I am having a hard time figuring out a solution for my problem. Here's a code snippet:
var ans = prompt("Mot de passe", '');
if (ans != '' && ans != null)
__doPostBack('__Page', ans);
else
window.location = "../Erreurs/NotAuthorized.aspx";
This code works really great with Internet Explorer 9. But my client is exclusively working with Internet Explorer 8 so I tested it with ieTester in IE8. But the problem is that the prompt doesn't show and it automatically redirect because the input had an empty string ('').
So how do I fix this to work with Internet Explorer 8?
IE has an setting in Internet Options to allow or deny prompt().
(source: adamhaskell.net)
By default in IE8, this setting is off. Consequently, calls to prompt() are ignored and "" is returned by them.
You shouldn't use prompt() anyway. Use a form.
It looks like a security thing specific to IE- 8 for sure, I don't have other versions to test. Calling prompt() produces a warning about a scripted window asking for information. I can click to allow and after refreshing the page, the prompt box appears as expected.
If you are going to insist on using prompt(), you will probably have to stipulate that security settings on the target machines are configured to allow it.
Microsoft developer website tells us that "prompt()" is deprecated and now normally blocked for security reasons:
"By default, this method is blocked by the information bar in the Internet zone. This helps prevent malicious sites from initiating spoofing attacks. "
See http://msdn.microsoft.com/en-us/library/ms536673.aspx
From this report it looks like it's a known bug in IETester?
http://www.my-debugbar.com/forum/t294-Javascript-Alerts.html
Related
We have an application that starts via Click Once in the browser. Since Chromium Edge, Click Once isn't enabled by default. You can enable this setting via edge://flags/#edge-click-once.
I would like to detect if this setting is enabled. If not i would like to direct them to a support page with instructions to enable it.
I don't have access to clients browser in anyway. So I would like to detect this via JavaScript.
I think the flags can't be accessed through js, because js codes can be executed in any browsers. We can't only target the features in a certain browser. I also searched a lot and find no way. Maybe Extension can do this, but I think that will take a lot of effort to research.
As this feature is not enabled by Edge Chromium by default, I think the easiest workaround is to detect the browser version, if Edge Chromium, then remind the user to check if the feature is enabled:
var checkbrowser = (function(agent) {
if (agent.indexOf("edg") > -1) { //check if Edge Chromium
return "the page of showing how to enable clickonce support";
} else {
return "not Edge Chromium"
}
})(window.navigator.userAgent.toLowerCase());
document.body.innerHTML = checkbrowser;
Besides, if your application is used in an enterprise and someone has access to the group policy, you can also suggest IT department to set this group policy: ClickOnceEnabled to enable clickonce in Edge Chromium.
I'm working on a client issue where Modernizr unexpectedly does not detect the support for the localStorage object in Internet Explorer 9. My page correctly uses the HTML 5 doctype (<!DOCTYPE html>) and the developer tools report the page has a Browser Mode of IE9 and a Document Mode of IE9 standards so I would expect this to work.
I've debugged into the following try/catch block in Modernizr and discovered a JavaScript error is thrown as soon as the localStorage object is accessed.
tests['localstorage'] = function() {
try {
localStorage.setItem(mod, mod);
localStorage.removeItem(mod);
return true;
} catch(e) {
return false;
}
};
On some machines the message of the JavaScript error is The system cannot find the file specified.. On others it is just Invalid argument. and Internet Explorer blocks for exactly 5 minutes before it throws the error.
What is causing accessing the localStorage object to throw an error here on Internet Explorer?
I've discovered if the lowest level subdomain matches one of the reserved device names as documented at Restrictions on the File Mask and File Name Properties on Internet Explorer then accessing the localStorage object will throw an error.
This problem is likely happening because internally Internet Explorer is attempting to access the file system using a reserved device name when accessing the localStorage object in order to satisfy the Storage object initialization steps.
