IE's execCommand not working when inserting image - javascript

I am using nicedit WYWIWYG editor and all is well in the land of the good web browser but once again MS has cause me frustration through its IE incarnation!
For some reason this command
document.execCommand(cmd,false,args);
is returning false unlike all other browsers, therefore not executing properly
These are my params:
cmd "insertImage" String
args "javascript:nicImTemp();" String
Anyone shed any light? I've ensured that the "allow scripting of Microsoft web browser control" is enabled in the security settings
Thanks

As an XSS-attack-surface-reduction, Internet Explorer 6 and later do not permit a "javascript:" URL as the source of an IMG tag. Specify a HTTP/HTTPS/FILE URI instead and your code should work.

In IE8 you have to put focus() on your editing area first.

Related

Edge Browser - iframe.document.open not working

We have some functionality for exporting data to an excel file.
When the 'export' button is clicked, some client-side javascript is called, firstly checking the client browser version, and based on this, deciding which way to render the excel document.
It is working in Chrome & Firefox & IE11 when tested locally.
However, when I remotely test using a windows 10 machine running Edge browser, the excel is not rendered.
I might add that my local machine is a Win7 machine and Im running VS2012 and IE11. The remote machine is Win10 with Edge, hence the need to test remotely.
I've tried the emulation in IE11 F12 dev tools but cant replicate the Edge error there.
An error of 'undefined or null reference' is thrown for 'open' when using the following code:
excelIFrame.document.open("txt/html", "replace");
excelIFrame.document.write(sHTML);
excelIFrame.document.close();
excelIFrame.focus();
excelIFrame.document.execCommand("SaveAs", true, "Spreadsheet.xls");
The iframe exists in the html and is not added dynamically.
<iframe id="excelIFrame" style="display:none"></iframe>
I have tried the following possible solutions to get this working, to no avail -
Possible Solution 1: Same 'undefined or null reference error when assigning the document to a temp var
var doc = excelIFrame.document;
doc.open("txt/html", "replace");
doc.write(sHTML);
doc.close();
doc.focus();
doc.execCommand("SaveAs", true, "Spreadsheet.xls");
Possible Solution 2: Using the contentWindow property of the iFrame. No error thrown, it just opens 'about:blank' containing no content.
excelIFrame.contentWindow.contents = sHTML;
excelIFrame.src = 'javascript:window["contents"]';
Totally at a loss with this at this stage.
The page is an angularJS web page.
From reading up on it, I'm aware the document.open is problematic in edge when using iframes. But the following link document.open fails in an iframe I felt would solve the problem.
Any thoughts or suggestions greatly appreciated.
This may be helpful to others who are searching for it.
//For Edge browser ….. U have to write separate logic for each browser
if (ua.match(/Edge/)){
var blob = new Blob([sHTML], {type: 'data:application/vnd.ms-excel'});
window.navigator.msSaveBlob(blob, "P2P_Report_"+new Date().getTime()+".xls");
}

How to prevent script error in C# webbrowser?

I am getting script error in loading some web sites.
Please help me how to prevent script error in C# WebBrowser.
This is my code:
try
{
webBrowser1.Navigate(textBox1.Text);
while (webBrowser1.ReadyState != WebBrowserReadyState.Complete)
{
Application.DoEvents();
}
MessageBox.Show("Loaded");
}
catch(Exception)
{
MessageBox.Show("failed");
}
Write this in Your Code
webBrowser1.ScriptErrorsSuppressed = true;
To disable the script error pop up, you need to go to (in Internet Explorer) Tools->Internet Options, there go to the Advanced tab, and in Browsing select Disable Script Debugging (Other), but, the problem may be related to the fact that every site loaded in the WebBrowser control is rendered in IE7 compatibility mode, to solve this the only thing you can do is a registry hack like this: WebBrowser control to use IE9
change your registry to 2af8 which is IE 11 for devenv.exe
software/Microsoft/internet explorer/main/featurecontrol/feature_Browser_emulation
If your working with a GUI (like in Visual Studio) just go to the Webbrowser Properties and set "ScriptErrorsSuppressed" = true
It is easy to see how this error has been eliminated. But Visual Studio uses Internet Explorer and another Web Browser coding is hard. If you look at the versions, the last Visual Studio one uses IE 11 for WebBrowser tool.
The C++ GUI is recommended for one of each encoding:
https://msdn.microsoft.com/en-us/library/60k1461a.aspx

prompt() with Internet Explorer 8

I am having a hard time figuring out a solution for my problem. Here's a code snippet:
var ans = prompt("Mot de passe", '');
if (ans != '' && ans != null)
__doPostBack('__Page', ans);
else
window.location = "../Erreurs/NotAuthorized.aspx";
This code works really great with Internet Explorer 9. But my client is exclusively working with Internet Explorer 8 so I tested it with ieTester in IE8. But the problem is that the prompt doesn't show and it automatically redirect because the input had an empty string ('').
So how do I fix this to work with Internet Explorer 8?
IE has an setting in Internet Options to allow or deny prompt().
(source: adamhaskell.net)
By default in IE8, this setting is off. Consequently, calls to prompt() are ignored and "" is returned by them.
You shouldn't use prompt() anyway. Use a form.
It looks like a security thing specific to IE- 8 for sure, I don't have other versions to test. Calling prompt() produces a warning about a scripted window asking for information. I can click to allow and after refreshing the page, the prompt box appears as expected.
If you are going to insist on using prompt(), you will probably have to stipulate that security settings on the target machines are configured to allow it.
Microsoft developer website tells us that "prompt()" is deprecated and now normally blocked for security reasons:
"By default, this method is blocked by the information bar in the Internet zone. This helps prevent malicious sites from initiating spoofing attacks. "
See http://msdn.microsoft.com/en-us/library/ms536673.aspx
From this report it looks like it's a known bug in IETester?
http://www.my-debugbar.com/forum/t294-Javascript-Alerts.html

