Remote site, local file redirection - javascript

As a followup on this answer:
Specified javascript does work in case of a local website, but fails in case of a remote site. The firefox extension locallink helps in case of links, but is useless in case of the javascript solution provided by the linked answer. Please provide possible workarounds for redirecting to local files (unc) in firefox.

The only way I can think to do this would involve a signed, Java applet running on your page. Essentially what you'd do is provide the file to the applet and have it open up a new browser window with the file's URL. Since the applet is trusted by the local system it should have access to the local hard drive and should be able to start up a new application.
Note: I've not tried this, I'm just speculating on how I would do it. I have used a signed, Java applet to get at some local networking parameters for use in a Wake on LAN application so I know that signed applets are allowed to interact with the system in ways that browsers can't.

Related

Opening file folder present in a FTP site in file explorer on the client-side

I have a folder structure in FTP, that I am trying to access and open in file explorer on the client-side using javascript in my asp.net application. Using window.open("ftp://192.168.1.10/clients/112"); opens the folder in the web browser how do I make it open in the file explorer.
The real answer is that you do not understand what you, in any way, are doing. You are trying to cross standards which is prevented inherently, but by your lack of technical knowledge, you don't know help when you see it. The part below shows ways to possibly handle it.
For a machine to connect to an ftp server, they need to authenticate and do so over the correct protocol. That is not the protocol that browsers use.
Now, that is not to say that I can't go in my browser, type ftp://... and see a directory. But that is totally different. Your browser switches protocols based on your url. That can't just happen when your a webpage in a clients browser.
Your web server can conduct ftp traffic though. You can read that structure and show it to your user. https://msdn.microsoft.com/en-us/library/ms229716(v=vs.110).aspx
A clever guy can make this happen. It used to be easy in flash/flex, but.. progress.

How to make a user-accessible file on the user's filesystem with a chrome extension

I'm making an extension that among other things edit a javascript file in an external editor (one on the user's computer). The extension has the javascript file saved in chrome.storage but it will ofcourse be a lot easier for the user to write code in their own editor.
This is why I decided to find something that creates a file on the user's filesystem which the user can find and edit it themselves, and if any changes are made, sync that back up to the extension (either by periodically checking or by using some listener).
I have looked around but nothing really seems to fit what I'm trying to do. Chrome's fileSystem API only works for chrome apps, not chrome extensions and the HTML5 fileSystem API does not allow for a simple filesystem URL to be requested and opened, instead it obfuscates the stored file and makes it practically impossible to edit that file easily.
Something else I looked at which might be more promising is letting the user edit one of the files in the directory where the extension is stored and somehow retrieving that content. This is however going to be a bit tough to implement with chrome's all the hash checking going on in chrome extensions not to mention the general modifying of those files' contents by the extension (possibly by hacking around by specifying your own update URL and "updating" a dummy javascript file that is going to be written to).
Is there any way to simply ask for a location to store a file and then allow the user to edit that file and sync it back up?
No, extensions are sandboxed from the real filesystem.
As you said, it's possible to read extension's own files; however, this is read-only for the extension and modifying those files on a deployed extension will result in Chrome detecting extension "tampering" and immediate disabling as a precaution.
The only way for a Chrome extension to escape the sandbox is, as wOxxOm suggested, a Native Host module. Note that this cannot be distributed in Chrome Web Store with the extension; it needs a separate installer.
Alternatively, you could use some sort of cloud storage with API to access it; e.g. a user could store something in a Dropbox subfolder, and your extension can authorize access to it via Dropbox API. Unfortunately, there is no "native" solution like syncFileSystem for Apps.

Work around for Html5 Local File Access

We are currently looking at porting a enterprise silverlight application over to html5. The major roadblock that we have hit is the ability to open files from the user's local disk. Currently they have a document library which just links to files on their computer that they can open from within the app and view or print out. All that I read is that you can only access the local sandbox of the web app with the html5 file api's. We want to load these files from code.
Does anyone know of any workarounds to this?
Thanks
There is no way for html5 to access local file without user selection. But FSO: FileSystemObject works for IE and MAYBE could be regarded as a work around. But still there are some requirements to meet.
It is possible to use chrome's filesystem API to access files on a users local filesytem. So you'd have to be willing to make this a chrome only application.
Using java you can create a "Signed" applet which has access to the local filesystem. (if the applet is signed you can request filesystm permissions)
then there is a tutorial for accessing methods of your java code directly from javascript here: http://docs.oracle.com/javase/tutorial/deployment/applet/invokingAppletMethodsFromJavaScript.html
you should be able to perform something similar from silverlight.
There is no workaround in pure HTML5/Javascript. You need the use of plugins, such as Java or Silverlight (maybe you shouldn't port it after all). As for workarounds, HTML5 gives you an easy way drag and drop multiple files that you could transfer on the server and then display back to your users. Another workaround would be to install a custom agent (a software with only a tray icon) that would send the information about the current user "document library" to server and then again, you could display it back to the user.
Note: I've heard somewhere that browsers will eventually stop supporting plugins. http://www.howtogeek.com/179213/why-browser-plug-ins-are-going-away-and-whats-replacing-them/
Ya, I agree with Markain. However, if you were to limit your audience solely to chrome users, I daresay, you would most likely use some of your users. If Huazhihao is right, then your number of leaving customers should decrease but users who regularly use firefox won't be happy. Overall, I think that this will not work. Otherwise, there would be too many websites that trashed your hard driver (or at least wherever you have the rights to edit/delete files). I think it would be best if your product was setup to synchronize the file whenever an internet connection was detected and a change was made to the file. That way the user would not need to visit the website whenever the file was uploaded. If this is some kind of an error file, then it would be most beneficial if you were to make a link in the application that when clicked, would upload the file to the website and the website were to do whatever was necessary. If this is a purely online thing, then I don't see what business you would have looking through other peoples' files =-). Hope I helped!

