C# Windows Forms App - send request by opening html - javascript

I made a simple html testpage. If the page is opened (http://localhost/cut/public/updateFile) then I send a timestamp to my webserver, where the value is written into a file date.txt e.g.:
4/8/2017 # 14:50:19
I also wrote a C# Windows Forms App which makes a request to the webserver to get the value of this file (date.txt), every X seconds.
My goal is to show the current time in a notification box every X seconds by reading it from the file on the server (for practice only)
However, before I get the file content, I need to update it first of course to get the current date and time.
Is it possible to solve this with the rules defined above?
This is my attempt:
private void timerA_Tick(object sender, EventArgs e)
{
sendWebRequest("http://localhost/cut/public/updateFile");
timerA.Stop();
timerA2.Interval = 5000;
timerA2.Start();
}
private void timerA2_tick(object sender, EventArgs e)
{
//Returns the content of date.txt
string response = sendWebRequest("http://localhost/cut/public/fileApi?action=read&targetFile=date");
//Show Notification
notifyIcon1.Visible = true;
notifyIcon1.Icon = SystemIcons.Exclamation;
notifyIcon1.BalloonTipTitle = "File content";
notifyIcon1.BalloonTipText = response;
notifyIcon1.BalloonTipIcon = ToolTipIcon.Info;
notifyIcon1.ShowBalloonTip(10000);
timerA2.Stop();
timerA.Start();
}
/**
* Send request and get response as string
*/
public static string sendWebRequest(string URL)
{
WebRequest request = WebRequest.Create(URL);
WebResponse response = request.GetResponse();
StreamReader streamReader = new StreamReader(response.GetResponseStream());
return (string)streamReader.ReadToEnd();
}
However I always get 4/8/2017 # 14:50:19 it does not update as It should.
It obviously does not work this way, since WebRequest.Create does only gets the html file as it is and delivers it back to my C# Application, but it does not execute the javascript where I make the request to the server.
I only created this example above to ask if it is somehow possible to achive this at this way or if C# is not designed to solve problems like this?
My only idea is to create a hidden webbrowser in my Form1 and open http://localhost/cut/public/updateFile to start the update but I am not sure if this even works.
I created a webbrowser element and call the update URL like this:
webBrowser1.Navigate("http://localhost/cut/public/updateFile");
However, there are plenty of script error messages, which are found in the jquery file.
And my script won't work either because of the not working jquery.
So I guess it would work, but not with jquery, or I have to fix all errors in the jQuery file.
How to solve this problem?

You should open http://localhost/cut/public/updateFile from a real browser, which will execute the javascript on the page. Requesting this page from a windows form application with a WebRequest will just return the contents of the page, but will not process or execute the javascript on the page because it is not rendered or processed.

I solved it by adding a webbrowser element to my Form, and calling the URL inside of it like this:
webBrowser1.Navigate("http://localhost/cut/public/updateFile");
However, I had to rewrote my javascript to make it work without jQuery, since the C# Webbrowser appears to be an extremly old Internet Explorer with no support for nothing. There were plenty alerts pointing to script errors like the one below:
Now it works as expected. I hope someday somebody will come across with a much better solution than this though.
UPDATE
I was able to change the browser to the latest available by adding this line to my html head section:
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<!-- IE=edge instructs the WebBrowser control to use the latest version of IE it supports -->

