Recently, a few developers have started creating apps which do nothing more than point at state-owned content (free, public property) through UIWebViews. This wouldn't ordinarily be a problem, except the apps are all ad-supported and some are even paid. Essentially, they're making money on state-owned content.
My question is this: how can I force the site to open a new Safari window rather than display in the UIWebview (which is wrapped in their app's branding)? I am able to detect UIWebview using the following, but am unable to do anything besides simply hide the content. I'd prefer it to provide a link to our content which then opens in Safari.
This is how I'm detecting UIWebview:
var is_uiwebview = /(iPhone|iPod|iPad).*AppleWebKit(?!.*Safari)/i.test(navigator.userAgent);
unfortunately its fairly trivial for a developer to force the User-Agent string to anything they want, so your attempts to thwart these developers might only be temporary. You can't force your content to be viewed in a browser. A user could use a tool like CURL to view your content also...
Once you detect that you're in the UIWebview, you need to fire a window.open() to put your content in a fresh window.
This talks about some quirks that make it a little tricky (but not impossible): Opening popup links in UIWebview. Note that the question there is the reverse of yours, but the accepted answer does show how to get UIWebview to pop a new window via Javascript.
This has been a concern ever since the Web began. You can't stop people from scraping your content, but you can make it hard to reframe it.
Edited to add
Unfortunately for you, the app can intercept window.open(): UIWebView respond to Javascript calls
I suppose you could always give up and show a banner that says something like "you paid for this data with your taxes, you shouldn't pay for it again with ads. Just open a browser and go to ... "
You can find out if it is a WebView or Mobile Safari, as seen in this thread. The problem is, that you could only open Safari via a custom URL scheme, but think, only http://, https:// etc. work. Even if there would be something like safari-http://, the programmers of the apps with the UIWebView could catch that request and redirect it back into the web view. So, I'm sorry to say: That's not possible.
Related
I'm trying to develop a Chrome extension that is supposed to completely replace a specific website's pages with a new UI. In other words, when the user visits said website, the extension should "intercept" it seamlessly and display the new "app" (preserving the URL and without opening a new tab or window). I currently use a content script to manipulate the DOM, but it's too messy.
Chrome apps such as Google Docs achieve the same goal through URL handlers, but they're not an option since they're now deprecated.
Currently, I'm aware of two options:
Intercept the URL and redirect it to an extension URL. I want the URL to be preserved.
Use a content script to stop the page from loading at document_start (using window.stop()) and then "inject" the new app. Apparently, that works, but it sounds quite hacky and prone to unexpected glitches.
What I'd like to know:
Is the second approach good enough? What limitations and other issues will I face if I use it?
Is there any other approach that is at least as good (and preferably designed for this purpose)?
You can't open a chrome app in a tab, only in a window. I don't think they have content scripts either.
Also, chrome apps are now only available on chrome os when you publish it for the first time (existing chrome apps work for any os).
To solve your question, you could use an extension with content scripts and just open up an iframe fullscreen so the url is preserved in the omnibox and it could have the page you want in the iframe as the page that would be in the app.
Content handlers are meant for opening a special protocol url to do something like send an email, etc. Examples would be like tel://, sms://, mailto:, etc.
So you would not want this. Also they aren't that noticable when approving to handle the protocol.
UPDATE: Found How can I get the current tab URL for chrome extension?
I require the tab.ID to refer to a tab of a specific URL. However not sure if this means me issuing the extension refresh itself constantly (or will the iframe the extension is contained within do this live)?
================
OP
I would like to develop a Chrome extension. At this stage of development what I need it to do is 'know' which website it is on. I'm not very experienced with JavaScript (I have some experience developing applications in Java and C, whereas Python is kind of my specialty language and I've deployed a lot of powerful tools using this).
I'm not sure how to go about getting live information of the website the user is currently viewing without constantly refreshing the iframe the application is contained in. I'm thinking of some kind of for loop to do this work for me but I'm also worried about the rate at which this refresh is going to take place (I don't want Chrome to start CPU hogging if many tabs are open).
The framework I'm looking to use during development looks like this (not sure if this is ideal but this is what I have in mind)...
FOR [EXTENSION IFRAME]
{
Extension page IS Extension_OFFLINE (indicating tab is not on, online_example_page)
Extension page IS Extension_ONLINE (indicating tab is on, online_example page).
}
Such that [EXTENSION IFRAME] actively detects what web-pages you are viewing. I would like to avoid refreshing the extension constantly to get this information if possible.
So what it'll look like is the logo and html page will change depending on whether or not you're connected to the online_example page which could be https://example.com.
If the user is on different tabs this is fine. I only need it to detect at least one instance of https://example.com (so ideally ranging over all tabs).
Thank you in advance if you're able to help!
Is it possible to get around the security and mimick either a full-browser or mobile browser within a webpage?
