Try this nice JavaScript: http://www.patrick-wied.at/static/nudejs/demo/
Warning: slightly NSFW.
It won't work when i open it from my local machine. Either by copying the 3 exact source codes and making the picture locations absolute (or else by downloading https://github.com/pa7/nude.js/archive/master.zip).
I am lost why? it must be a silly/simple reason since the demo page is obviously working and JavaScript only, so why would it make a difference where you store it?
I think this is because of the browser security restrictions. are you opening the html file from the file system, instead of serving it from localhost? or are you referencing resources from another domain that does not have CORS enabled? Debugging with the console should help.
Related
There is an issue I am facing in HTML page.
I have included a javascript code in that page due to which ActiveX warning message is thrown each time the HTML page is uploaded on local system.
To stop this warning being shown to the users, I have used MOTW (Mark of the Web) and included this code snippet at the top of the HTML Page:
<!-- saved from url=(0016)http://localhost-->
This line of code prohibits the warning prompt message.
But now the relative URLs on the page have stopped working.
Please help me find me a solution so that neither the ActiveX warning arises nor the relative links on the page should stop working.
Thanks in advance.
The ActiveX warnings should only arise when you are accessing your site from the local file system, for security reasons. When you access it through a (local or remote) web server the warnings should be gone.
Can you not use Apache (included in XAMPP), or something similar, to serve your pages (even locally, through http://localhost/)?
Edit:
Alternatively, you could disable that particular security setting in Internet Explorer (which I assume you use, because you mention ActiveX). Or you could try a different browser: Firefox, for example, does not have these restrictions.
Have you tried using a <base href="ENETERBASEURLHERE" />
I've noticed that some simple scripts in JavaScript that work perfectly on my local server don't work at all online.
How can be this possible? JS client-side scripting? Any ideas?
Sorry for not providing much information, and for my English, too.
Mine was a general question.
For example:
$('#posticipa').click(function(){
var stato = $('#future').css('display');
if(stato == 'none'){$('#future').css('display', 'block');}
else{ $('#future').css('display', 'none');}
});
This piece of code works perfectly on my local Apache server on Ubuntu 9.10, with Firefox 3.6, 3.5, Google chrome and Opera.
When I upload it on my remote CentOS server, also running Apache, it doesn't work. No errors are displayed in Firebug or the console; it just doesn't run.
I'm using the same version of jQuery on both servers.
Check console in your browser for errors. If it is Firefox - install firebug, if it chrome - press Ctrl + Alt + J.
It depends on what your script is trying to do. "Any ideas?" is pretty broad. But client-side scripting has a lot more restrictions than server-side, for obvious security reasons. For example, if you could access the client's file system through client-side JS, any website on the internet would be able to take control of your system.
JavaScript Security Restrictions
Having looked at your edited question, I think it's most likely that one of two things is happening:
Some kind of error is causing the JS to fail before this code is hit (but you say FireBug isn't displaying an error, so if you've got FB set up right this shouldn't be the problem)
The entire script is never getting hit, probably due to an incorrect src attribute in the script tag.
Try putting a debugger; line or an alert somewhere very early in your JS code. That should tell you whether the script is getting hit (the debugger command should tell FireBug to go into debug mode, provided you have FB's Script tag enabled on when you load the page).
If it isn't getting hit, make sure the script's src is the correct, reachable URL. If it is, move the line steadily down your code until it doesn't fire anymore. That should help you figure out where the error is.
During a normal browsing session I want to edit a specific javascript file before the browser receives since once it gets there it's impossible to edit. Is there are any tool for this? For what I need it I can't just save it and edit it on my disk.
I'm ready to learn how to program it myself but if anyone can point out more or less what I have to do I'd be very grateful. I'd have to intercept the packets until I have the whole file while blocking the browser from receiving it any part of it, then edit it manually and forward it to the same port.
I don't think I can do this by just using pcap, I've read a bit about scapy but I'm not sure if it can help me either.
Thanks in advance.
You'd need to implement some sort of proxy, or hook into an existing one, and intercept the file as it's being downloaded and replace it.
Not trivial for a beginner, but a good learning project.
If you are happy to, rather then editing a file, replace it with a local one, then I would* use Charles and its Map To Local function.
Actually, "did". This helped me debug a problem with a browser and a JS file I couldn't edit yesterday.
You can probably achieve whatever it is you are wanting to do by using the firefox firebug plugin, chrome's development tools or the firefox greasemonkey plugin.
Or you could enter the files domain into your hosts file and point that domain to your local machine (running a web server), edit & save that javascript file locally and serve it from your own web server.
I noticed that when I open HTML file locally by double clicking on it, it will not "run" the same as if I had it on a web server and opened it by HTTP GET request.
I need to have a local HTML file a user can open by double clicking on it. This HTML file has several JQuery load calls such as this:
$("#content").load("http://somepage.com/index.html");
I want to update several divs with content from remote sites.
This works fine If I have this file on a web server but not if I double click it under windows explorer... How can I "make" the file "run" as it would on a web server?
I think you pretty much cannot. This has to do with domain-access restrictions, which are there to avoid cross site scripting and the likes.
The files on your hard drive are especially limited - think what the life could be if they were allowed to treat your whole hard-drive as a single domain.
If you want things to work properly you need to be running a server. XAMPP is a pretty good bet as it's easy to install and set up.
Any non-AJAX javascript will work fine as is though, as long as the paths to include any css or js are relative.
You can't do this locally. You have to have it hosted somewhere for this to work. It's done this way for the sake of security.
What are you trying to do that you "need" to have this?
I have a site, from which you can download an HTML file. This HTML file contains a form with hidden fields, which is right away posted back to the site using JavaScript. This is a way of allowing users to download to their own machine data that they edit on the site.
On some machines, you get an IE "yellow bar" when trying to open the file you saved. The "yellow bar" in IE is warning that the HTML is trying to run an Active X (which it is not, there is only JavaScript doing a submit() on a form). However if you receive the exact same HTML file by email, save it, and open it, you don't have this problem. (It looks like IE is putting some more constraint on what can be done in a HTML file you saved from web site.)
My question is: where can I find documentation on this IE security mechanism, and possibly how can I get around it?
Alex
The yellow bar is because your page is executing in the Local Machine security zone in IE. On different machines, the Local Machine security zone might be configured in different ways, so you can see the yellow bar on some machines and not see it on other machines.
To learn more about the IE's URL Security Zones, you can start reading here: http://msdn.microsoft.com/en-us/library/ms537183.aspx
Look here for details on the MOTW - Mark Of The Web
If you add this to your locally served pages, IE will not show the yellow bar.
http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx
I am not usre about any specific documnet, but if you open the properties for the file in windows explorer on the general tab is the file blocked? if so click unblock and try again and see if you gte the same issue. This is typical security for files downloaded fom the internet.
Other than that i am afraid i dont know what else to suggest.
I don't 100% follow what your JavaScript is submitting to, but if you're submitting back to the original site from the downloaded copy you'll have a problem using JavaScript as all browsers treat cross-domain JavaScript as a security violation.
JavaScript isn't allowed to read or write to any site not on the current domain
As Franci had said it is becaue you are in the local machine security context and this allows scripts to create objects and execute code that could do harm to your PC. For example you can create a File System Object and perform tasks that an untrusted page shouldn't perform generally because it could be malicious in nature.
Have you tried changing the file name from yourname.html to yourname.hta to see if the security problem goes away?
More on HTML Applications (.HTA files): http://msdn.microsoft.com/en-us/library/ms536496%28VS.85%29.aspx