It's certainly very much an edge case but if your page is comes from a server whose lowest level subdomain is exactly any of con, prn, aux, clock$, nul, com1, com2, com3, com4, com5, com6, com7, com8, com9, lpt1, lpt2, lpt3, lpt4, lpt5, lpt6, lpt7, lpt8, or lpt9 (e.g. http://prn.example.com) then this could well the reason why you are seeing this problem.
Choosing a lower level subdomain that wasn't a reserved device name in this situation solved the problem.
We hit a similar issue because we ran CCleaner on the machine.
To solve:
Internet Options -> Browsing History -> Delete:
Make sure to check all options except the very first one (Preserve Favorite website data).
We were able to fix, then reproduce this issue by using CCleaner again, then fix again.
Go to this site for more information: http://grekai.wordpress.com/2013/02/24/localstorage-the-system-cannot-find-the-path-specified/
I have a situation where a PC user's browser (I don't know which browser is it) doesn't have support for location.href, http://www.w3schools.com/jsref/prop_loc_href.asp.
JavaScript is on. Cause fancyBox shows up login popup, which result is - location.href change to ./admin.php?act=loggedok (as example)
Can anybody tell me how to detect this and how to process this issue?
Is this possible to lock out this JS code?
location.href = "http://google.com/";
the location object of the navigator is supported everywhere.. what you can do is to make a simple check if location is arround and then react to it as you need..
if ( window.location){ //or if (location in window) for modern browsers..
window.location.href="www.google.com";
}
else{
alert("please enter www.google.com into your address bar"); // :P
}
Btw; in a noscript tag, you cant do any javascript, so you cant "react to the user having javascript off". But you can display additional html in such a way, that shows the user he still lives in the 90's and should update his IE3 and enable javascript ;)
You need to be sure that Javascript support in user's browser is turned on.
As you can see on w3schools web site it is supported by all main browsers.
This link can help: Mozilla: location
why don't you use
document.location.href = 'http://google.com/';
instead?
It works on all browsers unless they have javascript disabled
The problem is either that javascript is not supported, turned off, or the browser does not support the location object which is basically shorthand for window.location. thus use:
window.location.href="http://www.google.com";
As Andron said all major browsers should support it unless they specifically have javascript disabled. You can tell the user about this using the <noscript> tag.
I am using nicedit WYWIWYG editor and all is well in the land of the good web browser but once again MS has cause me frustration through its IE incarnation!
For some reason this command
document.execCommand(cmd,false,args);
is returning false unlike all other browsers, therefore not executing properly
These are my params:
cmd "insertImage" String
args "javascript:nicImTemp();" String
Anyone shed any light? I've ensured that the "allow scripting of Microsoft web browser control" is enabled in the security settings
Thanks
As an XSS-attack-surface-reduction, Internet Explorer 6 and later do not permit a "javascript:" URL as the source of an IMG tag. Specify a HTTP/HTTPS/FILE URI instead and your code should work.
In IE8 you have to put focus() on your editing area first.
I am attempting to check whether cookies are enabled or not using Javascript, cross-browser.
I have got this working fine in Firefox 3 using the following code -
var cookieEnabled=(navigator.cookieEnabled)? true : false;
//if not IE4+ nor NS6+
if (typeof navigator.cookieEnabled=="undefined" && !cookieEnabled){
document.cookie="testcookie";
cookieEnabled=(document.cookie.indexOf("testcookie")!=-1)? true : false;
}
And from what I've seen this seems to be the reasonably established method of checking for cookie support being turned on? However, it refuses to work in IE8, when I turn off cookies in that and run this code cookiesEnabled always equals true.
Any ideas?
Thanks.
Ah found the problem. I was testing my software by navigating to http://localhost...
Of course IE treats this as the Local Intranet Zone and doesn't apply my settings for cookies, so allowing them regardless!
If I navigate to my actual IP address via the local loopback it treated it as internet zone and worked fine :)
Doh!