I am looking for a way to prevent loading a specific JavaScript file on a website for any website of choice, with Firefox.
For example:
Say I don't want to load jQuery (when loading the page, not afterwards 'disabling' it). I then want to be able to set that
http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
should not be loaded. The browser should complete ignore this to debug other JavaScript on the website. I don't have access to the domain directly, so that is why I am trying to do this via the browser.
So for clarity: :) I don't want to disable scripts from a certain domain, but want to be able to disable certain scripts. It can be that 10 scripts are on 1 domain, so killing all 10 of them is not what I want; in that case I want to prevent loading only one.
Is there a way to do so?
Several options:
Use the Addon "Adblock Plus". It will probably still accesses the js but does not execute it.
Use the Addon "Greasemonkey", which - when cofigured right - does not even touch the js-url. But its generally harder to configure right. ;)
Have a look at Firefox's buildin security policies: http://kb.mozillazine.org/Security_Policies Here you can block javascript on an url or even function-level
Go to your hosts file C:\Windows\System32\drivers\etc (Windows) or /etc/hosts (Linux).
Add:
127.0.0.1 ajax.googleapis.com (separated by a tab)
And reopen your browser
This way the jQuery file will fail to load.
Related
I'm trying to develop a Chrome extension that is supposed to completely replace a specific website's pages with a new UI. In other words, when the user visits said website, the extension should "intercept" it seamlessly and display the new "app" (preserving the URL and without opening a new tab or window). I currently use a content script to manipulate the DOM, but it's too messy.
Chrome apps such as Google Docs achieve the same goal through URL handlers, but they're not an option since they're now deprecated.
Currently, I'm aware of two options:
Intercept the URL and redirect it to an extension URL. I want the URL to be preserved.
Use a content script to stop the page from loading at document_start (using window.stop()) and then "inject" the new app. Apparently, that works, but it sounds quite hacky and prone to unexpected glitches.
What I'd like to know:
Is the second approach good enough? What limitations and other issues will I face if I use it?
Is there any other approach that is at least as good (and preferably designed for this purpose)?
You can't open a chrome app in a tab, only in a window. I don't think they have content scripts either.
Also, chrome apps are now only available on chrome os when you publish it for the first time (existing chrome apps work for any os).
To solve your question, you could use an extension with content scripts and just open up an iframe fullscreen so the url is preserved in the omnibox and it could have the page you want in the iframe as the page that would be in the app.
Content handlers are meant for opening a special protocol url to do something like send an email, etc. Examples would be like tel://, sms://, mailto:, etc.
So you would not want this. Also they aren't that noticable when approving to handle the protocol.
There are gazillions of tutorials on how to convert a bookmarklet (or any javascript) to a Chrome extension, but I need the vise versa procedure. I have some extensions, which I would like to have as bookmarklets. The idea behind this: I don't want these extensions as they constantly eat away my RAM. Instead, I want simply press a button and run a bookmarklet, if I need it.
An example is this extension, which simply toggles javascript on/off in the browser. This extension contains only one javascript file (not including icons, manifest.json, and signature file _metadata/verified_contents.json).
I tried to use this javascript as a bookmarklet, but doing so doesn't conduce me to success - javascript wasn't toggled. It seems, that I'm missing something substantial, but I don't know what. Could somebody point me to the right procedure of conversion Chrome extensions to bookmarklets?
Conversion to a bookmarklet is impossible for extensions that use privileged chrome API available only for Chrome apps and extensions, in this case chrome.contentSettings.javascript.set.
The root cause - memory hogging by an extension - can be resolved by switching from a persistent background page to an event page that is unloaded when an extension is not used.
You may nag the author of that extension to do so.
Unfortunately, most of the extension authors appear to be unaware.
Another possibility is to edit the extension's manifest.json manually by adding "persistent": false as shown in the event page docs (don't forget the comma), then load it locally. Some extensions will fail since switching to an event page may require reworking of code.
