I have been to some css/html/js discussing board which provide a text box to enter the html and a "Run it!" button to run the html in new pops up window.
I want to make one also, which is easy in jQuery:
function try_show_result() {
var code = $("#try-input").val();
if (code !== "") {
var newwin = window.open('','','');
newwin.opener = null; // 防æ¢ä»£ç 修改主页
newwin.document.write(code);
newwin.document.close();
}
}
But then I found a security problem: the pops up window has all the abilities of running an arbitrary javascript. So that when another authenticated user runs a given piece of code on the page, then it could stealing cookies or access some url that is only for the specified user only through ajax posts.
Is there an easy way to avoid this?
Update: I added newwin.document.cookie="" before open the window, not sure if this is better.
Is there an easy way to avoid this?
No
That is why Facebook went out and wrote their own version of JavaScript [FBJS].
Related
Hello StackOverflow community!
I've encountered a very weird problem and couldn't find any useful information on how to solve it.
Somehow, a piece of javascript code works only when the dev tools window is opened (docked or as a separate window) in google chrome.
The original problem: Due to our application structure, we need to open multiple popups automatically when a page is served. Since the popups are NOT opened through a direct user interaction (like onclick), modern browsers would automatically block these popups. Because of the large amount of code that would need to be refactored to avoid this, our solution was:
check if the browser is blocking some popups.
if so: inform the user about this and suggest to turn off their browser's popup blocking function for
our website (by adding it to the exception list for example).
Not a very elegant solution I know, but there was no other way so please don't comment on how to do this differently.
The javascript code:
let popupBlockingErrorShown = false;
this.OpenWindow = function (url, name, args) {
var i = Popups.length; //Popups is an array defined as a global variable that keeps track of all
//opened popup windows
Popups[i] = window.open(url, name, args);
try {
Popups[i].focus();
} catch (e) {
if (!popupBlockingErrorShown) {
alert("very user friendly message explaining to turn of popup blocking");
popupBlockingErrorShown = true;
}
};
}
The windows have to be popups. The popupBlockingErrorShown variable is to prevent having an alert message for each popup.
Works fine in firefox. But in google chrome there is this behaviour:
without dev tools open: the first popup opens normally, the others are blocked, there is no alert message.
with dev tools open: the first popup opens but gets 'stuck' on loading (it's an empty page). The alert message shows normally.
Keeping the browser-window open and simply switching between dev tools opened or closed gives the same behaviour.
Anyone can help me? Much appreciated!
This is my first stackoverflow question and I'm still very new to programming, I have a bit over a year of experience. Remarks on my 'asking questions'-skills are welcome.
Ok thanks to wOxxOm's comment I've found a workaround. So the problem was related to what window was focused on. I've added a piece of code in the catch-block to show an alert on a successfully opened popup (if there is one) :
try {
Popups[i].focus();
} catch (e) {
if (!popupBlockingErrorShown) {
if (Popups[i - 1]) { //there is a previous popup and it's been focused on.
Popups[i - 1].alert(UIMessages[33]); //show alert on opened popup.
popupBlockingErrorShown = true;
}
else {
alert(UIMessages[33]);
popupBlockingErrorShown = true;
}
}
}
Thanks #wOxxOm !
Say I have a simple script
var i = 0;
test();
function test() {
console.log(i++);
setTimeout(test, 1000);
}
I put it in a Google Chrome console. How do I make it continue to run after the page navigates to another (should continue to print out numbers when browsing the web)?
Maybe save the variable 'i' in onbeforeunload() function, and launch a new script with that saved variable?
How do I make it continue to run after the page navigates to another
you can't, the script cannot continue on another page, it's the browser that runs the javascript in the page, and that will stop it when moving to another page.
(or) should continue to print out numbers when browsing the web?
you have yourself answered this. You can certainly save the counter in localstorage and resume counting on the next page, provided this next page contains the same or similar script and the logic to restore the counter from localStorage.
Or, you can move part of this logic to a server-side script.
I suppose this script is an example and displaying numbers is not really what you want to do.
