I have written javascript that I am currently excecuting in the devtools of chrome (the console section). Is there any way to do that in javascript without me having to open the page, open the console, type it in, etc. I would be doing this from an external page. If this is confusing here is an example:
mypage.com
<script>
function myFunc(){return document.getElementById("hi")};
</script>
targetpage.com
<p id="hi">Hello world</p>
In this case, how can I run myFunc on targetpage.com from mypage.com?
Web browsers (by design) explicitly prohibit what you are trying to achieve. The JavaScript can only run on a page that originated from the same server.
The only way to "run" the code from a different source is via eval()
The way eval() works is you provide is with a JavaScript "text" that it will dynamically execute.
As mentioned in the comments - eval() is very evil.
eval() executes code provided as a text. For instance:
var code = "var i = 10; alert(i);";
eval(code);
The above lines will pop an alert window displaying "10".
The main point of the answer is: you cannot do what you are hoping to achieve.
Related
I'm wondering if it is possible to, in Java, detect whether or not an HTML file would open an alert dialog if opened in the browser. Preferably headlessly. For example, a file with the below contents were parsed, it would return true.
<html><script>alert("hey")</script></html>
and the below would return true also
<html><iframe src="javascript:alert(1)" onload="alert(2)"></iframe></html>
but the below would return false because it would not open an alert dialog if it were opened in the browser (because none of the code is syntactically correct, and the part that is isn't in a tag).
<html><script>alert;,(123w)</script>alert(1)</html>
I have thought of a way to approach this problem, but it is flawed. Basically, you see if the stringalert(1) is in the file, etc.
The problem with this is that it wouldn't work in cases where that code isn't inside of script tags or tags that make it execute. An example of where it wouldn't work is: The following would return true, even though it wouldn't actually open a popup <html>alert(1)</html>.
This isn't Android by the way. Appreciate your help!
You will need to not only verify if the Alert function is there but check if the JavaScript function would even run. An example of this is if there is a script with an Alert function inside a function that never runs. The Alert function would be there but it would never run. This would give a false positive. So the in the best case you should run the JavaScript in some way to validate the code and to see if the function would ever run.
As Louis pointed out in the comments Option 2 is better in this case as you will need to account for both the DOM and JavaScript's behaviour as both can change if the Alert function runs and how it runs.
Option 1 : Run the JavaScript with Script Engine
You would need some way of separating the HTML from the JavaScript but once you have that you can do this method.
You can run the JavaScript in Java using ScriptEngine. https://docs.oracle.com/javase/8/docs/technotes/guides/scripting/prog_guide/api.html
If you read the API there is a way to create variables and communicate between your Java Program and the JavaScript you are Running.
To capture the context of the Alert you can create a custom JavaScript function that overwrites the Alert function. Inside this custom function you can send the arguments of the function back to your Java Program.
Option 2 : Headless Browser
You can also try to use a headless browser like JBrowserDriver and as you can see you have an Alert interface with getText as a function. For async issue the headless browser has a default amount of time for waiting for the script to complete. If this default amount is not enough you can use the setScriptTimeout to handle it.
http://machinepublishers.github.io/jBrowserDriver/
I have got formatted text(which is a piece of code) in my textarea which is beautified using the codemirror.
Now when I press the button under the textaera,I need to pass a response as a variable to the above code and execute it as javascript and obtain the result.
basically I just want something similar to jsfiddle.
How can I do this using javascript/jquery?. Is there any plugins that I could use for the same?
I think you are looking for eval function in JavaScript. I do not understand what exactly you need to achieve, but this might help:
http://www.w3schools.com/jsref/jsref_eval.asp
However, as I understand you should try to avoid eval in the code, but if this is the only way, let it be.
You can run the code in an iframe on a different domain with eval function, this causes the browser to not allow the code in the iframe access to the parent page due to the Same Origin Policy.
Well known tools created to run third-party code is Google Caja and ADsafe.
I'm trying to understand how a webpage works. When you click a button, they call a function from javascript, with some arguments, just like this <a href="javascript:ShowListing('24343434', 22, '2', '434331')" class="btn">. The function (in an external .js) looks like this:
function ShowListing(id1,id2,id3,id4) {
somecode here
Dialog.Show( id1, assets[id2][id3][id4] );
}
My question is, what's assets? I looked for the declaration of the variable in all the scripts and I couldn't find it. Maybe it's defined in a .php?
Is there any way of knowing the value it has given some specific [ids]?
Thanks!
My question is, what's assets?
A variable containing an object of some sort. We can't tell any more than that from the code you've supplied.
I looked for the declaration of the variable in all the scripts and I couldn't find it. Maybe it's defined in a .php?
It has to be defined by client side JavaScript (unless it is a browser built-in which I don't recognise, but seems highly unlikely given the context it is used in). That JS could be in a .php file.
Is there any way of knowing the value it has given some specific [ids]?
Just about every modern browser has a Developer Tools feature.
Developer Tools come with a JavaScript debugger that lets you set breakpoints.
Set a breakpoint to that line and then you can examine the variables in it using the debugger.
