http://i.imgur.com/s4ZQI.png (Can't post image because I'm a new user)
Age old question; is there any way to make a piece of JavaScript safe to use on Internet Explorer without having the security warning popup box. The JavaScript I'm using is simply a drop-down sub-menu that appears when you hover over a link.
If it's something to do with the way the JavaScript is coded, I can link if needed.
Thanks
Assuming that your problem is caused by testing pages from your local disk (and not through some really esoteric scripting) either:
Run a web server and test your pages on that
Give your pages the mark of the web
The point being to run them in a security context that allows scripts to execute.
Related
I just realized that what is a nice and working layout of a form with a webresource in on-line version, looses some (but not all) of the formatting when accessed via Outlook. It looks ugly and, I also get errors.
It's somehow related to the JavaScript added to the solution. Or, rather, the web resources, I'd say. Any suggestions on how to debug? F12 doesn't show the console when run from Outlook. I haven't done much with that version so any hint might be of help.
Are you able to narrow down your problem to a part of the script? Could you for instance disable and enable parts of the script(s) to see what works and what does not?
Since the layout is also being influenced, I think you are doing some (or a lot of?) DOM manipulation. This page on MSDN states:
HTML DOM manipulation is not supported
But there should not be that much of a problem (heard that one before...) using Outlook: Dynamics CRM 2011 Outlook client and browser rendering
Edit:
Just to prevent people overlooking the link to a related post from the comments: Random JavaScript Errors in CRM 2011 Outlook Client
Although the page you see in the CRM-Outlook is indeed rendered by IE, it's being served from another version of the engine than what is used to browse. During the rendition process it's "picturized" (lacking a better word for it) so what you see originates in a webpage but isn't one.
I don't think there's a way to debug that version. You can only rely that the development you've tested will work as supposed to. Note that there's no connected process of IE run at the same time as the Outlook client.
I'll gladly stand corrected but as far I've tried (and I've tried a lot, a lot), there's no way to get there.
Is it possible to open an actual explorer window rather than have the look in directory on your browser?
So like the windows key + e window... preferably using html or JavaScript?
I've seen it been done in a Firefox add-on called new tab king, but i couldn't figure out how to split up this code.
Most, if not all, javascript is blocked from interacting with anything outside of the browser.
You maybe able to accomplish it with a flash based object. Like they use for some of the copy and paste techniques using javascript.
Its a huge security hole to open up the javascript to the windows environment.
I could ust open a hidden file browser and start coping files, or load something on to your system.
This is not reliably possible using pure HTML/JavaScript.
In general, website maintainers cannot use JavaScript to force the browser to open an application in a specific way, because that would heavily impact the user experience.
No, not definitely not using HTML and hopefully not in pure JavaScript.
Probably possible using some horrid ActiveX control in Internet Explorer but you really don't want to go down that route.
I am making an html/javascript browser homepage, that could be downloaded to any computer - you simply run the *.html file from your computer and it opens in your default browser; in it you have a compact homepage, with several options - you can make a bookmark list, write notes etc. You can leave it opened as it is just a separate tab.
I'm wondering whether it's possible to use javascript in order to open, for example, windows media player or make it possible for the user to set a default music player. Or even close the previously opened program? Could this be done?
I think it would be best if the user could just set the default programs. Getting the file location is not the problem, is anything else needed?
You can't do this unless you write a browser extension (plugin), for example.
Most web browsers put a lot of work into sandboxing JavaScript so any malicious users can't compromise the system the client's browser is running on, although older browsers are as watertight as sieves. Modern browsers are a lot better, but there are/may be some holes somewhere. All this security means that JavaScript can't (isn't supposed to be able to) access any part of the client's machine.
Any respectable browser will block javascript from accessing anything on the user computer. It is a huge security risk to let a script in a HTML page do something like you want.
Depending on the browser and the configuration, it may be possible, but you absolutely shouldn't try to do it.
You can maybe achieve what you want through a browser extension, but you will have to write it for each different browser your customer are using.
Maybe the best thing to do is write a rich client instead of using HTML/Javascript.
It would be doable if the HTML page were not opened in the browser! The browser makes its best not to allow such things for security purposes.
Not that JavaScript in itself is not able to do this -- the language is used in plenty of other places, see here.
