Access ActiveX objects in Firefox and Chrome - javascript

I have a situtaion where i need the command prompt to open on the click of a button. for this i started of by usign jsp.
var wsh = new ActiveXObject('WScript.Shell');
command = "cmd /k D:\ & cd testTrial & trial.bat & echo DONE!"
wsh.Run(command);
The problem is that this wont run in firefox as ActiveXObject is a Microsoft propritory.
Is there a way i can check the browser and then run the above code keeping the current browser in mind.

This sounds like a security hole... I don't think you will be able to do that.

As I know for security reason other browsers does not allow to access local resources.

Related

Recover javascript logs and errors on Internet Explorer without F12 tool

The main idea is to run a random page on Internet Explorer and get javascript errors and logs.
Is there a way to recover javascript console logs and execution error
from a random web page without accessing the F12 tool on Internet
Explorer?
I found that with Chrome based browser, you can get it on your AppData file log by adding --enable-logging --v=1 args when launching.
Any solution with any language are welcome.
Thank you for your answer.
NOTE :
random page on Internet Explorer means that I do not have the access on the source code.
Basic solution to this would be:
1. Use Exception Handling to catch the errors.
2. Log errors in a Global Array
3. Log the errors in a file using Blob and URL.createObjectURL. All recent browsers support this.
Have you considered using a Bookmarklet that:
Overrides window.console.log and window.console.error (to intercept messages)
Logs incoming messages somewhere using createObjectURL?
Or you could use something like firebuglite and auto-enable it like this:
<script type="text/javascript" src="https://getfirebug.com/firebug-lite.js">
{
overrideConsole: false,
startInNewWindow: true,
startOpened: true,
enableTrace: true
}
</script>
More instructions are here: http://getfirebug.com/firebuglite
If the F12 tool is not of your interest, then what about the Event Viewer? Open Event Viewer from Control Panel -> System and Security -> Administrative Tools -> Event Viewer.‌ Then select the log Applications and Services Logs\Internet Explorer.
By default no events are being logged for Internet Explorer, to enable them create a new DWORD registry value named Feature_Enable_Compat_Logging under the following registry key:
HKCU\SOFTWARE\Microsoft\Windows\Internet Explorer\Main \FeatureControl
and set the registry value to 1.
Check the logs you get to see if it's what you're looking for.
One idea would be to write a browser extension which listens for window.onerror and writes to a file. Definitely not as elegant as the Chrome solution, but it would work fairly well.
Using local proxy might be a good one-time solution.
Charles web debugging proxy app has nice UI and it allows to replace any response with local resource.
So basically you'll need:
Download one any of the js files used on target page
add any code you wish to saved version
set up Charles to serve you your local version instead of remote one
You might try Fiddler. It's got its own logging and has amazing inspection power. It won't capture IE specific errors, since it's at a different layer, but it will definitely get you any code that's coming over the wire.

Permission denied error while executing shell command from JavaScript

I am trying to run shell command to open notepad from JavaScript. This is how my code looks like:
<script type="text/javascript">
function runNotepad() {
var oShell = new ActiveXObject("Shell.Application");
var commandtoRun = "C:\\WINDOWS\\Notepad.exe";
oShell.ShellExecute(commandtoRun, null, "", "open", "1");
}
</script>
When i try to run this, it throws me an error saying Microsoft JScript runtime error: Permission denied.
I also have set Allow active content to run in files on my computer in IE but still no luck.
Any idea what am i missing here?
Any idea what am i missing here?
No browser would allow JavaScript to arbitrarily start a process. This functionality is not available in Internet Explorer because of the security implications.
This will work if run from other Scripting Hosts, such as cscript, but not Internet Explorer.
You can't run or create native objects inside webpage javascript. The idea is that if someone could do that, then they could create a FileSystem object. Then, while you idly browse their webpage, they play havoc with your file system.
If you need to do this, and have the file saved on the host's machine, save it as an HTML app (*.hta).

How can I launch a system command via Javascript in Google Chrome?

I want to execute a local program on my computer via Javascript in Chrome. In Firefox, it can be done as follows (after setting 'signed.applets.codebase_principal_support' to true in about:config):
function run_cmd(cmd, args) {
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
var file = Components.classes["#mozilla.org/file/local;1"]
.createInstance(Components.interfaces.nsILocalFile);
file.initWithPath(cmd);
var process = Components.classes["#mozilla.org/process/util;1"]
.createInstance(Components.interfaces.nsIProcess);
process.init(file);
process.run(false, args, args.length);
}
What's the equivalent code for Chrome?
This is not possible in Chrome without extensions.
This requires a NPAPI plugin in extensions, see http://code.google.com/chrome/extensions/npapi.html ,
I don't think you can. Chrome is very particular about such things, hence their sandbox
The preferred way to do this in Chrome is to use Native Messaging along with a Chrome extension. NPAPI is being phased out.
https://developer.chrome.com/extensions/nativeMessaging
Javascript has no capabilities to communicate externally outside of the browser. For instance, no disk input/output, no communication with the host OS such as Windows/Linux. Javascript is inherently tighter as it is executed by the browser itself.

