Cross domain - temporary edit pages with javascript - javascript

I have an idea for a web application and I'm having some javascript trouble.
Suppose the application needs to get a client's website url, show it (in an iframe or something). And then it should be able to temporarily tweak its design with Javascript which I assume is called Javascript injection. (Something similar to what the Developer Tools of browsers can do.)
So the question is: Is this cross domain javascript and if so, what solutions could I use?
, and what's the easiest way?
On a related note: What if the user adds some of my application's javascript code to their website (like how some APIs work), Would that help in any way.
Thanks.

same origin policy does not apply when you are armed with the proper knowledge of how modern web browsers work (IE8+ and of course all the other ones are always ahead of IE)
I specifically tackled this problem by using postMessage and iframe for cross browser communication. This technique works in IE8+ and all modern browsers. Also, ensure you are setting your privacy policy in your headers for 3rd party cookie support in IE.
You can see this working live if you go to kitgui.com and try the demo. You can also use this for free.

If they are including your JS in their page, then the JS is running from their page and you can just use standard DOM.
If they aren't, then the same origin policy will prevent you from touching their site.

This is cross domain. So the solution: Server Side Languages
PHP, ASP.Net, Ruby on Rails, etc. Load their website via that and then you can touch it because it will be a copy on your site. I will warn you though, this can be very difficult when using libraries like CURL (at least in my experience with PHP's CURL).

You culd use bookmarklet to add your javascript code to client's webpage. Like firebug lite does.

Related

How to get title/url of tab while detecting tab change using JavaScript

Detecting Tab Change using javascript can be done easily using page visibility API as it is mentioned in this answer
Is there some way to get the information about the changed tab like the title of the tab/URL etc using javascript, jquery, or any other method?
For (obvious) security and privacy reasons this is not possible on any modern browser I am aware of.
But since you asked for any other methods, you could achieve this pretty easily with a browser addon and the tabs api.
Nope, Javascript interacts with web APIs that the browser has installed on it.
So in order to do this, there would have to be a way within one of the installed APIs to do this. Which I highly doubt there is. Also, Most browsers effectively run the DOM in a contained sandbox meaning that javascript and the web APIs can only access things from within its sandbox aka tab.
That said, it doesn't mean it's impossible. There may be an exploit in one of the API's allowing you to get other browsers info not usually available to you.
Feel free to crawl through all the web api docs to find an exploit and also try to engineer a way to break out of chromes tab sandboxing architecture via javascript.
I won't say it's impossible but it's highly unlikely unless someone makes a big mistake on a future release of chrome and one of the direct to browsers api's has an exploit. Sounds like a lottery win scenario to me just to read a tab.

lean&fast way to make an addon work for all major browsers? firefox,chrome,[opera,internet explorer,safari]

Yet there are tools to make one addon for all major browsers at once,
see: crossrider, kangoextensions and http://besttoolbars.net/products/addon_framework
With greasemonkey and a converter to a full firefox addon,
i already made an addon, that does the following three simple things:
check http status of external links with wiki.greasespot.net/GM_xmlhttpRequest,
(which won't work out with javascript alone as of cross-site-scriting policy.)
manipulate the current page/dom through some regex
inject an additional hosted javascript for automatic updates
but is there any "cross-browser addon maker" capable of the 3 things above?
(especially http to external links like GM_xmlhttpRequest)
and open source, free or at least free of their branding in the addons made with it?
or else what is the easierst way from my greasemonkey script to full addons for also
chrome,[opera,internet explorer,safari(or more)].
(i imagine this alone could be a few kb of code to match the requirnments above and doesnt need to be a complex service like crossrider?)
Thanks!=)
I think you can achieve your goals using the Crossrider platform, writing code once in JavaScript that works on all supported platforms. For your specific goals, you can use the appAPI.request API for your HTTP requests and jQuery/JS DOM to manipulate the page content.
Regarding branding, the Crossrider platform enables you to customize the extension using your own image, specify your own post-installation landing page (Thank You page), and either host a seamless installer widget on your site OR host a Windows installer file, and hence an end user does not see any Crossrider branding at all.
Finally, regarding monetization, we have a strict policy of only monetizing extensions with the mutual consent of the extension developer.
I hope this clarifies your concerns, but please feel free to ask any further questions either on this thread or by contacting our support (support#crossrider.com).
Disclaimer: I am a Crossrider employee

