I am aware that there have been multiple questions with respect to this issue. However, I have not yet found a satistactory answer.
I have built a medical app using a whole lot of JavaScript. It runs on both android and iOS. This app determines which protocol to use under certain conditions for a particular patient.
The doctor can send these considerations and an indication of the protocol to use to himself and to some other institution that needs to use it. I use mailto for that.
Since there are however a lot of protocols, just a protocol name can lead to errors. So, we would like to send the relevant protocol in pdf file-format as an attachment with the email.
So far, I have not yet been able to do that. However, I see that that there are a lot of apps that allow you to send documents (or pictures) as email attachments, using the available email client on the mobile device (and also through whatsapp and other comms methods).
Does anybody have any ideas please?
Apart from this, another thing mailto does not allow is formatted text. It would be very nice if I would have a possibility for that too.
You can use MFMailComposeViewController for iOS. Check out this link.
In Android you could use the Java Mail API. A good tutorial is posted here.
You can add an attachement like this:
public void setAttachment(String file, String name) throws MessagingException {
content.removeBodyPart(attachment);
DataSource source = new FileDataSource(file);
attachment.setDataHandler(new DataHandler(source));
attachment.setFileName(name);
content.addBodyPart(attachment);
}
where content is a membervariable of type MimeMultipart and attachement of MimeBodypart
Related
First of all, being a student, I lack some experience to understand everything about what I tried and what I try. But still, I feel like I've tried pretty much every solution available on the net.
I'm developing a Yeoman based Outlook add-in (full javascript with Node.js) for my company, and I came to the point where I need to get the attachments from a mail, not just the informations like size, file type or name of the attachments, I need the full content, in base64 if possible (in order to produce a .eml file containing the mail body and attached files).
I've found multiple ways to do so, problem is none of them work :
first I tried with the messy microsoft documentation, and the first solution that I found is this one : https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/get-attachments-of-an-outlook-item, problem is that with this solution I need to make use of c#, but my add-in is full js, and I need to find a solution that works with JS and Node.js
then I looked for a solution that allows me to communicate a way or another with the Exchange Server to get the attachments content, and I found this : https://github.com/gautamsi/ews-javascript-api, but this was not working with browser oriented add-in (and I need my add-in to work on both client and browsers), so I made use of this : https://github.com/gautamsi/ews-js-api-browser. I found some code samples in the first link and here : Save outlook Email attachment using ews-javascript-api npm in node JS that helped me build something (using the second link's example's syntax on the third link's sample code) that was supposed to work, but coming to the point where I'm trying to get the attachments from the mail, I get a lot of informations from the attachment, but anything related to it's content is null, and the next step where I "Load" the file returns an error 500 from the "service" with "the document is empty", and I still don't know why yet.
finally, I tried to take a step back, looking on google for office api and how to get attachment content, and I've found this link : https://blog.mastykarz.nl/office-365-unified-api-mail/ that almost looked to good to be true, and I was right : according to microsoft doc, I need a token in order to make work the office 365 api url, token given by Azure AD when an administrator authorizes you to obtain it (or so do I think, this is the part where the microsoft doc is the messier). Problem is, while connecting on Azure AD, I get an error displaying on the screen from the website (absolutely no details about the error), and some places that I need to access in order to get my token just wont work, displaying another error message without any details or just never loading.
I've reduced as much as possible the size of my question, not wanting to drown you under informations, sample codes, links and pics so, sorry if it may look both too long and too poor in details.
Thank you for your time, feel free to give any solution, suggestion or advice that come to your mind !
doing the same thing, solution I found:
Get exchangeToken in client (Office.context.mailbox.getCallbackTokenAsync())
Send token, attachmentsIds, emailID to server (C# in my case, nodejs in your case)
Use EWS Managed API 2.0 or in your case ews-javascript-api to handle loading email mimecontent (contains email + attachments) or attachment mimecontent.
Upload file to another service or do whatever you want with it.
Before I switched to C# for serverside I was using a nodejs one for testing, so if you have questions feel free to ask.
I'd like to present an idea to you that I think might help the privacy of the average user. I would appreciate any comment or suggestion on this.
I've been struggling for quite some time now with the need for a simple tool that I could share and use with my contacts who are only average users and not familiar at all with any cryptographic technology or the current tools available.
I'm planning to create a solution where one can easily encrypt a text message or a file with a single password and send it in email or chat or through whatever channel to somebody else. The solution should be entirely platform independent and usable without the need to install any extra softwares.