(NS_ERROR_DOCUMENT_NOT_CACHED) through firefox same code works for safari

I am getting (NS_ERROR_DOCUMENT_NOT_CACHED) error when I try to access the Javascript code through firefox.I get this error in the contents tab of HTTPFOX.
I googled and set the parameters of browser in config file as specified in this site but it still doesn't work.
http://code.google.com/p/httpfox/issues/detail?id=20
Can somebody suggest whats going wrong since the same code works fine for safari browser..
If anyone is interested in a solution to this, I believe it's to do with the plugin noscript. Disabling it fixed this, but I have yet to work out what part of noscript was causing the issue. Will update if I find out.
Edit:My issues was with a twitter auth callback. In the Advanced settings of noscript under ABE, in the SYSTEM ruleset, on the line "Accept from LOCAL" I added "*.twitter.com". This allowed callback requests from *twitter.com to return to a local address.
On my macbook I had to uninstall firefox completely to correctly get the content of an ajax response with httpfox. This also implies to remove the firefox profile bij removing this Firefox folder (I could only find it via the terminal and not via Finder):
/Users/<YOURUSER>/Library/Application Support/Firefox
Then install firefox again and install the httpfox add-on.
I tried many cache settings also by entering about:config in the firefox URL however without succes. Be aware that removing the profile settings like I describe will also remove all your personal firefox customization. It concerned firefox 18.0.2 and httpfox 0.8.11.
We used to get the same error when our JavaScript made an XMLHTTPRequest to the server. On the server side, we had java, and the java response, the content type was not explicitly set to "text/html". When that was done
resp.setContentType("text/html");
the error went away.

Uncaught Error: SECURITY_ERR: DOM Exception 18 when I try to set a cookie

I get the following error in Chrome's developer tools window when I try to set a cookie using this jQuery plugin:
Uncaught Error: SECURITY_ERR: DOM Exception 18
What does this error mean and how can I fix it? I get the same error when I use this jQuery plugin.
You're most likely using this on a local file over the file:// URI scheme, which cannot have cookies set. Put it on a local server so you can use http://localhost.
I also had this issue while developping on HTML5 in local.
I had issues with images and getImageData function.
Finally, I discovered one can launch chrome with the --allow-file-access-from-file command switch, that get rid of this protection security.
The only thing is that it makes your browser less safe, and you can't have one chrome instance with the flag on and another without the flag.
You can also "fix" this by replacing the image with its inline Base64 representation:
img.src= "data:image/gif;base64,R0lGODlhCwALAIAAAAAA3pn/ZiH5BAEAAAEALAAAAAALAAsAAAIUhA+hkcuO4lmNVindo7qyrIXiGBYAOw==";
Useful, when you do not intend to publish the page on the web, but instead use it on local machines only.
Faced with the same situation playing with Javascript webworkers. Unfortunately Chrome doesn't allow to access javascript workers stored in a local file.
One kind of workaround below using a local storage is to running Chrome with --allow-file-access-from-files (with s at the end), but only one instance of Chrome is allowed, which is not too convenient for me. For this reason i'm using Chrome Canary, with file access allowed.
BTW in Firefox there is no such an issue.
This error pops up, if you try to create a web worker with data URI scheme.
var w = new Worker('data:text/javascript;charset=utf-8,onmessage%20%3D%20function()%20%7B%20postMessage(%22pong%22)%3B%20%7D'); w.postMessage('ping');
It's not allowed according to the standard: http://www.whatwg.org/specs/web-apps/current-work/multipage/workers.html#dom-worker
I had this issue when using the history API.
window.history.pushState(null, null, URL);
Even with a local server (localhost), you want to add 'http://' to your URL so that you have something similar to:
http://localhost...
I wasn't completely happy by the --allow-file-access-from-files solution, because I'm using Chrome as my primary browser, and wasn't really happy with this breach I was opening.
Now I'm using Canary ( the chrome beta version ) for my development with the flag on.
And the mere Chrome version for my real blogging : the two browser don't share the flag !
One can also receive this error if using the new (so far webkit only) notification feature before getting permission.
First run:
<!-- Get permission -->
<button onclick="webkitNotifications.requestPermission();">Enable Notifications</button>
Later run:
// Display Notification:
window.webkitNotifications.createNotification('image', 'Title', 'Body').show();
The request permission functions needs to be triggered from an event caused by the user, otherwise it won't be displayed.
I was been getting that error in mobile safari when using ASP.NET MVC to return a FileResult with the overload that returns a file with a different file name than the original. So,
return File(returnFilePath, contentType, fileName);
would give the error in mobile safari, where as
return File(returnFilePath, contentType);
would not.
I don't even remember why I thought what I was doing was a good idea. Trying to be clever I guess.

Categories