Running executable application on Chrome? - javascript

Is it possible to run executable .exe application on Chrome browser or what option do I have?
I have seen example of JavaScript and it is desgined to work on IE because it use WScript.Shell (Not tested)
var ws = new ActiveXObject("WScript.Shell");
ws.run("C:\\System\\Display\\Display.exe \"" + message1 + "\" \"" + message2 + "\"");
So basically javascript it will execute Display.exe <Message>
Display.exe connect to COM3 (serial port) to display price on the Customer Display Pole (Till system)

Short: No it's not possible.
It's not even possible to call local files directly from chrome. It's really locked down in google chrome. If you manage to crack it you could strike it rich
In short, the best way to access local stuff is to set up a local webserver, call it, let the webserver execute a local file/protocol and then return the output to you via xhr or websockets.
Another option might be Java signed with secure certificates to allow some leeway, but even there the security measures are really tight.
Or you could make a chrome plugin and try Native Message Passing
Or, another option is that you fork chromium and build in your own activeX support into it. ChromiumX has a nice ring to it heh.
But all in all, it's really hard to get stuff done via chrome in what you want.
personally I resolved it by using PHP COM on a windows server to which I communicated via ajax requests to do the stuff I needed done, but it's less than ideal.

Related

Automation server can't create object: ActiveXObject creation error

I have a very simple javascript code in oracle procedure which us used for fetching the Username for Active Directory as my application don't have any user interface.
htp.p('function disp_alert()');
htp.p('{');
htp.p('var WinNetwork = new ActiveXObject("WScript.Network")');
htp.p(' WinNetwork = WinNetwork.UserName');
htp.p('alert(WinNetwork)');
htp.p('}');
It throws exception ActiveXObject creation error: Automation server can't create object
I tried changing browser setting script ActiveX controls marked safe for scripting to enable and it worked.
But in my case the application is accessed by users in client network and we can't tweak security settings for each machine in network. Can anyone suggest an alternative solution or any other method for fetching the windows username?
If you absolutely have to use WScript.Shell for whatever you want to accomplish, you may set the option for your intranet zone by GPO.
You may find the corresponding GPO setting with the help of that site: https://getadmx.com/?Category=InternetExplorer&Policy=Microsoft.Policies.InternetExplorer::IZ_PolicyScriptActiveXMarkedSafe_3

Access Language JSON file with JS on Chrome without a webserver

tl/dr: How can I
internationalize strings in a html5/javascript application
while using a json file or something similar with key/value pairs (easy to translate)
without using javascript vars for every language string (ugly)
and if possible, without complex frameworks or packages
on Chrome (or something with same-origin-policy)
without a (local) webserver
without internet connection
Details:
I am developing a html5 touch game for older useres on an embedded IE system that will be changed to an embedded chrome system soon. Using a webserver is currently no option and I can't assume I have an internet connection all the time. Since the application should be in different languages, I currently have a json file that is accessed like this (irrelevant stuff left out):
//...
var language = "en"; //the language we want, same as the json file name
var key = "key"; //the key to the value we like to obtain
var languageMap;
var langFile = $.getJSON(language + ".json", function(data){
languageMap = data;
});
var langFileStatus = $.when(langFile);
langFileStatus.done(function () {
var value = languageMap[key];
//use the value of "key" here for awsome stuff
});
//...
the language file (e.g. "en.json") looks like this:
{
"key":"value",
"otherKey":"otherValue",
}
which works pretty well for IE and FF, but not on Chrome, because of the same-origin-policy. I read about an awsome trick to bypass that here, but I couldn't make it work in this case. I have never used JSON before in connection with JS, so maybe its an easy question. Different solutions for the whole problem are also very welcome (thats why I posted the complete problem). Thanks in advance!
Download Web Server for Chrome App from here. This is not exactly a server, but a handy simulation of the same that allows you to run your files locally as if they are running on a server.
It works without any Internet connection. More importantly, it has configuration options for CORS request thanks to recent updates Install it, select the folder in which your files are present, and you are ready! It's a really good way to test your code locally on Chrome.

Javascript Access to File on local machine

I want to open the files located on local drive using window.open().
When i try to access the file using window.open i am getting error "Access is denied."
Would somebody help to achieve this requirement in Internet explorer 8.0?
Thanks!
You can't. And thank God for that. Imagine how insecure the internet would've been if JS was able to access a client's file-system.
Of course, IE8 has the MS specific JScript superset (ActiveXObject), which does enable filesystem access:
var fileHandle,
fs = new ActiveXObject("Scripting.FileSystemObject");
fileHandle = fs.OpenTextFile("C:\\path\\to\\file.tmp", 1, true);
fileHandle.Write('This is written to a file');
console.log(fileHandle.ReadLine());//will log what we've just written to the file
But this is non-standard, is - I think- no longer supported either, and doesn't work X-browser.
Here's the documentation. At the bottom there's a link to a more detailed overview of the properties and methods this object has to offer, as you can see, there's a lot to choose from
I'm adding this answer just to be complete, but so far as Web Pages go, Elias Van Ootegem's answer is correct: you can't (and shouldn't be able to) get to the local hard drive.
But .. you can isf your page is an HTA (HTML Application) :
HTML Application wiki
This is essentially a web page with .hta as the extension(usually) and some extra tags to tell IE that it's an HTA application, not a web page.
This is something that runs via the windows operating system and is so far as I'm aware only available for IE. The HTA application opens as a web page in IE, but without the usual web navigation / favourites toolbars etc.
Note that if you have a page on an internet server delivered as an HTA application, you're likely to cause virus scanners and firewalls to pop up because this would essenstially be running a script whcih could do manything to your computer. Not good for general internert stuff at all, but might be useful in a secure environment like an intranet where the source of the application is known to be safe.
To get to the file system, you can use javascript code like this :
// set up a Fils System Object variable..
var FSO = new ActiveXObject("Scripting.FileSystemObject");
// function to read a file
function ReadFile(sFile) {
var f, ts;
var s="";
if(FSO.FileExists(sFile))
{
f = FSO.GetFile(sFile);
ts = f.OpenAsTextStream(ForReading, TristateUseDefault);
if (!ts.AtEndOfStream) {s = ts.ReadAll( )};
ts.Close( );
}
return s;
}
alert(ReadFile("c:\\somefilename.txt");