There are some text encryption websites out there that run client side encryption from JavaScript entirely. I find this approach currently the only possible solution. Also, there are libs for JS that already implement encryption:
http://crypto.stanford.edu/sjcl/
http://code.google.com/p/crypto-js/
Though the mentioned approaches store the message on their server, requiring you and your contact to trust it entirely. Because the server might present a different JS code to the user when visiting it after he gets the message by steeling the password and so revealing the secret.
While many think that it's not a good idea to do anything regarding cryptographic tasks in JS, I believe there is a need for a tool that is really platform independent (can be used on any tablet or PC) and still incredibly easy to use. The idea behind this is that I believe something is better than nothing. Sending information in plain text in email for decades with our current technology is wrong in most cases. There are times when we do need to share sensitive info via email and the other side might have any kind of system.
I intend to avoid the use of public key cryptography for the following reasons:
- it is very complicated to setup including the signing of each others' keys
- complicated to use it
- the user can loose his keys
- most of the time it needs and external software to be used and installed too
- a single password can be easily shared personally one time with my contact and he or she can keep it written on a paper wherever
The solution I came up with could be the following:
First of all, the browser and the operating system under it should be considered trusted.
There would be a static index.html page with embedded JavaScript. The page shows a textarea for the message and a textbox for the password. When hitting enter, the JS code generates a URL that itself will contain the encrypted message in base64 encoding. After digging I figured that 2000 bytes can be used for URLs just fine in every cases, so 1600 or 800 characters could be enough for short messages. This still needs planning.
So the encrypted message would travel with the URL. The website serving the index.html would of course use SSL with a valid certificate. While it seems an easy taks, of course it is not. The JS implementation should be carefully created to avoid easy attacks on it.
(URL shortener services could be used for it too).
Also, the question stands: How can I make sure that my contact can be certain about the origin of my message?
Well, the other side has to check if the domain is correct. Beside this, the implementation must avoid the rest of the attacks. If the URL gets changed during the travel of the email, then maximum the other side won't be able to decode the message with the password. That's what I believe. That it can be implemented this way.
About the file sharing. The solution should have a possibility to browse for a file, then encrypt it, then put it out for download to the user. This is just for him to be able to create the encrypted form of the file without the need for external tools. Then he could upload it to the cloud of his choice wherever (Google drive, Skydrive etc) and use that link in the URL of the JS solution to send it to his contact.
So if another link travels with the link, then the file from the remote host gets downloaded, decrypted and sent for download. All in his browser. If it's an encrypted message in base64 form, then it gets printed on the page after decryption (by the user providing his password of course).
Pros compared to other solutions:
- no need to implement a storage because no message nor file will be stored on the server, so the big players' services could be used
- therefore no need to reimplement the wheel regarding the storage question
- no need to trust a 3rd party because the server could easily be ours because it would be extremely easy to set up and serve it
- easy with even a free provider to host the static index.html
- because of its simplicity, the server can be hardened much better
- easy to encrypt with it in practice
- if one needs it, he could use the index.html by clicking on it from his desktop too, but that's not part of the original idea
My questions to you all are:
Do you find any flaw in my theory above? Could this really serve the average people by providing a usable tool for them that is more than nothing in times when they do need to send sensitive info to others?
Or does anything like that exist yet? Are there any better approaches? Different technology maybe?
Thank You.
I am using ajax in my website and in order to use the ajax, I habe to write the name of the file for example:
id = "123";
$.getJSON(jquerygetevent.php?id=" + id, function(json)
{
//do something
});
how can I protect the url? I dont want people to see it and use it...
that is a limitation of using client side scripts. there is no real way to obfuscate it from the user there are many ways to make it less readable (minify etc) but in the end an end-user can still view the code
Hi Ron and welcome to the internet. The internet was (to quote Wikipedia on the subject)
The origins of the Internet reach back to research of the 1960s, commissioned by the United States government in collaboration with private commercial interests to build robust, fault-tolerant, and distributed computer networks. The funding of a new U.S. backbone by the National Science Foundation in the 1980s, as well as private funding for other commercial backbones, led to worldwide participation in the development of new networking technologies, and the merger of many networks. The commercialization of what was by the 1990s an international network resulted in its popularization and incorporation into virtually every aspect of modern human life.
Because of these origins, and because of the way that the protocols surrounding HTTP resource identification (like for URLs) there's not really any way to prevent this. Had the internet been developed as a commercial venture initially (think AOL) then they might have been able to get away with preventing the browser from showing the new URL to the user.