Related

Injecting JS into Literal and firing after page load

I have an ASPx/C# page that on clicking Save it will post back to the server. If the content within the controls already exists in the data stores which are checked it is supposed to pop-up an alert. The previous programmer used:
<asp:Literal ID="litError" runat="server" />
with the code behind ultimately sending:
litError.Text = "<script type='javascript'>alert('An error occured while processing this request. If the error persists, please contact the help desk.');</script>";
This JS alert is not popping up in spite of the debug reporting everything correctly processing through. I have scoured the internet, including here, for several days trying to find a resolution. I have tried many variations to get this to fire.
I'm suspecting that the script cannot fire on the AJAX because it is just not there during the Load stage of the life cycle, but would like some verification.
The script is in the btnSave_OnClick method. Unfortunately, due to the nature of the web application I cannot show more of the code, but the script should fire on exception of an item existing in either the app DB or if the user exists in our AD system already.
I was able to resolve my issue by completely removing the use of the ASP Literal control. I believe my first attempts at using this didn't have a properly formatted string, but it is now correctly functioning with the below code implemented in the code behind:
StringBuilder sbError = new StringBuilder();
sbError.Append("<script language='javascript' type='text/javascript'>alert('" + strError + "');</script>");
ScriptManager.RegisterStartupScript(this, this.GetType(), "sbError", sbError.ToString(), false);
Thanks to Zaigham and James for trying to help. I believe the reason the Literal control method did not work was because there was a ScriptManager control on the page(s) that were attempting to use that method.
I am not exactly sure why the script in literal is not working, but you can try this instead.
Your script text
string script = "<script>alert('Your alert message goes here');</script>";
Then use the method RegisterClientScriptBlock (in the same event where you previously set the error text) to inject the script to the page during the postback.
Page.ClientScript.RegisterClientScriptBlock(typeof(YOUR_PAGE_TYPE), "alert", script);
When the page is loaded back, you should see the alert popped up.
what I understand is; you want to run client script from code behind in the button click event (based on a condition). The best way to achieve this is to use ScriptManger class. Example:
Protected void btnSave_OnClick()
{
ScriptManager.RegisterStartupScript(btnSave, btnSave.GetType(), "myscript",
"alert('Your alert message goes here');", true);
}

C#: .NET based webbrowser doesn't show image

I am new in C# language and I have been trying to automate a website using .NET based webbrowser for ONLY personal use in Visual Studio 2015.
I have done document parsing, used Timer, used DocumentCompleted event properly to wait for the webpage to load completely and then parse the content, tried to make async events to behave like sync events (in order to load HTML content generated by clicking a link in a fully loaded webpage), etc to go through the phases in webpage automation: login -> get trains between stations -> click the Book now link -> go to the next page and fill in the passenger details.
Everything works fine but I am now stuck at the last phase, i.e., "go to the next page and fill in the passenger details" has a captcha image that must be resolved to go to the payment page. Don't get me wrong because I am not trying to get this captcha resolved automatically. The problem here is that I do not see the captch image which turned to be loaded only when this javascript call is invoked $(document).ready.
I thought my project has some buggy code which is stopping to load the captcha and therefore, I created a very basic new project, only added below code and navigated through different phases myself to see if the captcha really loads but unfortunately it would not load.
namespace TestWebBrowser
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
webBrowser1.Navigate("https://www.irctc.co.in/eticketing/loginHome.jsf");
}
private void webBrowser1_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e)
{
}
}
}
Please see below. The highlighted part is where I am expecting a captcha.
I must tell you that I am not a web designer and therefore I only understand very basic of how websites work.
I went through several questions on this forum and nothing helped me.
Internet explorer is also using .NET browser from behind but while using IE, I can see the captcha is getting loaded. So, why is this javascript call $(document).ready is not getting invoked in .NET browser. Please see below:
I have later tried to use CefSharp in a fresh new project and I can see the captcha is getting loaded in its chromium based webbrowser. But I have done so much coding with .NET based webbrowser already and therefore I want to stick to the latter at this moment in order to get this resolved.
Is this happening because .NET webbrowser is using some very old IE version configurations?
Please help me to understand.
UPDATE 1: Adding the javascript
<script type="text/javascript">
$(document).ready(function(){
var isJsBlocked=0;
if (typeof(nlpLoadCaptchaAsync) == 'function'){
nlpLoadCaptchaAsync();
}else{
isJsBlocked=1;
}
setTimeout(function(){
var isNLPCaptcha = document.getElementById('nlpIdentifier');
if(isNLPCaptcha == null || isNLPCaptcha=='' ) {
var nlptrack = new Image();
nlptrack.src="http://irctclive.nlpcaptcha.in/temp_redirect_count/irctc_timeout.php?ref=f2c5d744485b0b4251461454db791111&isJsBlocked="+isJsBlocked+"&dynamicParameter="+Date.now();
nlpCaptchaTimeOut(true);
}
}, 5000 );
});
</script>
The answer shared here: Use latest version of Internet Explorer in the webbrowser control solved my issue.
I basically had to change the version of IE version used by my webbrowser control.
Thanks to Matthias herrmann

