So I'm looking for a work-around the whole blocking off opening local files from the browser. What I'm thinking is, I could have some script that, when it is activated, it initiates a set of keys that activate a shortcut that opens up the specific local file with that shortcut assigned.
I may be crazy, but is this possible?
Unfortunately, I don't think this is possible on the browser-side of things, which is what I'm assuming you're talking about?
The short answer is that browser shortcuts cannot be triggered through JavaScript.
You could try to directly navigate to the file in JavaScript by navigating to a file://..../ path, though I'm almost certain that this is not permitted as it would be a huge security flaw in the browser.
Related
I want to make the Right-Click don't work in my website or give a error that says: Protected Content! The reason I want to do this is because I don't want others to see my Source Code. I know that you can make the Right-Click to not work but I am not pretty sure about F12. If there is no way to make the F12 key to not work is there any way to hide the Source Code form others? I saw a similar website today. If you right click on this website you get this:
F12 works in this website but the Source Code is hidden anyway. How can I archive similar results? Thanks for your time :)
Answering the question overly honesty:
First you must avoid publishing the site on the Internet. Make it available only on your private machine(s) you have total control of. Make sure there are no USB ports exposed to users etc. Also, no internet access of any kind. They may just download some hacker tools this way. If you do not need text input, even better, keyboard can be used to type in some hacker tools as a source code and this way steal your precious sources.
Next make a custom build of a browser. You may want to use tools like Electron instead of generic browsers this way you will end with app that runs only your website and has no developers tools nor address bar nor anything other that may be used to gain access to your precious source.
Install Linux, create new user account with minimal privileges (no write access anywhere) and let it use X without any window manager. Only your electron app with your precious website and no menus that could be used to access some hacker tools like text editor that may reveal your precious source code. Also, configure the account to have complex random password so that users do not start another session in text mode and see your source code.
Remember that hackers may use means like timing attacks, side channels or other hacky means of stealing your code. To prevent that cover walls of the room you store your computer in with a metal grid to make a Faraday cage. Check all people entering and deny them bringing any electronic devices with them. Same for analog photo cameras or paper notebooks. Better safe than sorry: they may reconstruct your site source code based on how it looks like.
Or just accept the hard truth nobody cares about your website source code. There is plenty of places you may copy paste your code from and your website is not the most interesting one. And if you do that to prevent hackers, you have to write secure code (and test/audit it), not to hide it.
Short answer: Browsers, which render your website, are a client-side technology, and there is no way you can control who is going to see or not see your source code.
Long(er) answer:
Browsers download your website, together with it's source code the website onto users computer. Which means they can manipulate it however they see fit. There are some scripts that can ban right click or other types of interactions, but if you try to stop developers from inspecting code (and if they are ispecting, it's a good bet they are developers) they will find a way even if you block f12 or right click. You can always download website, use crawler, open in notepad, etc. etc.
You may want to investigate minifying and/or uglyfying HTML code, but it's no cryptography - again, if someone wants, they will find a way to undo that.
Also, I'm curious, why would you want to do that?
You can do this using window events but still there are ways to read your code.
For example fetching js without execution or disabling js in browser for a moment.
window.addEventListener('keydown', e => {
if (e.key === 'F12') // detect f12
e.preventDefault()
})
window.addEventListener('contextmenu', e => e.preventDefault())
Is there a way to use Javascript within a browser environment to detect global keystrokes and mouse movements (i.e. all keystrokes and clicks within and outside the browser)? I understand this might involve browser plugins, but would like advice on specific pieces of technology I can look into.
No, this is not possible and that's a damn good thing. We don't need random websites to act as keyloggers.
Any browser plugin allowing a website to do that would actually be malware or at least open a gaping security hole and thus end up on the plugin blacklists of browser vendors really soon.
I am making an html/javascript browser homepage, that could be downloaded to any computer - you simply run the *.html file from your computer and it opens in your default browser; in it you have a compact homepage, with several options - you can make a bookmark list, write notes etc. You can leave it opened as it is just a separate tab.
I'm wondering whether it's possible to use javascript in order to open, for example, windows media player or make it possible for the user to set a default music player. Or even close the previously opened program? Could this be done?
I think it would be best if the user could just set the default programs. Getting the file location is not the problem, is anything else needed?
You can't do this unless you write a browser extension (plugin), for example.
Most web browsers put a lot of work into sandboxing JavaScript so any malicious users can't compromise the system the client's browser is running on, although older browsers are as watertight as sieves. Modern browsers are a lot better, but there are/may be some holes somewhere. All this security means that JavaScript can't (isn't supposed to be able to) access any part of the client's machine.
Any respectable browser will block javascript from accessing anything on the user computer. It is a huge security risk to let a script in a HTML page do something like you want.
Depending on the browser and the configuration, it may be possible, but you absolutely shouldn't try to do it.
You can maybe achieve what you want through a browser extension, but you will have to write it for each different browser your customer are using.
Maybe the best thing to do is write a rich client instead of using HTML/Javascript.
It would be doable if the HTML page were not opened in the browser! The browser makes its best not to allow such things for security purposes.
Not that JavaScript in itself is not able to do this -- the language is used in plenty of other places, see here.
You can do something similar to this using a wrapper like Fluid ( http://fluidapp.com/ ) which encapsulats your page and turns it into a native app (with its own sandbox) There are equivalent programs for other platforms as well as Mac.
Okay so it's sorta pointless considering that even if there was support for this you could still open more than one instance if you have more than one browser installed, but I was wondering anyway.
Just to emphasize what others have said, No. This is entirely a server-side problem.
I hope not. This restriction would be a pain to users and only underline a problem in the Web Application Infrastructure.
JavaScript and HTML are rendered and run within the browser and have no control over the browser itself. It would be quite dangerous to give them the ability to manipulate and restrict the behavior of the browser.
What are you trying to achieve by restricting them?
If it is a webapp they need to log into I would just restrict a user from being logged in more than once at a time. Other than that would wouldn't want to restrict their opening of the actual window
To execute bookmarklet code the bookmarklet needs to be actioned by the user. Is there any way to have a bookmarklet or indeed any javascript run automatically on page load?
Or is an Add-on the way to go?
Thanks
I don't think that it is possible to autorun a bookmarklet on pageload. This could be used very maliciously.
I think a plugin is the best way to go here. If only for personal use, you should check out greasemonkey for Firefox.
GreaseMonkey
Greasemonkey, or Tampermonkey on Chrome allow this.... but they need the script you want to run
for example, if a certain site always puts up some type of an ad overlay and you can find or write a script to kill that, you can enter that source into Tampermonkey and it will run on each page load globally or at whatever site / domain/ wildcard expression you designate
alternatively if you are looking to block certain scripts and want to automate the process, Notscript for chrome will show you each script that ran when you visited a site and allow you to designate which you want to allow on subsequent visits at that site or all sites, very very cool... that way you need not write or find a script to block behaviors you don't like
as previously pointed out, when you do this stuff you are seriously screwing with browser security, so be careful and just don't set up any old script unless you can read them or trust the source....
I think Opera allows you to auto inject js into a library of sites you specificy 'onload' regardless of ownership.
Well, any javascript runs automatically using onload event, if thats what you need?