I had an idea to set the HTML manually, using an AJAX/XMLHttpRequest ("Get" request)
document.querySelector('#myiframe').contentWindow.document.write("<html><body>Hello
world</body></html>");
(from How to set HTML content into an iframe)
Can anyone verify this is possible? I'm guessing you would lose relevant site date (cookies, cache, etc)
Is it possible to get around the security
Yes, many browsers let you start them in a security-off mode, e.g. on chrome you run the program with the --disable-web-security flag. However, you should never ask a client to do this.
An alternative way would be to write a Java applet, or some other third-party plugin, which fetches the resources you want and then passes it over to the browser with your favourite method, from which you can use JavaScript on the data as desired. This method would lose things like cookies, and might be exploitable so I wouldn't recommend it.
mimick either a full-browser or mobile browser within a webpage?
Finally, if you don't mind the "URL bar" displaying the wrong thing when a user navigates, you could just use the default behaviour. This method is totally acceptable and doesn't circumvent any security.
I'm sorry if this is a newbie question but I don't really know what to search for either. How do you keep content from a previous page when navigating through a web site? For example, the right side Activity/Chat bar on facebook. It doesn't appear to refresh when going to different profiles; it's not an iframe and doesn't appear to be ajax (I could be wrong).
Thanks,
I believe what you're seeing in Facebook is not actual "page loads", but clever use of AJAX or AHAH.
So ... imagine you've got a web page. It contains links. Each of those links has a "hook" -- a chunk of JavaScript that gets executed when the link gets clicked.
If your browser doesn't support JavaScript, the link works as it normally would on an old-fashioned page, and loads another page.
But if JavaScript is turned on, then instead of navigating to an HREF, the code run by the hook causes a request to be placed to a different URL that spits out just the HTML that should be used to replace a DIV that's already showing somewhere on the page.
There's still a real link in the HTML just in case JS doesn't work, so the HTML you're seeing looks as it should. Try disabling JavaScript in your browser and see how Facebook works.
Live updates like this are all over the place in Web 2.0 applications, from Facebook to Google Docs to Workflowy to Basecamp, etc. The "better" tools provide the underlying HTML links where possible so that users without JavaScript can still get full use of the applications. (This is called Progressive Enhancement or Graceful degradation, depending on your perspective.) Of course, nobody would expect Google Docs to work without JavaScript.
In the case of a chat like Facebook, you must save the entire conversation on the server side (for example in a database). Then, when the user changes the page, you can restore the state of the conversation on the server side (with PHP) or by querying your server like you do for the chat (Javascript + AJAX).
This isn't done in Javascript. It needs to be done using your back-end scripting language.
In PHP, for example, you use Sessions. The variables set by server-side scripts can be maintained on the server and tied together (between multiple requests/hits) using a cookie.
One really helpful trick is to run HTTPFox in Firefox so you can actually monitor what's happening as you browse from one page to the next. You can check out the POST/Cookies/Response tabs and watch for which web methods are being called by the AJAX-like behaviors on the page. In doing this you can generally deduce how data is flowing to and from the pages, even though you don't have access to the server side code per se.
As for the answer to your specific question, there are too many approaches to list (cookies, server side persistence such as session or database writes, a simple form POST, VIEWSTATE in .net, etc..)
You can open your last closed web-page by pressing ctrl+shift+T . Now you can save content as you like. Example: if i closed a web-page related by document sharing and now i am on travel web page. Then i press ctrl+shift+T. Now automatic my last web-page will open. This function works on Mozilla, e explorer, opera and more. Hope this answer is helpful to you.
I use Silverlight and I'm trying to get some data to the user side. I can easily display PDF file with an <embed> tag in the browser.
However, I also have to be able to save files form the server. I tried the SaveFileDialog from Silvelright but it doesn't allow setting the file name (which is an issue).
I tried setting a hidden <iframe> source to the URL from the server but that triggers a security warning and it's not good either (there would be too many clueless users calling because it doesn't work).
I tried calling window.open to trigger a new popup set to the URL. That works OK but again there's a security warning.
Is it possible to get rid of that security message? I know it's possible in Javascript.
An exampel is on the site
http://livetecs.com
(go to the live demo, then project manager and open a report in a new window: no security warning!)
How do they achieve that behavior?
If there's any other way to get my reports saved Silverlight I'd be very interested to hear about them.
EDIT: The warning I'm talking about is the Pop-up blocked. To see this pop-up or additional options click here.. banner appearing on top of the page.
Cheers.
There is no way around the pop up blocker when you open up a window without a user action. If there was a way around that, than the pop up blockers would be useless.
Only way to avoid the security message is to have the users add your site to their safe list.
OK, after much fiddling I came accross the Silverlight built-in pop-up window that I couldn't use before.
The only limitation is that it can only be triggered by a user action (which is fine in this context() PopUpWindow at MSDN
It fits the bill perfectly and I couldn't use it before because I wanted to pre-generate the report files before opening the pop-up (and thus I wasn't in a user event context anymore).
I'm going to create a report generation page that will display a status message and then show the report (I haven't worked out yet how I'll do that though).