Search terms such as how to use the chrome developer tools debugger will help you learn to use those tools for your browser.
First hit F12 if you're on firefox (i think the same goes for chrome) the console panel should be visible, then add the console.log() and refresh the page to see what is asset use
console.log(assets);
the same goes for the other ids and the value of each array in assets
I'm experimenting with a simple Javascript debugger for a WebView. I'd like to debug/control/inspect how some Javascript code is being executed inside my WebView.
I haven't found any solution other than using the WebChromeClient to receive the console messages.
Since I have access to the Javascript code I can add instrumentation code: a console.log call before each line, with a special message (e.g. "debugging line 3") that tells which lines have been executed.
It's quite rudimentary so I wonder if there's any better solution. It would be great if I could use the debugger statement to really control execution flow.
This is what I have been doing if I want to console.log() anything directly on the mobile browser so that debugging can be done on the actual device and not in emulator or similar...
I made JS debugger plugin and here is what it have:
it creates an absolutely positioned HTML element that is placed on top of the content and is semi transparent.
I made the JS logic that actually simulates what console.log() does and print out all desired information in mentioned HTML element
once plugin was done I simply used MoibileDebugger.log('what ever'); instead of console.log('what ever');
My code is still not published publicly but will do that soon, so that anyone can benefit from using it...
In any case this plugin can be made very quickly by anyone who is good in JS.
I have an ASP.NET MVC project that uses some simple AJAX functionality through jQuery's $.get method like so:
$.get(myUrl, null, function(result) {
$('#myselector').html(result);
});
The amount of content is relatively low here -- usually a single div with a short blurb of text. Sometimes, however, I am also injecting some javascript into the page. At some point when I dynamically include script into content that was itself dynamically added to the page, the script still runs, but it ceases to be available to the debugger. In VS2008, any breakpoints are ignored, and when I use the "debugger" statement, I get a messagebox saying that "no source code is available at this location." This fails both for the VS2008 debugger and the Firebug debugger in Firefox. I have tried both including the script inline in my dynamic content and also referencing a separate js file from this dynamic content -- both ways seemed to result in script that's unavailable to the debugger.
So, my question is twofold:
Is there any way to help the debugger recognize the existence of this script?
If not, what's the best way to include scripts that are used infrequently and in dynamically generated content in a way that is accessible to the debuggers?
I can not comment yet, but I can maybe help answer. As qwerty said, firefox console can be the way to go. I'd recommend going full bar and getting firebug. It hasn't ever missed code in my 3 years using it.
You could also change the way the injected javascript is added and see if that effects the debugger you're using. (I take it you're using Microsoft's IDE?).
In any case, I find the best way to inject javascript for IE is to put it as an appendChild in the head. In the case that isn't viable, the eval function (I hate using it as much as you do) can be used. Here is my AJAX IE fixer code I use. I use it for safari too since it has similar behavior. If you need that too just change the browser condition check (document.all for IE, Safari is navigator.userAgent.toLowerCase() == 'safari';).
function execajaxscripts(obj){
if(document.all){
var scripts = obj.getElementsByTagName('script');
for(var i=0; i<scripts.length; i++){
eval(scripts[i].innerHTML);
}
}
}
I've never used jquery, I preferred prototype then dojo but... I take it that it would look something like this:
$.get(myUrl, null, function(result) {
$('#myselector').html(result);
execajaxscripts(result);
});
The one problem is, eval debug errors may not be caught since it creates another instance of the interpreter. But it is worth trying.. and otherwise. Use a different debugger :D
This might be a long shot, but I don't have access to IE right now to test.
Try naming the anonymous function, e.g.:
$.get(myUrl, null, function anon_temp1(result) {
$('#myselector').html(result);
});
I'm surprised firebug is not catching the 'debugger' statement. I've never had any problems no matter how complicated the JS including method was
If this is javascript embedded within dynmically generated HTML, I can see where that might be a problem since the debugger would not see it in the initial load. I am surprised that you could put it into a seperate .js file and the debugger still failed to see the function.
It seems you could define a function in a seperate static file, nominally "get_and_show" (or whatever, possibly nested in a namespace of sorts) with a parameter of myUrl, and then call the function from the HTML. Why won't that trip the breakpoint (did you try something like this -- the question is unclear as to whether the reference to the .js in the dynamic HTML was just a func call, or the actual script/load reference as well)? Be sure to first load the external script file from a "hard coded" reference in the HTML file? (view source on roboprogs.com/index.html -- loads .js files, then runs a text insertion func)
We use firebug for debug javascript, profile requests, throw logs, etc.
You can download from http://getfirebug.com/
If firebug don't show your javascript source, post some url to test your example case.
I hope I've been of any help!
If you add // # sourceURL=foo.js to the end of the script that you're injecting then it should show up in the list of scripts in firebug and webkit inspector.
jQuery could be patched to do this automatically, but the ticket was rejected.
Here's a related question: Is possible to debug dynamic loading JavaScript by some debugger like WebKit, FireBug or IE8 Developer Tool?