Access denied in ActiveX after moving the javascripts in MVC - javascript

I have successfully implemented the Smart Card Reader in my project using the HTML and everything is perfectly 100% working but when i transfer all files to my MVC project and run (localhost) I am unable to execute the Initialize function of the Card Reader. Saying that "Access is denied"
In HTML (all functions are working without access denied error)
In MVC
My object
<OBJECT id="EIDAWebComponent" style="border:solid 1px gray"
CLASSID="CLSID:A4B3BB86-4A99-3BAE-B211-DB93E8BA008B"
width="130" height="154"></OBJECT>
Update:
I created a new ASP.Net Web Application (Empty Template) then i copy the whole js and html file. Then set the HTML page as start page. The problem might be in my localhost. When i browse my file in IE using this link C:\Public Data ActiveX\PublicDataActiveX.html the activex is working. But this link http://localhost:28679/PublicDataActiveX.html its not.

The problem might be simply to enable HTTPS in order to have ActiveX to work.
if your stack makes this hard, you can have a proxy on top, like nginx:
http://cnedelcu.blogspot.com.co/2014/10/https-with-nginx-setting-up-ssl.html

You just shared a small portion of code and some pics so it is hard to help this way, but below some tips that you may have to consider:
When you say, it is working in pure html, what does that mean exactly? how do you browse it, double click in an html file and open in the browser as a local file with a path similar to "C:\Folder\File.hml"?
Or do yow browse it with a domain, maybe "localhost/file.html"?
When you say, move to an MVC project, what do you mean? did you put it on a View or you just moved the html and browsed it?
All the questions above are important in order to find where your problem is
If you can browse the .html file in both situations from file system and running your MVC project then the problem is in the MVC itself and it is a coding stuff.
If you cannot browse the same .html exactly the same in file system and running your app, then the problem is not code, it is permissions, Maybe CORS restrictions (by domain), maybe ssl (you said not), maybe you need a key (like google api)

After doing a lot of searching I've found this link
Changing the security settings in IE my ActiveX is now working in localhost.
Open IE >> Tools >> Internet Options >> Security >> Custom Level >>(Enable) Initialize and script ActiveX controls not marked as safe for scripting

Related

how get list of files in a folder using javascript

I am working on project for desktop application. I am using Qt controls with visual c++.
I am loading an html file in the QWebView as,
m_pWebView->load(QUrl("../../../demo/index_Splash_Screen.html"));
Now, what i want is, say, I have some .zip files in my location "c:\demo", I want list (or array of file names) of the files present in that directory.
How can i do this through javascript ?
PS: I went through this link, but it didnt match my requirement. I have not worked with of html, javascript and jquery. Please help me.
I'm afraid you cannot access local files or directories using javascript due to security issues.
Edit: I hadn't thought about the file api so thought for a moment this might not be true, but without some user input to give permission, this still cannot be done.
This question has a good response from PhilNicholas:
I'm afraid I may be the bearer of bad news for your design: The action
you are requesting expressly violates the security model as specified
in the File API spec. The client implementation of FileReader() must
make sure that "all files that are being read by FileReader objects
have first been selected by the user." (W3C File API , 13. Security
Considerations: http://www.w3.org/TR/FileAPI/#security-discussion).
It would be a huge security risk of browser scripts could just
arbitrarily open and read any file from a path without any user
interaction. No browser manufacturer would allow unfettered access to
the entire file system like that.
Thinking about it however, if it is all being run locally, you could use ajax to query a server side script that could return the directory you request.
If it is a Windows application then you could access the local filesystem by using ActiveX objects. You might have a look at this link Reading a txt file from Javascript
Note that activeX usage is possible only when using IE as browser/engine; I used to need it a while ago for developing an HTML application (.hta files).

How do you open a file folder through a link on website in Firefox and Chrome?

I'm working on a web application that needs to have a link which opens a documents folder from a file server. The folder can be opened either in a new browser tab or new window, or using the computer's default file browser program (i.e. Windows Explorer). This javascript should do the trick:
window.open('file://///fileserver.companyname/public/Documents/','_blank);
and this html should also work:
Open Documents
but these both only work in Internet Explorer, and our users always use Firefox and Chrome. Apparently the default security settings for Firefox and Chrome don't let you open a "file://" when the request is called from an "http://" website.
I've seen several references to this page: Links to local pages do not work which describes why you can't open files from webpages using Firefox and offers a few workarounds. Unfortunately, it only offers two options: install a plug-in on each browser instance, or create a user preferences file for each browser instance. Neither of these options are acceptable because we have too many users. The company I work for is not willing to apply anything to each machine which needs to access this link. Aside from that, I tried both plug-ins and the preferences file anyway, and the only one that worked for me was the IE Tab plug-in. I think the reason LocalLinks didn't work is because I'm trying to open a folder, not a file.
This stackoverflow question described similar options for Chrome: Can Google Chrome open local links? but again, the LocalLinks plug-in didn't work for me and plug-ins aren't acceptable anyway.
I also found a website that suggested to use a command line argument top open files in Chrome (http://www.askyb.com/chrome/open-local-file-in-google-chrome/) and one that showed how to apply the argument automatically (https://askubuntu.com/questions/160245/making-google-chrome-option-allow-file-access-from-files-permanent), but if I read it correctly it still involves applying changes to every computer accessing our website.
Is there any way to open a file folder in both Firefox and Chrome entirely programmatically i.e. within my web application C# or Javascript code without installing a plug-in or adding a preferences file to individual computers? I cannot alter any of these business requirements.
Sidenote: We are using C# with MVC 4. I would prefer to open the folder using a Controller Action in C# (because I'd like to create the folder before opening it if it doesn't exist yet), but javascript or html on the client side is acceptable. For Internet Explorer, I can create that javascript in the C# code by wrapping it in the JavaScript( ... ) function built into MVC C# Controllers. When testing IE Tabs in Firefox and Chrome, I had to define it as an href link, not a function that opens a window, or IE Tabs wouldn't recognize it as a link. But neither of these were acceptable workarounds for our business needs.
The request was dropped before I could come up with a feasible solution, but in case anyone else is still struggling with this problem I will describe workaround that would not require any workstation customization.
They don't technically need to use the built-in file explorer to open a folder. Instead, a creative way to display the information the business wanted without breaking any browser security rules would be to iterate though the files without opening the file explorer and then display a list of folders/files in a browser window.
Using Directory.EnumerateDirectories(filepath) and Directory.EnumerateFiles(filepath) you can get a list of folders and files to display. When the user clicks one of the folders, call these methods again to get the next level of folders and filenames. When the user clicks a file, download/open it. These methods return the folder and file names as lists of strings, so you would just need to render the lists with custom icons in the browser. (The methods are from C#'s System.IO library.)
here is the simple html code:
<input type="file" webkitdirectory>
but the problem with this code is that it works only on google!