If you are looking for something to run script even when you have left the browser, I suggest you take a look at Service workers.
If you want more resources, you can check Jake Archibald's blog. He is a chrome developer and he is always talking about service workers. An introduction here.
I didn't see any good suggestions posted already for what I was trying to do but I came up with something that worked for me. I wanted to add a navigation element on the page and not have it go away after navigating. This was on a website that was not managed by me. I removed the innerHtml of the body of the page, added an iframe and pointed it at the page I was on, set it to 100% width and height and removed the border. Then I could navigate within the iframe, but still have my script function run in a set timeout to add the navigation element back to the page after it navigated. Something like this:
document.body.innerHTML = ''
iframe = document.createElement('iframe');
iframe.setAttribute('id', 'iframe');
document.body.appendChild(iframe);
iframe.setAttribute('src', window.location.href);
iframe.style.height = "100%";
iframe.style.width = "100%";
iframe.style.border = "0";
function addContent(){
setTimeout(()=>{
elementToAddTo = iframe.contentWindow.document.getElementById('my-element-id')];
contentToAdd = document.createElement('div');
contentToAdd.innerHTML = `<p>My new content</p>`
elementToAddTo.insertBefore(contentToAdd, elementToAddTo.childNodes[0]);
}, 1000);
}
addContent()
Then in that new content somewhere I had an onchange event which would navigate and call the addContent function by saying window.top.addContent();
onchange="window.location.href = window.location.href.replace(/(param1=.*)/, 'param1='+myNewParamValue); window.top.addContent();">
I Understand this approach makes a lot of assumptions about what you're trying to do and maybe it is only working for me because I'm only changing a param value, but I want to leave this hear in case it helps somebody trying to figure out how to do something similar.
I have a little application on web that uses JS Alerts. I am planning to use modal pops later, but for the time being, does anyone know how to detect if the user clicked on the "prevent this page from creating additional dialogs" and then fire some js function?
it is indeed possible to detect if prevent additional dialogs has been clicked by working with javascript date
you can try this lines of code
window.nativeAlert = window.alert;
window.alert = function(message) {
var timeBeforeAlert = new Date();
var confirmIfBlocked = nativeAlert(message);
var timeAfterAlert = new Date();
if ((timeAfterAlert - timeBeforeAlert) < 400) {
tellTheUserDialog("you can use a Div to tell the user he has blocked alert");
}
}
if users does not see alert then timeAfterAlert will be almost the same as timeBeforeAlert, i used 400 milliseconds just for reference you can come up with yours
You can't detect it because it is a browser feature which helps the user get rid of indefinite popups. This is particularly useful when your JavaScript code shows popups in a loop.
A good idea is to use modals or plugins like Bootbox to show alerts.
I use JQwidgets ,, I use to print data onclick print-button
as code :
$("#print").click(function () {
var gridContent = $("#jqxgrid").jqxGrid('exportdata', 'html');
var newWindow = window.open('', '', 'width=800, height=500'),
document = newWindow.document.open(),
pageContent =
'<!DOCTYPE html>\n' +
'<html>\n' +
'<head>\n' +
'<meta charset="utf-8" />\n' +
'<title>jQWidgets Grid</title>\n' +
'</head>\n' +
'<body>\n' + gridContent + '\n</body>\n</html>';
document.write(pageContent);
document.close();
newWindow.print();
});
When I close printing-widow(not continue printing), I can't use the grid-scroll (on chrome)..
google-chrome Version 34.0.1847.131 m
This worked fine on Firefox and IE..
How to fix the scroll after closing printing-window on chrome
Fiddle-Demo
It looks like you're not the only one with this issue.
I understand that your code is already setup and you want to run with what you have, but unless someone comes up with a hack or Google decided to fix what is clearly a bug, I think you need to re-think how you are approaching this issue.
If chromeless windows were an option, or if the print dialogue were a modal then you could pull this off with the current strategy, but neither of those options are possible in Chrome. Even if you were able to get around this scrolling issue somehow you're still left with a less than desirable UX problem in that if the user hits "cancel" in the print dialogue then they are left with a still open blank window.
