Some background: I have inherited a working Silverlight application which behaves as follows:
there is an iframe on the host html page which itself connects to another page.
this page is a long-lived request which returns a series of <script>parent.callFunction(data)</script> blocks
these scripts are executed, call up to their parent, which in turn calls the silverlight app itself using the html bridge.
In this way we have a working streaming data service via the browser into the app, but I can't make this work out-of-browser.
By using a WebBrowser control and window.external.notify I'm able to recreate most of the functionality described, but the script blocks in the long lived request are not acknowledged or executed by the WebBrowser control.
Is there any way I can force the WebBrowser control to execute these script blocks?
Or, is there another way of achieving the goal? I've been chasing this problem on and off with fiddler for over a week before understanding what the problem was, and now can't find any information. Microsoft's idea seems to be to create my own version of IE using WinForms - but this seems like a poor substitute.
Although I haven't tried your exact scenario, my guess is that you are hitting a cross domain policy violation when running OOB.
If you haven't yet, try the OOB elevated trust application route and see if that can solve it.
Related
I have a client-side Golang application running on my machine. I also have a browser open, and in that browser there might be a tab running my web application (which is completely separate from the Golang app).
From the Golang app, I would like to programmatically refresh the browser tab (and maybe if possible, bring it to front, but that's less important).
I researched quite a lot already, and I concluded this is not possible just by communicating to the browser, there is no standard (especially cross-platform and cross-browser) interface with which we can trigger the refresh of a specific tab of a browser.
So I suppose I'll need to have some custom JS code running on the website with which my Golang application can communicate and trigger the refresh of the tab.
What's the easiest way to do this?
(I was looking at livereload.js and lrserver, but these all start with the premise that there is a folder of content we'd like to watch and automatically reload on any change. But I don't want that, I just programmatically want to trigger the refresh. Also, this Golang app is not hosting the website, it's just a separate client-side application.)
As suggested by some comments, there seems to be no API through which we could connect to a browser from Golang, query the list of tabs, and refresh a particular page (at least not in a cross-browser and cross-platform way).
One possible approach to do this is to host a small WebSocket endpoint in Golang, and connect to it from the site we want to refresh. Then send a message through the WS connection every time we want to reload the site, and in JavaScript call location.reload() when we receive the message.
I described all the details in a blog post, and uploaded a complete working example to GitHub.
Is it possible to get around the security and mimick either a full-browser or mobile browser within a webpage?
I had an idea to set the HTML manually, using an AJAX/XMLHttpRequest ("Get" request)
document.querySelector('#myiframe').contentWindow.document.write("<html><body>Hello
world</body></html>");
(from How to set HTML content into an iframe)
Can anyone verify this is possible? I'm guessing you would lose relevant site date (cookies, cache, etc)
Is it possible to get around the security
Yes, many browsers let you start them in a security-off mode, e.g. on chrome you run the program with the --disable-web-security flag. However, you should never ask a client to do this.
An alternative way would be to write a Java applet, or some other third-party plugin, which fetches the resources you want and then passes it over to the browser with your favourite method, from which you can use JavaScript on the data as desired. This method would lose things like cookies, and might be exploitable so I wouldn't recommend it.
mimick either a full-browser or mobile browser within a webpage?
Finally, if you don't mind the "URL bar" displaying the wrong thing when a user navigates, you could just use the default behaviour. This method is totally acceptable and doesn't circumvent any security.
I'm building an automation tool at work, and I've hit a bit of a snag... The task is to automate the laborious process of navigating a large web-based GUI which sends queries to a database based on the values entered in various fields. We do not have access to the database itself or the server on which the web-GUI is located. Furthermore, the protocol for the web-GUI is https. Is there any way to have javascript open the web-GUI in a new window and then act on it [clicking buttons, reading returned text strings etc.]? The implementation doesn't have to be javascript (autoIT would do the same job much more easily) but I am curious as to how the access denied errors might be overcome. I have read about certain workarounds, but none of them went so far as to actually attempt to interact with elements of the cross-domain document. I have also discovered easyXDM, but it doesn't solve the protocol discrepancy, and I'm not certain it would work for my situation anyway. Any input would be appreciated!
thanks,
CCJ
You are not going to be able to do cross domain because of the same origin policy.
Sounds like you should do something with greasemonkey or with selenium to automate it.
I am quite new to web application development and I need to know how would I make other sites use it.
My webapp basically gets a username and returns some data from my DB. This should be visible from other websites.
My options are:
iframe. The websites owners embed an iframe and they pass the userid in the querystring. I render a webpage with the data and is shown inside the iframe.
pros: easy to do, working already.
cons: the websites wont know the data returned, and they may like to know it.
javascript & div. They paste a div and some javascript code in their websites and the div content is updated with the data retrieved by the small javascript.
pros: the webside would be able to get the data.
cons: I could mess up with their website and I don't know wow would I run the javascript code appart from being triggered by a document ready, but I wouldn't like to add jquery libraries to their sites.
There must be better ways to integrate web applications than what I'm thinking. Could someone give me some advice?
Thanks
Iframes cannot communicate with pages that are on a different domain. If you want to inject content into someone else's page and still be able to interact with that page you need to include (or append) a JavaScript tag (that points to your code) to the hosting page, then use JavaScript to write your content into the hosting page.
Context Framework contains embedded mode support, where page components can be injected to other pages via Javascript. It does depend on jQuery but it can always be used in noConflict-mode. At current release the embedded pages must be on same domain so that same-origin-policy is not violated.
In the next release, embedded mode can be extended to use JSONP which enables embedding pages everywhere.
If what you really want is to expose the data, but not the visual content, then I'd consider exposing your data via JSONP. There are caveats to this approach, but it could work for you. There was an answer here a couple of days ago about using a Web Service, but this won't work directly from the client because of the browser's Same Origin policy. It's a shame that the poster of that answer deleted it rather than leave it here as he inadvertently highlighted some of the misconceptions about how browsers access remote content.
We are using a custom protocol handler to connect to an embedded device across firewalls, NAT etc. The solution is called Nabto.
This works great - a plug-in on the user's computer handles requests to all nabto:// URIs and serves HTML pages with information about the current connections etc.
Now, we would like to access Nabto functionality from a regular web page. This is difficult with browsers enforcing the Same-Origin policy (e.g. our http page cannot communicate with the nabto page).
So far, I am trying to solve this using easyXDM by having a "proxy page" served by the nabto plug-in. This page is then allowed to launch nabto:// requests and can communicate the results back to the http page using easyXDM.
However, same-origin requests fail in Internet Explorer - even when both pages reside in the nabto://self domain. I get this error: image
Is this an error in Internet Explorer? Any idea how to solve it?
Thanks a lot,
Martin
We had huge issues that sound similar to yours when developing the plugin. I must admit that we gave up getting clean Ajax support working through Nabto after spending a lot of time on it. In fact, the final thing that happened was opening a support case with Microsoft about it, the case bounced around and we never heard anything back.
There might be a chance though for a hack: In the meantime we realized that IE allows you to populate images through nabto:// urls on an http / https page. Maybe you can populate an image object through your query and extract the result from there?
On a side note: You are welcome to post in the support forums (forum.nabto.com) about such things. On the other hand, you help spread the word about the product in this way ;-)
Ulrik