Can I open a Windows Explorer window from a web app?

I built a CRM for a client of mine, and now they've requested an interesting feature:
For each customer record, they have a matching directory of files on their local computer. They want the ability to open that folder in Windows Explorer directly from within the web app (the app doesn't need access to the directory/files; it just has to launch Windows Explorer so that the user can interact with their files).
This is obviously not possible with regular JavaScript running in the browser (thankfully). I thought there might be some way to accomplish this by building a Chrome extension for this purpose, but it seems Chrome extensions/apps can only access a sandboxed filesystem, which doesn't serve my needs at all. Building an NPAPI plugin in out of the question since Chrome is discontinuing support for NPAPI.
File URIs don't solve this problem either. Their display is ugly, there's no drag-and-drop, no big icons/thumbnails, no sorting etc. They want the full capability of the Windows Explorer.
The only viable option I thought of is to create a local node.js server, make a localhost CORS request to that server, and then run an exec command from node.
Any better idea?
One possibility is to register a custom URI protocol handler with the user's operating system, and then your web page can contain links using your custom protocol, such as openfolder://c/path/to/folder This sort of customization is probably most commonly seen in practice with itunes:// links.
A quick Google search led me to this decent looking tutorial: https://support.shotgunsoftware.com/hc/en-us/articles/200213756-How-to-launch-external-applications-using-custom-protocols-rock-instead-of-http-
The downside is that the user will have to run a small installer of some sort in order to set the correct registry entries (or whatever the non-Windows equivalent is for other OSes) and to drop a small script on disk. That would be much lighter-weight than running a node.js server like you proposed, though.
The linked tutorial uses a Python script, but even that is probably overkill for your needs. A batch file would likely suffice.
EDIT: One additional note, please be aware of the security implications of implementing a custom handler like this. Any webpage in any browser can potentially take advantage of your custom protocol, and an attacker would be able to pass arbitrary data to your script. You should take steps to ensure that the script will not accidentally execute arbitrary commands that may be injected by a malicious web page, and that it will only open a folder and nothing else.
That would require each customer to run a node.js server, which seems unrealistic in your case.
You could use File URIs.
Browsers will refuse to open them by default. However, as suggested in this answer, you could ask your customers to install LocalLinks.

Write to local disk from web page

I'm working on a Silverlight control that will allow multi-file downloading. At the moment I'm trying to get my mind around the permission model of the browser.
Let's say, on a web page, a user enters a local folder (c:\temp) in a text box. The user then clicks a button.
Is it possible in JavaScript or Silverlight, to write a collection of files (that are stored on the server) to that folder on the user's drive?
From Javascript - NO. It would be way too easy from some scumbag to install a virus on your PC if that were possible.
Silverlight I don't know about, but I would assume writing to the users hard drive would be very limited and tightly controlled.
Only if the browser has a security hole that you can exploit.
Since the capability you describe would allow any webpage to do whatever it damn well pleases to the visitor's system, there is no way anyone would implement arbitrary access to the local disk deliberately in this day and age.
The next best thing you can to is to have the user download a ZIP archive and tell him to decompress him wherever he likes.
You cannot from Silverlight. The only thing you have access to is the Isolated Storage.
http://blog.paranoidferret.com/index.php/2007/10/12/silverlight-tutorial-using-isolated-storage/
http://msdn.microsoft.com/en-us/library/bdts8hk0.aspx
Warning: most of these answers are incorrect.
You can so write to a file via Javascript in both MSIE (using ActiveX FileSystemObject) and Firefox (using nsIFileOutputStream). In both cases the user will be presented with a security dialogue, which can be allow or deny the read or write.
I have used the Scripting.FileSystemObject to do this. Only works in IE, and only with very relaxed and unsafe security settings, but it might work for intranet sites in an enterprise, at least it worked for me.
Google Gears has a method to do client-side storage.
http://gears.google.com/
That said, I doubt it will do what you are attempting. I think you would be better off having a server-side thing download files and put them into a .zip file for the client before passing it on to them.
As it was answered earlier, this would have to be done via server-side, Silverlight and JavaScript are sandboxed to disable this type of security hole. I would suggest packing the files into a zip archive on the server and then downloading the zip archive.
You can do this via an ActiveX control or Java applet. Either way you do this the project has to be signed with a code signing certificate. You can use a self-signed certificate but the warning dialogs will be louder and brighter.
You can then use Javascript to call into the signed control and save files. Be very careful about creating an applet like this. You don't want to allow any other website to use this control so the control must implement some of the following:
Only work on a certain website.
Save files only in a specific location.
Prompt the user where to save the files so that they know that this is happening and it doesn't happen silently in the background.
You can probably find a control or applet somewhere that can be controlled with Javascript.
I don't believe this is possible as it create countless security problems. The only way I can see this being secure is a mix of user permissions and some way of verifying (on the client side) the authenticity of the website and the files they want to download to my computer.
One method you could do is triggering the "FileSaveDialog" but I don't think that is what your looking for. Maybe packaging the collection of files first and then triggering is the way to achieve your goals. Silverlight only allows for 1mb of isolated storage per domain and will absolutely not give sites access to the clients hard drive.
This doesn't directly answer the question, but Adobe Flex 4 allows doing it with FileReference class.
Silverlight 4 OOB allows access to the user's document directory.

Categories