Unable to allow IE10 to run scripts - javascript

My IE10 has stopped execution of JavaScript for pages stored locally, infact it does not asks for permission to allow their execution.
I have Windows 8 x64 with IE 10 installed. A few days back whenever I used to open a file which used JavaScript IE10 used to display a message "IE restricted this webpage from running scripts or activex controls" with a button to allow blocked content.
Now, this dialog doesn't appear at all and I'm unable to test JavaScript programs in my local machine using IE. (On websites like gmail etc JS simply works).
I have tried changing security setting inside internet options to lowest but no use.
P.S.: On repeatedly clicking reload on realized that permission to allow blocked context dialog appears for fraction of a second and disappears.

I solved the issue by installing a cumulative security update for IE10 Windows 8 x64 from
this link
Don't know why this is related with the issue, but my friend suggested me try to update IE, and on googling I found this update.
I posted it here because when I searched internet for the solution, I was not able to find any case of this type.

Related

Allow Firefox AddOn to focus window

I'm trying to write a Firefox AddOn that allows the user to quickly bring a specific open window to the front. While doing research on how to focus windows, I learned that browsers heavily restrict this to avoid misuse. Which I totally support if it is not intended by the user. In my case the user would install the AddOn to explicitly have this functionality, so focusing windows would be intended by the user.
The classic way to do this is Window.focus() but even the Mozilla docs say, that the success of this operation depends on the configuration of the user's browser.
Makes a request to bring the window to the front. It may fail due to user settings and the window isn't guaranteed to be frontmost before this method returns. - Source
In my browser (Firefox 94 on Ubuntu) it doesn't work.
I also read that setting dom.disable_window_flip to true in about:config will enable Window.focus() but it didn't - and it wouldn't be a feasible approach for an AddOn.
Firefox AddOns use a permission system and my expectation would be that there must be a permission that allows focusing windows for this specific AddOn. Unfortunately the permissions aren't very well documented and I couldn't find the right one via trial and error.
Most of the scarce information on focusing windows through AddOns that I found on the web was posted 5 to 10 years ago and doesn't work anymore.
I tried several approaches like calling browser.windows.update(tabId, { focused: true }) from the popup script (which I have a different issue with). I also tried to inject a content script that calls Window.focus() when asked to by a message from the popup script. None of those worked.
So my first question would be: is there any way today (2021, Firefox 94) to allow AddOns to bring a window to front?
And if so: can anyone please show me how?
Thanks in advance!
I think you need to name your window and then focus it.
const newWindow = window.open('http://....', 'NameOfTheWindow');
newWindow.focus();

Chrome SuppressDifferentOriginSubframeJSDialogs setting override using JS?

The Chrome dev team apparently just rolled out a new "feature" called SuppressDifferentOriginSubframeJSDialogs, which makes it so alert+confirm boxes from an iFrame on a different domain than the parent does not show up, by default: https://www.chromestatus.com/feature/5148698084376576
This means if you have an embedded form, and you relied upon the standard JavaScript alert to inform the user of errors (or a confirm to ensure they want to make a change), it now does nothing, completely destroying the UX.
Obviously we can overwrite the built-in alert and confirms with custom ones, but moving away from what is built into the browser now introduces re-designs for every UI (mobile, tablet, laptop, desktop, etc.) instead of just relying upon proven, built-in technology.
Is there a way to change this cross-domain setting, or to whitelist specific domains to override this feature? We do have access to the parent site with an external JS include file (obviously, otherwise this would be a wide-open back door).
To Disable SuppressDifferentOriginSubframeJSDialogs , which block js Dialog box pop up
If you are single users ( Windows ) :
Right click on desktop and create a shortcut
Windows will pop up a screen and ask you "type the location of the item:"....now paste those value into the textbox
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features=SuppressDifferentOriginSubframeJSDialogs
Click "next" then "finish" button to create the shortcut
Now you shall see a chrome shortcut created in your desktop .Close all active Chrome instance ( if exists ) then launch the shortcut and you will found Js pop up wont block anymore.
Tips :
If you want push this fix to all your cooperate domain users , you may consider use Domain group policy to update Chrome shortcut value or use custom domain logon script logic to do so
I found a setting in the latest Chrome GPO template that creates a reg entry that will deal with this and the same reg entry placed in the Edge location also resolves the error there. (at least it worked for the problem that came up for us yesterday FWIW)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"SuppressDifferentOriginSubframeDialogs"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"SuppressDifferentOriginSubframeDialogs"=dword:00000000
The latest Edge GPO templates do not have the setting yet, but I imagine it's only a matter of time.
Today I tried it again with Google Chrome Version 92.0.4515.131 and it suddenly worked again. Can anyone confirm this?
Add for Mac users.
If you use mac OS:
Quit all running instances of Chrome.
Run the terminal application.
In the terminal, run the command:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --disable-features="SuppressDifferentOriginSubframeJSDialogs"
You can see more details here :
https://trailblazer.salesforce.com/issues_view?title=salesforce-functionality-impacted-in-[%E2%80%A6]oss-origin-iframe-javascript-dialogs&Id=a1p4V000002BRMX

