get a html element from another website (XSS) - javascript

How can I get a html element from another website directly into my site (not using an iframe).
For Example:
A page on another website has the following code (and nothing else);
<p>example text</p>
how can I get this into my website to be able to edit it. I can't directly copy the code because I want the code on my site to change in conjunction to the other site.

As you seem to have PHP tag, so if using PHP, you can use file_get_contents(), like
$html = file_get_contents('url_of_site/page.html');
or with DOMDocument, like:
$doc = new DOMDocument();
$doc->loadHTMLFile('http://some_site.com/');
$html = $doc->getElementsByTagName('p');
print_r($html);
Note:: Due to Same Origin Policy, you cant do it with just javascript. If you want to do it with Javascript you need to create a proxy kinda stuff, like have a test.php file in your own server, add code to fetch content from other site into test.php file, and call this test.php file using javascript ajax.

Related

Phantomjs: Modifying html dom before opening it as webpage

I need to process html files that have corrupted script files that are added to it via tag.
Im planning to remove all script tag present in the webpage via phantomjs.
But on opening the webpage via webpage.open(), phantomjs parse error is thrown since it cannot parse the JS content within the script tag.
Here is an example:
<html>
<head>
<script>
corrupted JS
if(dadadd
;
</script>
<body>
some content
</body>
</html>
Can someone help me on suggesting the right way to clean this webpage using phantomjs ?
It's not (easily) possible. You could download (not through opening the page, but rather making an Ajax request in page.evaluate()) the static html, then change according to your needs, then assign it to page.content.
This still might not work, because as soon as you assign it to page.content, you're saying that PhantomJS should interpret this source as a page from an unknown domain (about:blank). Since the page source contains all kinds of links/scripts/stylesheets without a domain name, you'll have to change those too in order for the page to successfully load all kinds of resources.
It might be easier to just have a proxy between PhantomJS and the internet with a custom rule to adjust the page source to your needs.

PHP Ajax jQuery cross domain file loading

So before you say this can't be done. These are all files that I have one server. I just have some of them listed under different domains.
My PHP script will access all the files but when I try to do an ajax request to try to load the file I will often get an error (because the site i am accessing is secure and the one I am accessing it through isn't).
What I need is a way to have php grab the file. But I need aJax to retrieve the file and render it for me. I am also using ACE editor to edit the file
The bit of code I have here will actually error out as well because it will load and print out the file where $page is defined but won't load where htmlspecialchars is.
<script>
var e = ace.edit("editor");
<?php
$page = readfile($_SERVER['DOCUMENT_ROOT'].$_GET['dir']);
echo 'e.setValue('.htmlspecialchars($page, ENT_QUOTES).');';
?>
</script>
I have an ajax get request working but it doesn't work when I go to a directory with a special htaccess file. Now I can't change the htaccess file (unless there is a way for me to confirm that it is my script running and not someone else.
The question is, how can I access those other files without getting that error? Mind you those files could be extension. It is not limited to just scripts or css, mostly they will be html or php files.
After an hour of searching the deep dark depths of the php.net site I was able to put together a solution that works.
<?php
echo htmlspecialchars(
addslashes(
file_get_contents(
$_SERVER['DOCUMENT_ROOT'].$_GET['d‌​ir']
)
)
); ?>
the addslashes is the extra part that I needed. Then I also had to put it between the div for the editor. I couldn't use the editor.setValue() function.

load a php page inside a html page with javascript

i'm using this code to load a php page inside a html page using javascipt , but it doesn't work. the code is below :
<html>
....
<div id="home" style="background: #000;background-image: none;height:100%;"></div>
<script>
$('#home').load('http://www.website.com/file/index.php').trigger("create");
</script>
</html>
the php file exists and works fine but it doesn't show up in the actual page . If you have modification i can make i'll be thankful
If you remote website is not in same server you can't do it, for same-origin policy security restrictions, as specified in the load() documentation.
But, you will have a proxy script like:
proxyScript.php
<?php echo file_get_contents("http://www.website.com/file/index.php"); ?>
And, now, you can: $('#home').load('proxyScripts.php').trigger("create");
Or you will configure your remote server to accept remote request, read: How to use Cross domain Ajax request
I think it has something to do with javascript happening AFTER php happens.
Why not switch it with
include('http://www.website.com/file/index.php');
if your hiding that div you could just use javascript to show / hide the div based on what ever happens. Dont try to lead the php file when its hovered or clicked or w/e. Load it first and just display it with js.

file_get_contents not loading the full source code because parts are loaded on page load

I want to copy the entire source code of an external website to a file for later modification and analysis. But a table on domain.com/stats is not static HTML but is build by JavaScript and loaded on page load.
The problem is that it thus is not included in the source code!
This is what my code look like right now:
$txt = file_get_contents('http://domain.com/stats');
file_put_contents(dirname(__FILE__) . '/statistic/stats.html', $txt);
Is there a work around for this?
if you scan $txt for dynamically loaded content, you could perform further file_get_contents requests to retrieve those contents as well and store those along with the original content.
Only way you are going to get the JavaScript to run is if you use a headless browser to retrieve and execute the scripts.

How to save $(document).html() to a .xml file in jQuery or JavaScript?

I'm trying to push a form button and save all the html in the document to a xml file. Also If I have 3 frames or iFrames, I want to also save everything from my 2nd iframe id 'iframe2' (except the iframe itself) into a file, but have a dialog box pop up that says are you sure you want to save this file?
I'm not sure if this is possible, but if it is it would save me a step of writing xml to a file as well as displaying it in the browser. If its not possible in html4.01 is it possible in html5?
I can look at the html using $('#iframe2').html(); but not sure how to save it.
Thanks
There are 3 ways to do this as far as I know:
You could use Flash or Java or another browser plugin to make a save file dialog (check out Downloadify)
You could use data URIs (check out this answer. You'll want to change the mime type to application/xml)
You could use the server to trigger an attachement download with the contents you want. That content could be transmitted through AJAX (check out this question).
You can probably use a backend language like PHP to accept the string as POST data and write it to an XML file in one swoop.
if (window.confirm('Are you sure you want to save this file?')) {
$.post('/save.php', { 'html': $('#iframe2').html() }, function (_dta) {
window.alert(_dta);
});
}
and on PHP
<?php
$html = $_POST['html'];
file_put_contents('./iframe2.xml', $html);
echo 'saved!';
?>

Categories