I am sending an email from my SAP System to gmail. The body is html and javascript based content. Now, the requirement is to create a new url window onclick of a button or a link inside the email which will open a web page in a popup window.
So, when i am testing it within SAP, it is working correctly but when i am testing it within the gmail application, it is calling the URL in a new Tab(Full Page).
As it is just an informational window, i want to keep it as small as possible.
Here is my code for the email content
<!DOCTYPE html>
<html>
<body>
<script type="text/javascript">function target_popup(form){
window.open("","formpopup","width=3000,height=40,resizable,scrollbars");
form.target="formpopup";}
</script>
<form action="https://testapp.html" onsubmit="target_popup(this)">
<input type="submit" value="Go to Google" />
</form>
</body>
</html>
All email clients have (and must have) a strict policy against running any Javascript found in emails.
This is a strong security requirement, you will not get around it. Which is good. You can only place Javascript on the target site, not in the email.
Related
I have an HTML page that contains a button says "Open Popup". Once this button is clicked, a popup window opens (using window.open).
The new popup window is an HTML page that contains a simple input filed and a submit button. Once the submit button is clicked, the popup window should close, and the text that's just been typed in the input field should now be displayed in the parent window.
I've tried doing it using opener.document.getElementById. It works perfectly in Firefox, but not in Chrome.
This is the code of my parent page (parent.html):
<!DOCTYPE html>
<html>
<body>
<button type="button" onclick="openPopup()">Open Popup</button>
<p id="result"></p>
<script type="text/javascript">
function openPopup() {
var popupWindow = window.open('popup.html', '', 'width=300, height=200');
}
</script>
</body>
</html>
And this is the code of my popup (popup.html):
<!DOCTYPE html>
<html>
<body>
<input type="text" id="userText" placeholder="Please enter some text">
<button type="button" onclick="submitText()">Submit!</button>
<script type="text/javascript">
function submitText() {
opener.document.getElementById('result').innerHTML = 'The text you\'ve entered is: ' + document.getElementById('userText').value;
self.close();
}
</script>
</body>
</html>
Note: Both parent and popup files are located in my desktop.
As mention, it works in Firefox, but not in Chrome. When I click the "Submit!" button in Chrome, nothing happens, and the following error shows up in the console:
Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.
I spent hours trying to find help online, but I still can't make Chrome pass data from popup window to parent page (which both are, as mentioned, located in my desktop, i.e. in the same directory).
Thanks in advance.
What you are encountering is a security feature of Chrome that is applying a web security standard called CORS (Cross-Origin Request Specification). It's meant to prevent one website from accessing another (because this is a common technique to try and trick people into giving up personal information), unless both the pages originate from the same domain. For example, http://domainA.com shouldn't be able to communicate with http://domainB.com by default. In situations were this is a legitimate need, server configuration is required to allow it.
Because you are running your tests from your desktop (without a web server) no domain information is present and Chrome thinks you are making a Cross-Origin Request.
If you run your files from a web server (over http or https), it will work.
There are many free web servers available for you to set up on your local machine and many development tools incorporate their own web servers. For example, VS code and Visual Studio are both free and have web servers included.
I have a page with iframe, to simplify this case lets assume that it looks like this:
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<iframe src="http://example.com"></iframe>
</body>
</html>
Assume that the page is on the Internet and you enter it. It loads http://example.com inside the iframe.
I want to change this so that you couldn't see the http://example.com because you can open this adress only using my page not just putting http://example.com in second tab of webbrowser.
I see http://example.com in page source (right click -> page source)
I also see in the network in developer tools that the browser makes request to http://example.com. So I just can copy this address and open it in new webbrowser tab.
What should I do to make it impossible for you to know the address: http://example.com
The only way I can think of is if you screen scrape the page in your code and serve up the html yourself. So it would look like this:
Someone makes a request to your page
Before you serve the page in your back end code you grab the html on
example.com
Serve up the html that comes out of the back end request
This may not be formatted properly though because you are missing css or lose functionality because you are missing js but you just need to make sure you include that stuff.
An IFrame is client-side.