You can do something similar to this using a wrapper like Fluid ( http://fluidapp.com/ ) which encapsulats your page and turns it into a native app (with its own sandbox) There are equivalent programs for other platforms as well as Mac.
I'm trying to find all instances of an advert on a website. The advert is in an iframe which is loaded by javascript (it doesn't appear at all if javascript is turned off). Detecting the advert itself is extremely simple, both the name of the flash file and the target of the href always contain a certain string.
What would be the best "starting point" for achieving this? At the moment I'm considering an Adobe AIR app, which could crawl the site and examine the DOM to find the ad, and would run javascript and load the content of the iframe. The other option I can think of is using Firefox as the platform (using maybe GreaseMonkey or Selenium? I don't really know how to leverage Firefox like this).
Does anyone know of anything suitable to build this, or have any suggestions on using Firefox to do it?
Extra details:
Being CPU intensive isn't really an issue, nor is anything depending on a browser being open. This doesn't need to run on a headless server, it will be running on a powerful desktop box. OS is also not an issue. It would be advantageous if the crawler loaded each page multiple times, as the advert is in rotation. While the crawler does need to execute the javascript and load the content of the iframe, it does not need to be able to display flash files.
An alternative to using a "browser as a crawler" is using HTMLUnit as the page says, it's:
HtmlUnit is a "GUI-Less browser for Java programs". It models HTML documents and provides an API that allows you to invoke pages, fill out forms, click links, etc... just like you do in your "normal" browser.
It has fairly good JavaScript support (which is constantly improving) and is able to work even with quite complex AJAX libraries, simulating either Firefox or Internet Explorer depending on the configuration you want to use.
I think You don't want a crawler. You are going to run it on a single page and not want it to look around the internet through links, right?
If so - You want to find something on the page with javascript on. You then just have to use javascript.
You'll need:
the site :)
correct rights to access its content - use greasemonkey for FF or user scripts in Opera
a code similar to this jQuery sampe:
finding stuff in iframes:
$('iframe').each(function(){
$(this).contents().find('object').each(function(){
if($(this).attr('name').match(/regex/)){
$(this).remove(); //or do whatever You want
}
});
});
caution: accessing iframe contents may differ in browsers and is influenced by time when You run the script
If the ad is only displayed when javascript is enabled, you are going to have a problem, as no crawler is going to be able to read the web page in that matter.
Is there something in the javascript code itself that could be a tipoff to where the add is displayed? If so, maybe you can check that.
I've tried similar stuff before, and I used BeautifulSoup in python, and it worked really well.
One of my clients has Norton 360 installed on his computer, and it's interfering with the javascript in my web pages. Not all JS, just some.
Simple things like
<a href="page.html" onclick="somefunc(); return false;">
don't work. Also using jQuery to attach on onclick event to an a tag doesn't work either:
// doesn't work
$(document).ready(function() {
$("#old_trans_link").click(viewOldTrans);
});
What should I tell my client? What should I tell our users? Is there any way around this madness?
Everyone doing JS heavy pages must run into this. How do they deal with it?
Edit: He also has McAfee installed at the same time.
I've never heard of anti-virus interfering with in-browser JavaScript in that way. My best guess would be that they have their virus scanner running at a very aggressive security level.
The easiest options, in terms of amount of work required to address this issue would be:
Recommend your users lower their security settings
See if they can whitelist your site so the application will work correctly
Recommend a browser other than Internet Explorer, or suggest they install Chrome Frame
Of course, if these are not feasible options, you may have to go with a more simplistic approach to using JavaScript on your page. Instead of requiring JavaScript on the site, use it to enhance the site and make features easier to use.
To do this, you would have to make everything on your site work with JavaScript disabled. Have everything perform POSTs to the server for processing. JavaScript would sit on top of all of this to enhance the experience for users who have JavaScript working. In this scenario, things like anti-virus blocking click events on anchor links would end up with a submission to the server.
Of course, this is a lot more work on your part because it almost requires writing 2 versions of the site. This is an argument that is brought up all the time online, even when developing StackOverflow, as was discussed on their blog.
You're better off telling them to add an exception for your site.
They probably are using some sort of web shield I assume. Try asking them to add an exception to your site
Edit:Adding Link
http://www.symantec.com/norton/360
Under "Advanced Protection"
"Blocks browser, OS, and application threats; protects against infected Web sites"
So I assume there should be a way to add an exception