How to start two or more custom URL Protocol from Javascript

I have an old html page that creates a script file and executes it using:
fsoObject = new ActiveXObject("Scripting.FileSystemObject")
wshObject = new ActiveXObject("WScript.Shell")
I am trying to modify it and make it usable also from other browsers. If you know the answer stop reading and please answer. If there is no quick answer, here is the description of my attempts. I was successful in doing the job, but only when the script is shorter than 2000 characters. I need help for scripts longer than 2000 characters.
The webpage is for internal use only, so it is easy for me to create a custom URL protocol on each computer that runs a VBScript file from a network drive.
I created my custom URL Protocol that starts a VBScript file like this:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\MyUrlProtocol]
"URL Protocol"=""
#="Url:MyUrlProtocol"
"UseOriginalUrlEncoding"=dword:00000001
[HKEY_CLASSES_ROOT\MyUrlProtocol\DefaultIcon]
#="C:\\Windows\\System32\\WScript.exe"
[HKEY_CLASSES_ROOT\MyUrlProtocol\shell]
[HKEY_CLASSES_ROOT\MyUrlProtocol\shell\open]
[HKEY_CLASSES_ROOT\MyUrlProtocol\shell\open\command]
#="C:\\Windows\\System32\\WScript.exe \"X:\\MyUrlProtocol.vbs\" \"%1\""
In MyUrlProtocol.vbs I have this:
MsgBox "The length of the link is " & Len(WScript.Arguments(0)) & " characters"
MsgBox "The content of the link is: " & WScript.Arguments(0)
When I click on click me I see two messages, so everything works well (tested with Chrome and IE in Windows 7.)
It works also when I execute document.getElementById("test").click()
I thought this could be the solution: I would pass the text of the script to the VBS static script, which would create the dynamic script and run it, but with this system I can't pass more than ~2000 characters.
So I tried to split the text of the script in chunks smaller than 2000 characters and simulate several clicks on the link, but only the first one works.
So I tried with xmlhttp.open("GET","MyUrlProtocol:test",false);, but Chrome says Cross origin requests are only supported for HTTP.
Is it possible to pass more than 2000 characters to a VBScript script via a custom URL protocol?
If not, is it possible to call several custom URL protocols in sequence?
If not, is there another way to create a script file and run it from Javascript?
EDIT 1
I found a solution, but in Chrome only works when it likes, so I'm back to square one.
The code below in IE executes the script 4 times (correct), but in Chrome only the first execution runs.
If I change it to delay += 2000, then Chrome usually runs the script 2 times, but sometimes 1 and sometimes 3 or even 4 times.
If I change it to delay += 10000, then it usually runs the script 4 times, but sometimes misses one.
The function is always executed 4 times, both in Chrome and IE. What is weird is that the sr.click() sometimes does nothing and the function execution continues.
<HTML>
<HEAD>
<script>
var delay;
function runScript(text) {
setTimeout(function(){runScript2(text)}, delay);
delay += 100;
}
function runScript2(text) {
var sr = document.getElementById('scriptRunner');
sr.href='intelliclad:'+text;
sr.click();
}
function test(){
delay = 0;
runScript("uno");
runScript("due");
runScript("tre");
runScript("quattro");
}
</script>
</HEAD>
<BODY>
<input type="button" value="Run test" onclick="test()">
scriptRunner
</BODY>
</HMTL>
EDIT 2
I tried with Luke's suggestion of setting the next timeout from inside the call back but nothing changed (IE works always, Chrome whenever it likes).
Here is the new code:
var scripts;
var delay = 2000;
function runScript() {
var sr = document.getElementById('scriptRunner');
sr.href = 'intelliclad:' + scripts.shift();
sr.click();
if(scripts.length)
setTimeout(function() {runScript()}, delay);
}
function test(){
scripts = ["uno", "due", "tre", "quattro"];
runScript();
}
Some background: The page asks for the shape of a panel, which can be just a few parameters [nfaces=1, shape1='square', width1=100] or hundreds of parameters for panels with many faces, many slots, many fasteners, etc. After asking for all the parameters a script for our internal 3D CAD (which can be larger than 20KB) is generated and the CAD is started and asked to execute the script.
I would like to do all on the client side, because the page is served by a Domino web server, which can't even dream of managing such a complex script.
I didn't read your whole post...have an answer:
I too wish that custom url protocols can handle long urls. They simply do not. IE is even worse as some OSs only accept 800 chars.
So, here's the solution:
For long urls, only pass a single use token. The vbscript uses the token