This means for the browser to render the IFrame, it must be visible to the client web-browser.
The only way to hide it is for you to develop a web proxy.
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<iframe src="grab_secret_site.php"></iframe>
</body>
</html>
Here, the code within grab_secret_site.php would make an HTTP request to http://example.com to grab the HTML. An example here. However, bear in mind that any resources won't load unless you rewrite them.
e.g.
<img src=icon.jpg />
Will point to icon.jpg on your site, not on example.com.
If you don't want the page to be loaded without the parent frame, you could create a session variable (e.g. PHP session) in the outer page, which is then checked within the IFrame. If it doesn't exist, redirect the user back to the outer page.
There is a header - X-Frame-Options that allows you to block opening page in iframe, but in this way I think It's impossible.
I'm trying to send invoke email when button is clicked and its working fine but extra window is getting opened during the process and i'm unable to close it even though I have tried close method. I have tried in IE 10 and IE 11 and its not working.
Below is the code
<html>
<head>
<script type='text/javascript'>
function sendMail(){
var wi = window.open('mailto:someone#example.com?subject=' + encodeURIComponent(document.getElementById("metric").value));
wi.close();
}
</script>
</head>
<body>
<h4>Send e-mail to committee with below subject:</h4>
<form action="javascript:sendMail()" method="post" enctype="text/plain">
<select id="metric">
<option value="test1">test1</option>
<option value="test2">test2</option>
</select>
<br><br>
<input type="submit" value="Send">
<p></p>
</form>
</body>
</html>
I'm going to go ahead and say this isn't how you'd go about it.
A mailto: link opens the user's default email client. If you remove the attempt to close the window in your script, you'll see this happen. But to do anything useful, you'd have to fill out the mail along with sender etc.
So the user will need to trigger the actual send in their email client.
What you would typically do is send the request to the server, and have the server use the SMTP service (pretty much all of them have it now) to put together and send the email out. It's simple to do, how exactly it works depends on what server you are going to be hosting your solution on.
To my knowledge there is no pure javascript/server-less way to do this. If you think about it, this makes sense; what would prevent somebody from putting a script in a webpage that sends out a thousand emails based on something you collected from the webpage?
I'd like to open an email automatically with To & subject, when the html page loads. I need to use only mailto functionality. Can someone help me how to do this?
Redirect the user to a mailto link. This can be done with basic JavaScript:
location.href = "mailto:you#example.com?subject=Test+Message";
Just take into consideration the fact that:
A lot of people use online email these days (GMail, hotmail, etc) - not me personally, but... other people.
If the user has a desktop email program, you'll be forcing an unexpected window open on them.
It's even worse if the user has a desktop email program, but has never set it up - as would be the case of most of the people in point 1. The window would open and then the whole "email setup" process would start.
Just be careful.
try something like this
<html>
<head>
<script type="text/javascript">
function mymessage()
{
location.href = "mailto:you#example.com?subject=Hello";
}
</script>
</head>
<body onload="mymessage()">
</body>
</html>
I saw some guy had a file (I guess a batch file). On clicking of the batch file he was able to log in to multiple sites. (Perhaps it was done using VB.)
I looked for such a script on Google but didn't find anything useful.
I know a bit of C++ and UNIX (also some HTML and JavaScript). I don't know if it can be done on a windows machine using these languages, but even if it could be done I think it would be difficult compared to VB or C## or some other high level languages.
I learned how to open multiple sites using basic windows batch commands enclosed in a batch file like:
start http://www.gmail.com
start http://stackoverflow.com
But still I can't figure out how actually clicking on the batch file would help me to log in to the sites without even typing the username and password.
Do I need to start learning Visual Basic, .NET, or windows batch programming to do this?
One more thing: can I also use it to log in to remote desktops?
From the term "automatic login" I suppose security (password protection) is not of key importance here.
The guidelines for solution could be to use a JavaScript bookmark (idea borrowed form a nice game published on M&M's DK site).