Here is a JS fiddle to demonstrate that you need to change your approach: DEMO
You can see from this demonstration that even if we run a completely separate script from within the new window by passing it as plain text in the content object, it still causes the same issue. This means to me that this is a parent/child type of a relationship that is not easily circumvented with JS.
I recommend 2 alternative possible solutions:
Option1:
<input type="button" value="Print" onclick="window.print(); return false;" />
This triggers a full screen print dialogue that can't be closed from the "Windows Close Button." That way you can avoid the issue all together. Then you can use a combination of JS and Print Styles to target and isolate the information you want to print. I know it's more work but I think may be the better cross-platform solution.
This option is more brute force and simplistic in nature (and you have already commented that you know this but I'm leaving it up because it's still an option).
DEMO
Option2:
User clicks on a link/button that opens a new tab/window
In the same function the data from your table gets loaded into a JSON Object
The JSON object is loaded into a print template in the new tab/window
the template initiates the print function
By taking these actions, I think you will have disassociated the JS instance enough that the new tab will not affect the initiating script.
This is a browser bug - you'd have to find some sort of hack to fix it.
Doesn't sound like you want to put the print dialog code elsewhere thus not affecting your scroll bar. That is the obvious solution but it sounds like you can't do that.
Here's what I would do: Wait until someone has triggered the problematic condition, then put an event listener on the scroll event. when it happens... go ahead and reload the page.
Simple, easy, fun.
var needToReload = false;
$("#print").click(function () {
... as you have
needToReload = navigator.userAgent.toLowerCase().indexOf('chrome') > -1;
}
$('#contentjqxgrid').scroll(function () {
if (needToReload) {
window.location.reload();
}
});
$("#jqxscrollbar").jqxScrollBar({
width: 5,
height:180,
theme:'energyblue',
vertical:true
});
$("#jqxscrollbar1").jqxScrollBar({
width: 300,
height:5,
theme:'energyblue'
});
Look at jsfiddle: http://jsfiddle.net/8PtUX/6/
I would like to write a html page where clicking on the hyperlink can be traced. That means I can get a statistic about how many people click on a hyperlink in my page, in a past period. If it is possible to know their ID, it would be better.
And I find this piece of code from the source of a web page:
<script type="text/javascript">
function stc(e,linkIndex) {
if (document.images) {
var linkText;
if (navigator.appName.toLowerCase()=="microsoft internet explorer") {
linkText=e.innerText}
else {
linkText=e.textContent}
if (linkText=="") {
if (e.firstChild) {
var firstChild=e.firstChild.nodeName.toUpperCase();
if (firstChild=="IMG") {
linkText="Image: "+getName(e.firstChild.getAttribute('src'))}}
else {
var nodeName=e.nodeName.toUpperCase();
if (nodeName=="AREA") {
linkText="ImageMap: "+e.href}}}
if (linkText=="") {
linkText=e.href}
(new Image()).src="/a/i/stg.gif?f="+escape(document.location.href)+"&t="+escape(e.href)+"&i="+linkIndex+"&n="+escape(trimString(linkText))}}
function getName(s) {
if (s.lastIndexOf('/')>=0) {
return(s.substring(s.lastIndexOf('/')+1,s.length))}
else {
return(s)}}
function trimString(s) {
return(s.replace(/^\s*/,"").replace(/\s*$/,""))}
</script>
and I guess google will be able to track information of clinking on this link.
I don't know too much about Javascript, could anyone tell me, according to this code, where the tracing information is saved?
usually trace() in other languages is is just some kind of output and the best most simple way to do that in javascript is to call console.log("some output "). you can view the output in Google Chrome by right click on the page > inspect element, then click on the console tab, there you will see your output. in Firefox, you should get the Firebug add-on, there you can see the same output generated by console.log("some output") again within the console tab.
other browsers suck for dev so why even bother explaining?
You need serverside code to do this.
For example, you could have a gateway script that redirects users to the page they want to see:
http://www.example.com/portal/www.google.com/
From there, you can just save the user's request into a database and redirect the user to www.google.com almost instantly without the user really caring.