and does a url get to your web server to get all of the data.
This is the only way I've been able to successfully pass lots of data around. If you ever find a clearer solution, please remember to post it here.
Update:
Note that this is the best way I have found to deal with the url protocol limitations. I too wish this was not necessary. This does work and works well.
You mentioned Dominos, so possibly you need something in a POS environment... I create a web based POS system, so we could face a lot of the same issues.
Suppose you want a custom url to print a pdf to the default printer without the annoying popup window. We need to do this thousands of times a day...
When building the web page, add the print button which when pressed calls the custom url: myproto://printpdf?id=12345&tocken=onetimetoken
this will execute your vbscript on the local desktop
in your vbscript, parse the arguments and react. In this case, your command is printpdf and the id is 123456 and you have a onetime tocken key.
have the vb script to an https get to: https://mydomain.com/APIs/printpdf.whatever?id=12345&key=onetimetoken
check the credentials based on the ip address and token, if all aligns, then return the contents of the pdf (you may want to convert the pdf to a byte array string)
now the vbscript has the pdf, assemble it and write it to a temp folder then execute a silent pdf print command (I use Sumatra PDF http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html)
mission accomplished.
Since I do know what you what to do in your custom url and the general workflow, I can only describe how I've solved the sort url issue.
Using this technique, the possibilities are limitless. You have full control over the local computer running the web browser, you have a onetime use token which grants access to a web API with can return any sort of information you program.
You could write a custom url protocol to turn on the pizza oven if you wanted :)
If you are not able to create the server side code which is listening for vbscript's get request then this would not work.
You might be able to pass the data from the browser to the vbscript using the clipboard.
Update 2:
Since in this case the data is on the client (one single form can define hundreds of parameters), the server API doesn't know what to answer to the vb script request. So the workflow described above must be preceded by these two steps:
The onkeypress event executes a submit to send the current parameters to the server
The server replies with the refreshed form, adding to the body onload a call to a function which uses another submit to call the custom url, as described on point 1 listed above.
Update 3:
stenci, what you've added (in Update 2) will work. I would do it like this:
user presses a button saying I'm done editing the form
ajax post the form to the server
the server saves the data and attaches unique key to the datastore
the server returns the key to ajax callback function
now the client has a single use key and invokes the url schema passing the key
vbscript does an https get to the server and passes the key
server returns the data to the vbscript
It is a bit long winded. Once coded it will work like a charm.
The only other alternative I can see is to copy the form data to the clipboard using something like: http://zeroclipboard.org/
and then in vbscript see if you can read the clipboard like: Use clipboard from VBScript
How about creating an iFrame for each instance?
Something like this:
function runScript(text) {
var iframe = document.createElement('iframe');
iframe.src = 'intelliclad:'+text;
document.body.appendChild(iframe);
}
function test(){
runScript("uno");
runScript("due");
runScript("tre");
runScript("quattro");
}
You can then use css styling to make these iframes transparent / hidden.
You might not like this answer, but I've used this method in the past and it works.
Instead of relying on ActiveX, consider using a Java Applet, and JNI.
Basically, you have to make sure the native scripts you want to run are available on your client machine, along with a JNI wrapper.
The applet will have to be at least self signed, for the browser to allow it to load and access a native library. Once the JNI libraries are loaded, you can easily call methods from the page / applet.
As a consequence of using Java, you could possibly use the same applet for windows as well as linux clients, provided of course you have native libraries present on the respective clients.
This series of articles talks about precisely your problem : http://www.javaworld.com/article/2076775/java-security/escape-the-sandbox--access-native-methods-from-an-applet.html
P.S the article is really old, but the concept remains unchanged.

