I know in JavaScript you can use the window.open() to open a new window in a browser.
Is it possible to create a new window in an HTML element. So instead of creating an iframe it creates a browser or window in the HTML.
Why not use an iframe?
Cross domain policy, iframes can't display all websites
Background:
I am trying to add in a website browser to a game, this game allows modding of the ui which uses CoherentUI(Essentially the UI is HTML)
The only thing you could do is some "readfile" script in php or any Server side language, open the Website on your own, read and parse the whole content, rewrite links if needed, ... and echo it in some div. If you want it live and in-game you should use Ajax and jquery for example.
But i guess, you should not do this without permission of the Website owner, as you copy and use his content without mentioning a source.
Related
I have a legacy web application that we are not allowed to modify yet. We need to add a new function to the application in the short term. We have been told that we may modify the webpage with any local scripts we want but we have to wait 4 months before they will unlock the application.
So my goal is to create a webpage locally, click on that local html file and have it open the url for the legacy application, and then inject the new JavaScript function to the application.
On "your" page, use an iFrame to "import" the page you cannot edit, on your page add whatever modifications you need/want.
If there is no server side scripting on the page, then copy the page source to your page, and add whatever you want to it. It is difficult to give you a focused answer without having access to or more information about the actual legacy page.
It can't be done directly since browsers prevent cross site scripting so injecting js from local machine will complain with same origin errors the only workaround i know is to use developer tools and open console then you can type your JavaScript there and run it directly
I am studying about the project in which I have to extract the data from the website . The project is in java and the website is in java script . I am using Jsoup to extract the data from the website But there are some modal windows(dialogue box , pop up windows) present in the web page.So Is it possible to extract the data of modal windows using jsoup?????
So if answer is yes , then how could I do it?? please provide links and if not, then what are the other best ways to do it???
Thanks for your help. I really appreciate it.
I assume that the modal is generated by Javascript.
Jsoup is just a parser. This means that it will make an HTTP request (GET or POST, whatever you tell it to do) and the server (website) will respond with the initial html. By saying initial, I mean the html before any javascript is executed.
Javascript can generate html (like the modal in question), but this is not visible to Jsoup because a parser can only read, it cannot execute code. The browser is able to generate the modal because it includes a Javascript execution engine that parses and executes Javascript.
When you visit a web page you don't know what is dynamic (generated by Javascript) and what is static (fetched by the server as is).
A little trick to check what is dynamic and what is static (static is visible to Jsoup) is to do the following:
Visit the web page you want to parse (with chrome if possible, mozilla will work too I think).
Press Ctrl + U. This will open a new tab.
The new tab will contain some mesh of html, css and js. This is what the server fetches to the browser and is also visible to Jsoup.
If the modal is in there, then great, it is visible to Jsoup. If not, then you have to use a library that acts as a headless browser.
A headless browser is essentially a browser without the graphical interface. It can parse and execute Javascript. It "sees" what a normal browser sees.
The most common library used is selenium webdriver. Be careful, selenium is a testing framework that has a lot of parts. What you need is the webdriver.
There a lot of examples out there with ready made code to get you started.
So I have a site specific bookmarklet that create a page with a toolbar (using localstorage to set/get variables) and then creates an iframe for a destination site, say www.example.com. [Idea heavily borrowed from the wonderful RWD Bookmarklet (http://responsive.victorcoulon.fr/) ]. It works great, but I wanted to provide that a clickable link to that bookmarklet (because it is a pain to add a bookmarklet in an Ipad) but unfortunately that results in the obvious XSS cross-site problems since the link does not reside within www.example.com.
To improve this experience I was wondering if it would be possible to do have a popup (like twitter's) which would exploit an existing generic loadScript function currently present on www.example.com. From within the javascript console on www.example.com I currently can invoke a supervar.loadScript("http://dl.dropboxusercontent.com/s/blah/thefile.js") and it works. Which means I do not need to append or cross load the js into the iframe but I would need the iframe itself to invoke the supervar.loadScript call.
It is possible to invoke the supervar.loadScript on say a window.onload/document.ready type scenario or would the context of the popup code be pointing to about:blank/notexample.com in which case the supervar would not exist. Could window.postMessage be of any use?
UPDATE: Clarification
I am trying to have a button which would contain javascript code that in turn would open a new window/tab to a site but would be able to invoke a command on a variable that will be present when the DOM is ready.
Again, I'm quite new to XSS so I'm not sure if this is a security problem on the site. I'm not trying to access variables from one site to the next, just a means to load a userscript on a site without having to use a bookmarklet.
For a real test:
Visit: firsttaste.kraftcanada.com.
Open the javascript console and then enter: nitroWidget.loadScript("https://dl.dropboxusercontent.com/s/fcfbpfdmzrxywh9/mwolfe_alert.js")
This will execute the mwolfe_alert.js which merely contains an alert message.
Is there a way that I could create a clickable link on a site outside of *.kraftcanada.com which would create a popup/new tab that upon the {document,window,$}.onload/read would invoke the nitroWidget.loadScript?
I'm trying to open another website and pull out a list of usernames on that site to send a message to. Specifically, I'm talking about XBOX Live previous players - this requires a login through a https:// website and so an iFrame so that Javascript can reference this cannot be used.
I have looked at JavaScript HTML DOM Examples but none of them seem to be what I need.
How do I create a NEW window in Javascript and access the elements of that window?
You can see my previous post here where I was attempting to do this with VBScript (an appalling idea really). Show me how I can perform the same with pure Javascript! :)
If the window is in a different domain, JavaScript can not access it because of the same origin policy. So for the same reason you can not do it with an iframe, you can not do it with a pop up window.
I am writing an application on XULRunner that displays HTML pages from the web:
I have a very simple XUL file with a in which is just a filling the window and loading a local HTML file.
In my HTML, I have an iframe to load content.
What's cool with XULRunner is that I can access the content of the iframe for many things (display page title, images...)
What's not cool at all is that, unlike what I had when my app was running in a browser, I have two big bugs with some pages:
1) Some (many?) pages (like "yahoo.fr" have malformed HTML content, especially for tag where the tag is not closed (the IMG tag without the /> at the end).
==> This does not bother Firefox but in my app, XULRunner does not decode the HTML and thus display the rough HTML source code in the page.
2) On some pages, like, for now, the home of nytimes.com, the login page of bloglines.com and of yahoo.fr, "something" happens in the iframe that causes the src of my tag (that is my app that SHOULD NEVER CHANGE) to change thus closing my app.
==> I guess it may be linked to an attempt to open in another window.
Does anyone have a clue to solve these two problems? Better version of XULRunner (I am using 1.9.1)? XUL options to prevent a page to open in new window? Others?
Thanks for your help,
J.
Rather than a <iframe/>, use a <browser type="content-primary"/>. That will solve your second problem (by letting the system know that the contents of that frame belongs to the web and shouldn't be able to change you).
The first question really depends on how things are being loaded. Are they from http, or from a previously-saved local file? Do you useful mime types and things from the server? Or, if local, what file extension do you end up with?