Run javascript from swf on DVD?

I have a project I am doing that requires delivery on a DVD and through the web. I have been using Flash to drive a menu system and javascript to load pages or other actions on the web. However, when I move it to a DVD I receive a Security Error 2060 - the swf is unable to
communicate with the html page it is loaded onto and so none of the javascript is parsed. I am using ExternalInterface calls and jquery on the html page.
Searching online I have made sure that Flash when publishing "Allow local files only" and on the html page I'm using swfobject with a param field of allowscriptaccess of "always" - looking at the generated code on pages it shows that the allowscriptaccess is there.
Is there some security setting that I can program in that will give my Flash application the ability to function the same from a DVD as it would from the web and communicate with Javascript? If I need to compile two different swfs that would be okay.
I suspect you are having a local sandbox problem. Have you gone through the information at http://www.adobe.com/devnet/flashplayer/security.html?
If you can do PC-only, then investigate Server2Go. This is a standalone WAMP stack that works well from a CD/DVD. Your page will then run in the internet zone, and you should not run into the same security problems.

Double-Click HTML files and JQuery

I noticed that when I open HTML file locally by double clicking on it, it will not "run" the same as if I had it on a web server and opened it by HTTP GET request.
I need to have a local HTML file a user can open by double clicking on it. This HTML file has several JQuery load calls such as this:
$("#content").load("http://somepage.com/index.html");
I want to update several divs with content from remote sites.
This works fine If I have this file on a web server but not if I double click it under windows explorer... How can I "make" the file "run" as it would on a web server?
I think you pretty much cannot. This has to do with domain-access restrictions, which are there to avoid cross site scripting and the likes.
The files on your hard drive are especially limited - think what the life could be if they were allowed to treat your whole hard-drive as a single domain.
If you want things to work properly you need to be running a server. XAMPP is a pretty good bet as it's easy to install and set up.
Any non-AJAX javascript will work fine as is though, as long as the paths to include any css or js are relative.
You can't do this locally. You have to have it hosted somewhere for this to work. It's done this way for the sake of security.
What are you trying to do that you "need" to have this?

Looking for doc on why IE "yellow bar" shows when opening a HTML file that contains JavaScript

I have a site, from which you can download an HTML file. This HTML file contains a form with hidden fields, which is right away posted back to the site using JavaScript. This is a way of allowing users to download to their own machine data that they edit on the site.
On some machines, you get an IE "yellow bar" when trying to open the file you saved. The "yellow bar" in IE is warning that the HTML is trying to run an Active X (which it is not, there is only JavaScript doing a submit() on a form). However if you receive the exact same HTML file by email, save it, and open it, you don't have this problem. (It looks like IE is putting some more constraint on what can be done in a HTML file you saved from web site.)
My question is: where can I find documentation on this IE security mechanism, and possibly how can I get around it?
Alex
The yellow bar is because your page is executing in the Local Machine security zone in IE. On different machines, the Local Machine security zone might be configured in different ways, so you can see the yellow bar on some machines and not see it on other machines.
To learn more about the IE's URL Security Zones, you can start reading here: http://msdn.microsoft.com/en-us/library/ms537183.aspx
Look here for details on the MOTW - Mark Of The Web
If you add this to your locally served pages, IE will not show the yellow bar.
http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx
I am not usre about any specific documnet, but if you open the properties for the file in windows explorer on the general tab is the file blocked? if so click unblock and try again and see if you gte the same issue. This is typical security for files downloaded fom the internet.
Other than that i am afraid i dont know what else to suggest.
I don't 100% follow what your JavaScript is submitting to, but if you're submitting back to the original site from the downloaded copy you'll have a problem using JavaScript as all browsers treat cross-domain JavaScript as a security violation.
JavaScript isn't allowed to read or write to any site not on the current domain
As Franci had said it is becaue you are in the local machine security context and this allows scripts to create objects and execute code that could do harm to your PC. For example you can create a File System Object and perform tasks that an untrusted page shouldn't perform generally because it could be malicious in nature.
Have you tried changing the file name from yourname.html to yourname.hta to see if the security problem goes away?
More on HTML Applications (.HTA files): http://msdn.microsoft.com/en-us/library/ms536496%28VS.85%29.aspx

Categories