So long as people can "view source" they can see the URLs in the page that you're referring them to visit. The best you can do is to obfuscate the links using javascript, but at best that's merely an annoyance. What can be decoded for the user can be decoded for a bot.
Welcome to the internet, may your stay be a long one!
I think the underlying issue is why you want to hide the URL. As everyone has noted, there is no way to solve the actual resolved URL. Once it is triggered, FireBug gives you everything you need to know.
However, is the purpose to prevent a user from re-using the URL? Perhaps you can generate one-time, session-relative URLs that can only be used in the given HTTP Session. If you cut/paste this URL to someone else, they would be unable to use it. You could also set it to expire if they tried to Refresh. This is done all the time.
Is the purpose to prevent the user from hacking your URL by providing a different query parameter? Well, you should be handling that on the server side anyways, checking if the user is authorized. Even before activating the link, the user can use a tool like FireBug to edit your client side code as much as they want. I've done this several times to live sites when they're not functioning the way I want :)
UPDATE: A HORRIBLE hack would be to drop an invisible Java Applet on the page. They can also trigger requests and interact with Javascript. Any logic could be included in the Applet code, which would be invisible to the user. This, however, introduces additional browser compatibility issues, etc, but can be done. I'm not sure if this would show up in Firebug. A user could still monitor outgoing traffic, but it might be less obvious. It would be better to make your server side more robust.
Why not put some form of security on your php script instead, check a session variable or something like that?
EDIT is response to comment:
I think you've maybe got the cart before the horse somehow. URLs are by nature public addresses for resources. If the resource shouldn't be publicly consumable except in specific instances (i.e. from within your page) then it's a question of defining and implementing security for the resource. In your case, if you only want the resource called once, then why not place a single use access key into the calling page? Then the resource will only be delivered when the page is refreshed. I'm unsure as to why you'd want to do this though, does the resource expose sensitive information? Is it perhaps very heavy on the server to run the script? And if the resource should only be used to render the page once, rather than update it once it's rendered, would it perhaps be better to implement it serverside?
you can protect (hide) anything on client, just encrypt/encode it into complicated format to real human
I'm trying to find any javascript code that helps me to shorten an URL (amd decode it after as well). I can't use any existing service because I'm working on an emailing software that doesn't allow external connections.
I will really appreciate your help.
Many thanks.
AAC
No.
URL shortening works by generating a random id, and linking it to the real URL in a database. When someone visits a URL containing the id, a database lookup is performed and then they are redirected.
It isn't a compressed version.
Not possible, as David stated.
Also Javascript is disabled in most email clients due to this type of method to track users. You could always try creating your own server side application, but like you said if there are no external connections allowed from the email, then you are out of luck.
ok... im looking to have a good round of brainstorming here...
say i was google... the adword/adsense/analytics division. i would be getting a little worried about the future, when users start to disable cookies (or at least delete them on a regular basis), use private browsing, roam on multiple devices. how could google alternatively track users without the benefits of cookies?
some ideas to get started (please elaborate on these and any others):
-track users using some other persistent local/client side storage
-use user-agent string fingerprinting
-test cache response - if user 304's an image, they were here
-track mac address
-any random/out of the box ideas?
Take a look at http://samy.pl/evercookie/, it's a JS API for ultra-persistent cookies, but you can take idea(s) from it's mechanism to find storage for your data.
I think you could do it using custom urls. You would basically ecrypt a cookie and attach it as part of the URL you send to the browser. When it returns, your web server would be smart enough to decode it and track whoever sent it.
I believe the Spring framework can do this in fact.
If your site requires user tracking, then I would have it fail to work if cookies are disabled. Then focus your time and effort on making it a fantastic site for the vast majority of your visitors, and don't worry about the ones who, for whatever reason, have made the explicit decision to disable cookies.
(Made this a CW answer because this is a subjective question that's likely to be closed.)
Information about browser/system/display through js and IP of cause;
Java Applet provide a lot of info about user;
Flash also (e.g. installed fonts);
Modern browsers also provide a lot of information about users (e.g. installed extensions) and provide new ways to save information on client-side (e.g. html5 storage).
altogether: http://panopticlick.eff.org/
you can always resort back to good ol way, the HIT COUNTER.
on page, use tag and link to external image on your server
on your server, when image is fetched, redirect it to php script through .htaccess and record header info about device id etc. {similar code as disabling the hotlinking of image}
Now you have all info, use php_session() to keep a track of it
you can always use js for the same purpose, but using tag will ensure that js is not required and the script will run on all browsers