Uncaught Error: SECURITY_ERR: DOM Exception 18 when I try to set a cookie

I get the following error in Chrome's developer tools window when I try to set a cookie using this jQuery plugin:
Uncaught Error: SECURITY_ERR: DOM Exception 18
What does this error mean and how can I fix it? I get the same error when I use this jQuery plugin.
You're most likely using this on a local file over the file:// URI scheme, which cannot have cookies set. Put it on a local server so you can use http://localhost.
I also had this issue while developping on HTML5 in local.
I had issues with images and getImageData function.
Finally, I discovered one can launch chrome with the --allow-file-access-from-file command switch, that get rid of this protection security.
The only thing is that it makes your browser less safe, and you can't have one chrome instance with the flag on and another without the flag.
You can also "fix" this by replacing the image with its inline Base64 representation:
img.src= "data:image/gif;base64,R0lGODlhCwALAIAAAAAA3pn/ZiH5BAEAAAEALAAAAAALAAsAAAIUhA+hkcuO4lmNVindo7qyrIXiGBYAOw==";
Useful, when you do not intend to publish the page on the web, but instead use it on local machines only.
Faced with the same situation playing with Javascript webworkers. Unfortunately Chrome doesn't allow to access javascript workers stored in a local file.
One kind of workaround below using a local storage is to running Chrome with --allow-file-access-from-files (with s at the end), but only one instance of Chrome is allowed, which is not too convenient for me. For this reason i'm using Chrome Canary, with file access allowed.
BTW in Firefox there is no such an issue.
This error pops up, if you try to create a web worker with data URI scheme.
var w = new Worker('data:text/javascript;charset=utf-8,onmessage%20%3D%20function()%20%7B%20postMessage(%22pong%22)%3B%20%7D'); w.postMessage('ping');
It's not allowed according to the standard: http://www.whatwg.org/specs/web-apps/current-work/multipage/workers.html#dom-worker
I had this issue when using the history API.
window.history.pushState(null, null, URL);
Even with a local server (localhost), you want to add 'http://' to your URL so that you have something similar to:
http://localhost...
I wasn't completely happy by the --allow-file-access-from-files solution, because I'm using Chrome as my primary browser, and wasn't really happy with this breach I was opening.
Now I'm using Canary ( the chrome beta version ) for my development with the flag on.
And the mere Chrome version for my real blogging : the two browser don't share the flag !
One can also receive this error if using the new (so far webkit only) notification feature before getting permission.
First run:
<!-- Get permission -->
<button onclick="webkitNotifications.requestPermission();">Enable Notifications</button>
Later run:
// Display Notification:
window.webkitNotifications.createNotification('image', 'Title', 'Body').show();
The request permission functions needs to be triggered from an event caused by the user, otherwise it won't be displayed.
I was been getting that error in mobile safari when using ASP.NET MVC to return a FileResult with the overload that returns a file with a different file name than the original. So,
return File(returnFilePath, contentType, fileName);
would give the error in mobile safari, where as
return File(returnFilePath, contentType);
would not.
I don't even remember why I thought what I was doing was a good idea. Trying to be clever I guess.

ActiveXObject issue in javaScript

I wrote a javascript function in my html page to execute an .exe file. for this i used ActiveXObject.
my function is:
//~~~~~~~~~~~~~~~~~~~~~~~~~~~JavaScript~~~~~~~~~~~~~~~~
function openWin(url)
{
if (!document.all) {
alert ("Available only with Internet Explorer.");
return;
}
var ws = new ActiveXObject("WScript.Shell");
ws.Exec(url);
}
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It works fine but there is a alert "An ActiveX control might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" comes up to confirm. If i say YES only it will get loaded.
Pls anyone help me on this how to avoid this pop-up coming every time when i reload my html page.
You can't. Your users can, by giving your page trusted access to their computer (e.g., by adding the URL to the "Trusted Sites" zone).
You should enable activeX in Internet explorer security settings.
http://www.nrc.gov/reading-rm/adams/install/enabling-active-x.html
If you want your users to not seeing this message, then they should enable it. But you can't force them to do it because of security issues.

Categories