So, I have wordpress site that was infected by javascript virus, that calls redirect to another site. There is a set of js files.
How to know where javascript calls redirect? What browser tools can use for this?
There are a couple of things you can do.
You can go though javascripts files content which should be encrypted basically using base64_encode so you might get it bit hard to understand code pattern.
You can use the Event Listener Breakpoint -> Load - unload and then when it breaks in the 3rd party library, right click and select Blackbox Script. The next time you play through the code, it should only break in your own code (assuming there are no other 3rd party libraries to blackbox).
Another option is to go to the Network tab and check the Preserve Log checkbox. This will persist all requests between page loads/navigation, so that you will be able to find the network request
For Firefox check this : https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor
I would like to test what would happen if I were to add a script that I wrote myself to a page on the public internet that I'm viewing in a web browser, such as Internet Explorer (in this specific case).
This is not something I would want to do in a production system, but I would like to test a page-enhancing script with many existing pages. I do not want to modify the page in any way for other viewers, I just want to see what would happen if my script were to become part of the page.
It would be fine if there were some tool that could be used to intercept the page from the server before loading it into the browser and add the script tag there.
It would also be good to be able to modify the page in the browser itself, though this would probably be less desirable as there might be a different way to do this in each browser.
I do realize that I could simply download a page manually with all its related resources and then run a modified copy from a local server, but that would be rather cumbersome.
You can use Fiddler to manipulate responses between the server and your client / browser, adding in arbitrary javascript (for example) through "FiddlerScript".
See: http://docs.telerik.com/fiddler/knowledgebase/fiddlerscript/modifyrequestorresponse for more info
For example, you can replace a specific Javascript with another via:
if (oSession.PathAndQuery=="/version1.js") {
oSession["x-replywithfile"] ="version2.js";
}
In the OnBeforeResponse event
I have a site, from which you can download an HTML file. This HTML file contains a form with hidden fields, which is right away posted back to the site using JavaScript. This is a way of allowing users to download to their own machine data that they edit on the site.
On some machines, you get an IE "yellow bar" when trying to open the file you saved. The "yellow bar" in IE is warning that the HTML is trying to run an Active X (which it is not, there is only JavaScript doing a submit() on a form). However if you receive the exact same HTML file by email, save it, and open it, you don't have this problem. (It looks like IE is putting some more constraint on what can be done in a HTML file you saved from web site.)
My question is: where can I find documentation on this IE security mechanism, and possibly how can I get around it?
Alex
The yellow bar is because your page is executing in the Local Machine security zone in IE. On different machines, the Local Machine security zone might be configured in different ways, so you can see the yellow bar on some machines and not see it on other machines.
To learn more about the IE's URL Security Zones, you can start reading here: http://msdn.microsoft.com/en-us/library/ms537183.aspx
Look here for details on the MOTW - Mark Of The Web
If you add this to your locally served pages, IE will not show the yellow bar.
http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx
I am not usre about any specific documnet, but if you open the properties for the file in windows explorer on the general tab is the file blocked? if so click unblock and try again and see if you gte the same issue. This is typical security for files downloaded fom the internet.
Other than that i am afraid i dont know what else to suggest.
I don't 100% follow what your JavaScript is submitting to, but if you're submitting back to the original site from the downloaded copy you'll have a problem using JavaScript as all browsers treat cross-domain JavaScript as a security violation.
JavaScript isn't allowed to read or write to any site not on the current domain
As Franci had said it is becaue you are in the local machine security context and this allows scripts to create objects and execute code that could do harm to your PC. For example you can create a File System Object and perform tasks that an untrusted page shouldn't perform generally because it could be malicious in nature.
Have you tried changing the file name from yourname.html to yourname.hta to see if the security problem goes away?
More on HTML Applications (.HTA files): http://msdn.microsoft.com/en-us/library/ms536496%28VS.85%29.aspx