How to change registry settings on a system through web browser

I am trying to develop a web page that will allow user to edit registry settings in windows system. Can i achieve it with client side scripting language.? If yes please suggest me language to do.
Can we do it with jQuery or any other type of library.
Due to obvious security concerns, this is only possible in Internet Explorer(!). This is not a jQuery library, but an activeX control; so it's quite unpleasant to use.
You have been warned, so here is the documentation :
http://technet.microsoft.com/en-us/library/ee156602.aspx
Fortunately is impossible to access the registry from a web app: the only way you have is through an ActiveX control but I would not go down this road.
have a look at the below
Access registry from a web aplication
Far from ideal but ...
If you serve up a ".hta" file (HTml Application) from your web server, Windows will run it as a program outside of IE and give it the privileges of the PC user. It will be in a separate window and there won't be any browser features (Back/Refresh/Address bar etc).
Even then, modern versions of Windows will prompt the user with security warnings if a HTA is launched from anywhere other than a local drive.
I know this thread is old, but I am not sure I like any answers for this problem. Instead of trying to access the Registry directly through Javascript, try writing a Java Applet and talk to the java applet using Javascript. Then in the JavaApplet you can write some JNI code to write a native dll to do what you need. It isn't a direct solution to your problem, but it will allow you to do what you need across multiple browsers. The downside is that you can't use it on browsers that do not support running a Java Applet, such as a mobile platform.
This method will also require you to sign your Java Applet. This is how you get around the security issues. The user will have to accept the applet the first time to give the security access.

how to start up a desktop application in client side

In my web page, I have to start a desktop application on the client's computer if it's installed. Any idea how I can do this?
If the application is MS Office or Adobe Reader, I know how to start them, but the application I want to start is a custom application. You can not find it on the internet.
How can I open the application?
Basically it's not possible to achieve unless an application registers a protocol that will trigger it. If it does that all you need to do is to provide a link using this protocol
yourcustomapp://some.parameters
Another way the 3rd party app can integrate with the browser is if it hooks to it as a plugin. This is how flash apps work etc.
If the app you are trying to launch does not support something like that it's going to be close to impossible to achieve what you want.
The browser sandbox prohibits you from executing local resources, for good reason - to thwart a website destroying your box with malicious code. I've been researching the same functionality.
The only solution I've found is to build an extension in Mozilla Firefox which can launch your app. Extensions live outside the sandbox so they can execute local resources. See this page for how to do that. You may be able to do it cross-browser using crossrider, though I haven't had success with that yet.
You could alternatively build a thick client populated from a web service, and launched from the browser through an extension as mentioned above. This is what I'm doing to get around the sandbox. I'm using local XUL for this.
See my question for additional discussion.
First off - you can't do it using javascript in any sort of a portable mechanism.
If the application is ms office or adobe reader,I know how to startup them
No you don't - you know how to send a document, which the browser associates with these applications and invokes them supplying the name of the local copy of the response. You can't just start the programs.
You just need to do the same for your app - invent a new mime type (the major type would be 'application' and by convention, non-standard minor types are prefixed with 'x-', so you might use application/x-hguser) then associate that mimetype with the relevant program browser side.
i.e: You need to explicitly configure each browser
I already encouter that problem in some complex production environnements.
I do the trick using the following code :
function launch(p_app_path)
{
var oShell = new ActiveXObject("WScript.Shell");
oShell.Run('"' + p_app_path + '"', 1);
}
In IE options > Security > Customize the level > ActiveX controls and plugins > Initialization and script ActiveX controls not marked as safe for scripting, set the value to Ask or Active.
It isn't a security problem when your website is enclosed into a specific security context.
And as they say, it's not worth it to build a gas plant.
JavaScript alone can't do this. (No, not even with MS Office or Adobe Reader.) Thankfully.
There are a number of old ways, including using ActiveX, which may work for your needs. As others have pointed out while typing this, you can customize responses based on the mime type or the protocol, etc.
Any way you look at it, you're going to need control over the end users' browser. If you're in a close environment where you can dictate policy (users must use a specific browser, with a specific configuration), then you're going to need to do that. For an open environment with no control over the end users, you're out of luck.
I'm actually having a lot of success right now with SiteFusion. It's a PHP client/server application framework that serves out XUL/JavaScript applications from a server deamon running in Apache. You access applications from a very thin client in XULRunner, or potentially off a web page using extensions. Clients can execute on any platform, and they're outside of the browser sandbox so you can access local resources such as executables. It'a a fairly elegant solution, their website provides great examples and documentation, and their forum is very responsive. I actually found a minor bug in passing arguments to local executables, posted a question about the forum, and it was fixed by the chief developer in under 15 minutes. Very impressive, overall!

Detecting the autoproxy details in Javascript

Is it possible to detect and get proxy server name and port in javascript?
No. The browser proxy settings are not available from JavaScript running in a web page.
Maybe. The browser proxy settings may be available (in some web browsers) from JavaScript running with elevated permissions (for example, a Firefox add-on).
For what it's worth: While you're asking about JavaScript, getting access to the browser proxy settings even from any kind of browser plug-in such as a Flash or Java applet is also not possible, or at the very least not in any reliable or compliant way.
I mention this only because sometimes such plug-ins provide viable workarounds when JavaScript can't do something ... but here I think you are S.O.L.
Perhaps you could tell us a little bit more about what you are trying to accomplish? Maybe there's another way to address your needs.

Categories