IE11 javascript fails unless debugger is launched

I hava situation where some javascript a web page works fine in Safari and Chrome, but fails in IE11. Unfortunately due to issues with confidentiality I cannot put the javascript up here.
In IE11 the web page's java script fails to operate correctly. By that I mean some of the javascript works and some doesn't. With no errors displayed or any other indication of whats wrong.
If I try to debug the page using IE's developers tools, all the javascript works perfectly without any errors or issues.
Searching on the net I found many people with the same IE problem - fails normally, works when debugging. The main issues they talk about is the console.log(...) statement. I checked my javascript and don't have any console.log(...) statements.
I then saw a stackoverflow thread where adding a cache:false to the $.ajax({... calls solved the issue. I added the same flag but the problem still persists.
Are there any other bugs I've not found?
The web page is using jQuery to handle most of it's manipulation of the DOM with a single $.ajax... call and a series of $.get(... calls polling the server.
How to debug your web pages.....IE11 tips.
All modern web browsers suppress scripting error messages and warnings by default. (In the early days web browsers would halt page loading/rendering and display a script error message with an alert statement)... this gives the best user experience who isn't concerned with the internal workings of web site code.
So, scripting errors will only BREAK execution if:
1. The browser debug tool is opened. and
2. The developer tools' Debug tab setting for Break on Exceptions has been turned on.
So to debug your web pages.
1. navigate to about:blank to start a testing cycle.....press f11 to display the dev tool, select "Break on all exceptions" from the dropdown (looks like a stop sign). Pin the dev tool to the bottom of the browser.
2. Return to the browser address bar and navigate to your test site (typed address of paste and go)...
The dev tool will now break on ALL exceptions and you will list them in the console tab.
IE has built-in content blocking and has ActiveX filtering (ad blocking) which can affect outcomes. You need to configure Internet Options so that the IE dev tool console will record any blocked content or security (XSS) errors.
Tools>Internet Options>Advanced tab, check "Always record developer console messages".
Also on the Emulation tab of the IE dev tool you will find the Emulation Mode (aka documentMode) that IE is using, and how it was established eg. x-ua meta, Enterprise site mode list, user Compatibility View list, etc
If you are developing an internal company website, the emulation mode used by IE may be for an earlier version of IE.. (IE8 on XP).. you should include this information with your questions.
You should also include the IE security zone that your site has been mapped to.. File>Properties menu in IE.... eg. Intranet zone as this can have different security and blocked content outcomes.
finally, the first step in troubleshooting web browser issues is to test in noAddons mode (for IE, winkey+r>iexplore.exe -extoff ). IE has built-in form-fillers and popup blockers... third-party addons can affect the outcomes expected.

VS 2013 WPF WebBrowser Enable Javascript

I'm trying to make a custom browser with some buttons to instantly switch to the websites I visit most often and have click button logins etc. (ease of access)
wb.Navigate("http://www.________.com");
So the problem is when I get on the website I have some script errors pop up, I have activex to silent them but when it logs in as the website proccesses my login request it comes back with "You need javascript enabled".
Now I have read a lot and the only things that seem to be relevant was to change the registry for the program or to relax my internet options both which have failed and all the other information is from like 2007 which references are no longer available.
Any ideas how to wb.IsScriptsEnabled = true;?
After spending all day on this I discovered there is
HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)
SOFTWARE
Microsoft
Internet Explorer
Main
FeatureControl
FEATURE_BROWSER_EMULATION
yourapp.exe = (DWORD) version
Nobody has mentioned (HKEY_CURRENT_USER) So I tried it and it appears to be working now. Will update if not so.

How to sign script or webpage requiring UniversalXPConnect privilege

I have a website which uses some functionality implemented in the Firefox extension, which I developed. JavaScript script on one of my webpages requires UniversalXPConnect privilege for communicating with XPCOM component implemented in my Firefox extension.
By default, when my script tries to enable this privilege for accessing XPCOM component:
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
... the following error occurs:
Error: A script from "http://example.com" was denied UniversalXPConnect privileges.
To enable this privilege currently users need to manually edit "signed.applets.codebase_principal_support" setting in "about:config" Firefox page.
From this page: http://www.mozilla.org/projects/security/components/signed-scripts.html I learned that it is possible to explicitly sign my webpage containing script which requires this privilege. After I sign my script users will not need to manually edit above mentioned setting.
Website is hosted on Linux platform under Drupal CMS.
I would very much appreciate if you could give me detailed step-by-step instructions on how do I sign my script (what tools should I download, how to create certificate, etc.), such that after following your instructions editing about:config setting will not be necessary.
As of Firefox 16 signing the script will not likely work since support for universalXPconnect seems to have been removed and you should now use an add-on for added privileges although I don't know how. https://bugzilla.mozilla.org/show_bug.cgi?id=546848
EnablePrivilege is disabled in Firefox 15 and will be removed in Firefox 17.
check out this:
https://developer.mozilla.org/en-US/docs/Bypassing_Security_Restrictions_and_Signing_Code

Categories