To Access Notepad, calculator through asp.net

I m trying to open Notepad, Calculator in button click in asp.net with code behind C#. I tried with the code
System.Diagnostics.Process.Start("c:\\windows\\system32\\notepad.exe");
this is working fine in local system but not working in the Server. I even tried with the javascript
function executeCommands(inputparms)
{
alert('ff');
var oShell = new ActiveXObject("Shell.Application");
var commandtoRun = "C:\\Winnt\\Notepad.exe";
if (inputparms != "")
{
var commandParms = document.form1.filename.value;
}
oShell.ShellExecute(commandtoRun, commandParms, "", "open", "1");
}
even this is not working out. Can you please suggest me in on how to open the notepad application in the client end with out disturbing server notepad.
This can't be done. Imagine the security mess we'd be in if a web-page could run arbitrary programs on a client machine. Oh wait... ;-)
This is not possible (in general, though you could possibly get around with with various applets and browser plugins). In fact, I would be quite mortified if any web page could execute an arbitrary program on my computer.
You cannot do this. ASP.NET runs on the server and you cannot run programs on the client computer. The ActiveX object you have shown should work but only in IE and only after the user explicitly authorizes the execution of it. Also the location of notepad.exe might differ depending on the client (could be c:\windows, c:\winnt, ... and some clients running for example on Linux or MacOS don't have such executable)
What you are trying to achieve is not possible because of the nature of application in case of ASP.Net. The application will execute on server and will only send client side HTML to client. Even if your code is syntatically correct, it would open up the utilities on server itself.
This Can be possible by using below code on click of server button or Link.
System.Diagnostics.Process.Start("notepad.exe");
System.Diagnostics.Process.Start("C:\Windows\System32\calc.exe")
Works fine, though you may have to adjust settings on your browser. Be sure calc.exe is in the directory.

Check in JavaScript if an SSL Certificate is valid

Is there a way to check in JavaScript if given a host its SSL certificate is valid? (non blocking)
In my case, I want to display: "you can also use https://.." if via JavaScript I can make a request to https://my_url without being asked to accept an untrusted certificate.
Can this be done asynchronously?
Take a look here: https://support.mozilla.org/pl/questions/923494
<img src="https://the_site/the_image" onerror="redirectToCertPage()">
This solution is tested and working in current versions of FF and Chrome (as of 2022):
<script> var sslCertTrusted = false; </script>
<script src="https://example.com/ssltest.js"></script>
<script>
if (!sslCertTrusted)
{
alert('Sorry, you need to install the certificate first.');
window.location.replace('http://example.com/cert_install_instructions/');
}
else
{
// alert('Redirecting to secure connection')
window.location.replace('https://example.com/');
}
<script>
You of course need to make your web server return this code under the URL https://example.com/ssltest.js:
sslCertTrusted = true;
I'm not exactly sure about the details. But I've seen similar technology used to detect adblocking etc. You may need to piggyback on the window object maybe, if the variable can't be modified by another script, but generally making the above proof of concept work is left as an exercise to the reader.
What I've found up to now - it is possible with Firefox, don't know yet about other browsers:
https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL
The straight answer is no. Javascript does not provide any means of validating certificates. This is a job left to the browser.
A better approach to this problem is from the server side. If you are controlling the site, than you can render down a variable on the page with information gleaned on the server side.
In .Net something like
var canSecure = <%= MySiteHasSsl ? "true" : "false" %>;
if (canSecure) {
if (confirm("This site supports SSL encryption. Would you like to switch to a secure connection?")) {
location.href = "https://mysite.com";
}
}
I'm not quite sure what your use case is. If you are just trying to "check ahead of time" before you provide a link to someone for another website then the other answers here will be more relevant than mine.
If you are expecting mysite.com to use an SSL certificate that isn't trusted by default in the browser but you have another way of knowing it should be trusted, then you could use a JavaScript TLS implementation to make cross-domain requests to that other site. However, this requires that your website be served on https and trusted in the browser to begin with and the other site to provide a Flash cross-domain policy file.
If this sounds anything like what you want to do, check out the open source Forge project at github:
http://github.com/digitalbazaar/forge/blob/master/README.md
Useful notice: navigator.clipboard will be undefined on Chrome browsers if there's no valid SSL certificate.
The question doesn't make sense. You can't get the server's SSL certificate without opening an SSL connection to it, and once you've done that, telling the user they can do that too is a bit pointless.
You could run a server elsewhere that handles certificate checks based on whatever you want, then your javascript application sends a request to that server asking for a checkup. This does require that you have at least one server somewhere in the world that you can trust.
A query of this nature can be done in the background quite easily.

Categories