The idea is to create a javascript file and store it locally. It should do the login data entering depending on current site address. Just an example using jQuery:
// dont forget to include jQuery code
// preferably with .noConflict() in order not to break the site scripts
if (window.location.indexOf("mail.google.com") > -1) {
// Lets login to Gmail
jQuery("#Email").val("youremail#gmail.com");
jQuery("#Passwd").val("superSecretPassowrd");
jQuery("#gaia_loginform").submit();
}
Now save this as say login.js
Then create a bookmark (in any browser) with this (as an) url:
javascript:document.write("<script type='text/javascript' src='file:///path/to/login.js'></script>");
Now when you go to Gmail and click this bookmark you will get automatically logged in by your script.
Multiply the code blocks in your script, to add more sites in the similar manner. You could even combine it with window.open(...) functionality to open more sites, but that may get the script inclusion more complicated.
Note: This only illustrates an idea and needs lots of further work, it's not a complete solution.
The code below does just that. The below is a working example to log into a game. I made a similar file to log in into Yahoo and a kurzweilai.net forum.
Just copy the login form from any webpage's source code. Add value= "your user name" and value = "your password". Normally the -input- elements in the source code do not have the value attribute, and sometime, you will see something like that: value=""
Save the file as a html on a local machine double click it, or make a bat/cmd file to launch and close them as required.
<!doctype html>
<!-- saved from url=(0014)about:internet -->
<html>
<title>Ikariam Autologin</title>
</head>
<body>
<form id="loginForm" name="loginForm" method="post" action="http://s666.en.ikariam.com/index.php?action=loginAvatar&function=login">
<select name="uni_url" id="logServer" class="validate[required]">
<option class="" value="s666.en.ikariam.com" fbUrl="" cookieName="" >
Test_en
</option>
</select>
<input id="loginName" name="name" type="text" value="PlayersName" class="" />
<input id="loginPassword" name="password" type="password" value="examplepassword" class="" />
<input type="hidden" id="loginKid" name="kid" value=""/>
</form>
<script>document.loginForm.submit();</script>
</body></html>
Note that -script- is just -script-. I found there is no need to specify that is is JavaScript. It works anyway. I also found out that a bare-bones version that contains just two input filds: userName and password also work. But I left a hidded input field etc. just in case. Yahoo mail has a lot of hidden fields. Some are to do with password encryption, and it counts login attempts.
Security warnings and other staff, like Mark of the Web to make it work smoothly in IE are explained here:
http://happy-snail.webs.com/autologinintogames.htm
I used #qwertyjones's answer to automate logging into Oracle Agile with a public password.
I saved the login page as index.html, edited all the href= and action= fields to have the full URL to the Agile server.
The key <form> line needed to change from
<form autocomplete="off" name="MainForm" method="POST"
action="j_security_check"
onsubmit="return false;" target="_top">
to
<form autocomplete="off" name="MainForm" method="POST"
action="http://my.company.com:7001/Agile/default/j_security_check"
onsubmit="return false;" target="_top">
I also added this snippet to the end of the <body>
<script>
function checkCookiesEnabled(){ return true; }
document.MainForm.j_username.value = "joeuser";
document.MainForm.j_password.value = "abcdef";
submitLoginForm();
</script>
I had to disable the cookie check by redefining the function that did the check, because I was hosting this from XAMPP and I didn't want to deal with it. The submitLoginForm() call was inspired by inspecting the keyPressEvent() function.
You can use Autohotkey, download it from: http://ahkscript.org/download/
After the installation, if you want to open Gmail website when you press Alt+g, you can do something like this:
!g::
Run www.gmail.com
return
Further reference: Hotkeys (Mouse, Joystick and Keyboard Shortcuts)
Well, its true that we can use Vb Script for what you intended to do.
We can open an application through the code like Internet Explorer. We can navigate to site you intend for. Later we can check the element names of Text Boxes which require username and password; can set then and then Login. It works fine all of using code.
No manual interaction with the website. And eventually you will end up signing in by just double clicking the file.
To get you started :
Set objIE = CreateObject("InternetExplorer.Application")
Call objIE.Navigate("https://gmail.com")
This will open an instance of internet explore and navigate to gmail.
Rest you can learn and apply.