Compatible" content="IE=edge"> do?
Quoted from Microsoft docs Use Enterprise Mode to improve compatibility:
If you don't have IE11 installed anymore, you can download it from the Internet Explorer 11 download page. Also, if you use an earlier version of Internet Explorer, upgrade to IE11. Windows 7, Windows 8, and Windows 10 support IE11 so that you can continue using legacy apps even as you migrate to Windows 10 and Microsoft Edge.
I'm using WebStorm (8.0.4) in a Mac (Mavericks last version). I'm trying to debug this simple loop for script:
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<title></title>
</head>
<body>
<script type="text/javascript">
for(var i=0;i<10; i++)
{
console.log('hola!');
}
</script>
</body>
</html>
I am using Chrome with JB Extension with this configuration:
Host: 127.0.0.1 Port: 63342
In the settings of the Project, in Javascript, Debugger I have this configuration:
Built-in server port: 63342
The code STOP in the breakpoint (in the loop for), but after one second, I have a message that says:
Disconnected (browser disconnected)
and I lost the debug mode...
I'm very lost and I don't know what happens... any help please?
Regards
I had the same problem. Debugging stopped after 1 second
Two things I changed:
Downloaded the latest version of WebStorm (8.05)
Before the debug opened the configuration and looked at all pages and save it.
After this, it just worked again.
The issue is caused by Chrome update.
Chrome API changes in versions 37+ have made it incompatible with WebStorm debugger. WEB-12418 is fixed in WebStorm 8.0.5 and WebStorm 9 EAP.
I'd like to explain what does "Javascript not working" mean, but the only thing I can do is tell that the code is never executing, and don't know how to debug.
Let's start: I'm developing a Phonegap application - in that sense, I don't have a console object to check on.
This is my index.html file:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="format-detection" content="telephone=no" />
<!-- WARNING: for iOS 7, remove the width=device-width and height=device-height attributes. See https://issues.apache.org/jira/browse/CB-4323 -->
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width, height=device-height, target-densitydpi=device-dpi" />
<title>1001Carros</title>
</head>
<body>
<script type="text/javascript" src="phonegap.js"></script>
<script type="text/javascript" src="js/index.js"></script>
<script type="text/javascript">
app.initialize();
</script>
adaptandose a dispositivo ...
</body>
</html>
And this is my javascript:
var app = {
// Application Constructor
initialize: function() {
switch(device.platform) {
case "iPhone":
location.href = "index-iphone.html"; break;
case "Android":
case "BlackBerry":
case "BlackBerry WebWorks":
location.href = "index-android.html"; break;
default:
location.href = "index-android.html";
}
}
};
My intention is: when the document is loaded, initialize() is called. Such method would verify the platform and redirect to the appropiate screen.
When I run my app in the emulator (which finally appends ?enableripple=cordova to my url), I get that "phonegap.js" does not exist. If that's the problem, it seems easy to explain why I'm not being redirected.
However, when I compile the application via local tools (i.e. phonegap run android) such file seems to be created in the assets directory (in android platform).
Question: How can I debug this issue? I'm using the emulator and, alternatively, a Samsung Galaxy Tab 3. I would like to debug the device and see if the problem is with the file (as it is shown in the emulator/ripple) or is it elsewhere.
It'd be great if someone with more experience could help me if they had a similar problem since it's my first phonegap application.
To answer your question about debugging, since your devices most likely don't have a console, you'll have to use alerts. I like to use alerts to test if a function is firing, if the appropriate data is being stored/passed, etc.
As for why your javascript is not working, I'm not positive but I think it has to do with you using "app". I believe that is reserved for native phonegap things, as seen in "navigator.app.exit()". I would suggest you rename the variable and try that.
I don't understand your question clearly. But i see your code has issue. In phonegap, all API device(provided by phonegap) must be call when event deviceready fired:
document.addEventListener('deviceready', function(){
// Code here
}, false);
In phonegap, support many tools to debug app now: phonegap debug, weinre is power
You can use console.log('...'), it support any device, see log in your IDE: Xcode, Eclipse,..
There are plenty of ways to debug your phonegap code on android:
logcat
Weinre: http://people.apache.org/~pmuellr/weinre/docs/latest/Home.html
Chrome Remote Debugging (only Android 4.4+): https://developer.chrome.com/devtools/docs/remote-debugging
..
So I have a variable in my iframe like so:
<script>
var zipphone = "<?= $phone ?>";
</script>
Now I want to pass that variable to the parent frame after the iframe is loaded. What is the simplest way to do that?
If the pages are both on the same domain, you could call a function of the parent window:
window.parent.zipPhoneCallback(zipphone);
In the parent window, you could define a function like this:
function zipPhoneCallback(zipphone) {
((console&&console.log)||alert)("zipphone = " + zipphone);
}
Beware there seems to be a Chrome browser issue with addressing variables from webpages to or from IFRAMES. This issue appears in offline testing.
That aside, assuming your browser actually implements basic functions of Javascript, you address your variable from your main webpage using window.myiframename.zipphone
<IFRAME NAME="myiframename" SRC="myzipphoneiframefile.htm" ....
<script type="text/javascript">
<!--
// then whatever you do with your variable
// read it
var z = window.myiframename.zipphone;
// write to it
window.myiframename.zipphone = "....";
and so on.
Example.
DOC1.HTM contents -
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>DOC1.HTM</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor=pink>
<h1>DOC1.HTM</h1>
<iframe name="iframename" src="doc2.htm"></iframe>
<p>
<br />
check variable
</p>
</body>
</html>
DOC2.HTM contents -
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>DOC2.HTM</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor=red>
<script type="text/javascript">
var test_var="testing, testing . . .";
</script>
<h1>DOC2.HTM</h1>
</body>
</html>
That works beautifully even with older versions of Internet Explorer but try it when offline testing with Chrome and window.iframename.test_var appears to be undefined because of the Chrome issue.
Anyway, look out for future versions of Chrome fixing this because it is a lot of egg on Google's face while they haven't.
I have a work-around for this issue in Chrome offline testing.
Thanks to Lucy24 on WebmasterWorld for helping. http://www.webmasterworld.com/google_chrome/4689258.htm#msg4689342
This issue with Chrome arose when my javascript was being tested off line and files doc1.htm and doc2.htm are in the same folder on my PC.
Moving the doc1.htm & doc2.htm files to a folder where I test my server side php programs, which runs using Windows Internet Services Manager means I can address the files using h t t p : / / l o c a l h o s t addresses and bingo, Chrome behaves as it should have behaved in offline mode.
It is not "legitimate" in my opinion for Chrome's javascript not to be able to directly address files in the same offline folder.
There's absolutely no security issue when you are running your own javascript files on your own PC. Or if Chrome wanted to offer a security setting that allowed or disallowed offline IFRAME variable scoping then OK, that would be fine.
The error message is not at all clear I submit and Lucy24 did well to figure out what it meant.
If Internet Explorer and Firefox etc allow you to test your javascript offline then why not Chrome?
So well done Lucy24. Not so well done Chrome.