IE detects XSS when invoking a method in GWT class using window.opener

I have a GWT application that opens a second browser window. I would like my second window to be able to call a method within the entry point of the first window.
The code sample below works in production (web) mode, but when I try running it in hosted mode, IE detects XSS and overwrites the page with a single "#" to protect against the detected attack. I'm guessing this is because my GWT code server is running on localhost while the application I'm testing is deployed on a virtual machine.
Update: It appears that IE XSS Filtering is sporadic. Sometimes I'm able to get the page to load. But awhile later it starts filtering again.
public class MainWindow implements EntryPoint {
...
#Override
public void onModuleLoad() {
registerJSNIFunctions(this);
}
private native void registerJSNIFunctions(MainWindow mw) /*-{
$wnd.sayHi = function (name) {
mw.#MainWindow::sayHi(Ljava/lang/String;)(name);
}
}-*/;
public void sayHi(String name) {
alert("Hi " + name); // not valid, but you get the point
}
...
}
public class SecondWindow implements EntryPoint {
...
#Override
public void onModuleLoad() {
...
sayHi("kylos");
}
public static native void sayHi(String name) /*-{
$wnd.opener.window.$wnd.sayHi(name);
}-*/;
}
Any ideas on how I could get this to work in hosted mode? Or is there a better way to do cross-window communication with GWT?
Your question is quite interesting, see other´s opinion but I have done something similar using OAuth.
So, if the idea at the end is call from one Window to other some method I´d something like:
....
#Maybe if you use window instead of top works as well
$wnd.opener.top.location.replace(url);
$wnd.close();
....
....
And in the other browser wait for the new request, parse the url, and call "locally" to sayHi. Is this approach valid to you?
If you want further details about the Windows properties you can see W3Schools page
But basically:
$wnd.opener #returns Returns a reference to the window that created the window.
top #returns the topmost browser window
So the issue seems to be sporadic. I'm not sure how exactly the filter gets triggered, but when it does, the rewritten page gets cached by IE so future requests are guaranteed to fail until the browser cache is emptied.
I also found this Microsoft document that describes a custom header, X-XSS-Protection, that can be used to disable the filter. Obviously, this should only be used on a dev system in hosted mode.
To disable the filter, add the following header to your server configuration:
X-XSS-Protection: 0

Display custom ASP.NET error page without rewriting URL

Currently working on error pages for my website in ASP.NET. I'm using a web configuration file to redirect the user to an error page if the server was unable to find the requested page. Below is the customErrors tag I used in my configuration file:
<customErrors mode="On" defaultRedirect="~/ErrorPages/Error.aspx">
<error statusCode="404" redirect="~/ErrorPages/Error.aspx"/>
</customErrors>
It's currently working but my problem is that I don't want the user to see my error page in the URL as displayed below:
/MySite/ErrorPages/Error.aspx?aspxerrorpath=/MySite/ImaginaryPage.aspx
I'm expecting something like what google has:
Google Error Page
Is there a way to do this without Javascript?
This article might help you out and here is a snippet from it:
http://blog.dmbcllc.com/aspnet-application_error-detecting-404s/
void Application_Error(object sender, EventArgs e)
{
Exception ex = Server.GetLastError();
if (ex is HttpException)
{
if (((HttpException)(ex)).GetHttpCode() == 404)
Server.Transfer("~/Error404.aspx");
}
}
Really the key part of this is if you want to maintain the same URL as what was requested, then Response.Redirect is NOT what you want as it goes back to the client to issue a second request thus changing the URL. You want to remain on the server so the appropriate call would be Server.Transfer. This particular event handler goes into your Global.asax.cs file and the method will get raised up for any 404s that are associated within the context of your application.
Unfortunately, it will skip past your customErrors configuration section and rely on a more programmatic approach however the code is fairly simple from a maintenance standpoint.
you can just add: redirectMode="ResponseRewrite"
like this
<customErrors defaultRedirect="Error404.aspx" mode="RemoteOnly"
redirectMode="ResponseRewrite" >
<error statusCode="404" redirect="Error404.aspx" />
</customErrors>

Categories