I've read that you cannot read the HTML of another frame if that frame resides on another domain. Is there a way to do this in Javascript? I realise this restriction is for security purposes but my use is legitimate.
Regards
Peter
Are we talking about an iFrame here? If so, could you not get the src attribute of the iFrame (jQuery?) and initiate an ajax request which would return the page, or perhaps hand the src attribute to your own script (PHP/ASP whatever) that uses CURL to glean the information you're after?
Yes you can definitely read the contents of the frame using cross-domain proxy. Essentially you need to create a server-side script that requests the src URL of the frame in question. On the client side, you request this script instead of the src URL (which is on another domain and thereby subject to security restrictions within the browser), passing in the src URL as a parameter.
Server-Side Script
The following is an example with PHP using cURL.
<?php
$target = $_REQUEST['t'];
if (empty($target)) { die 'no url provided'; }
$useragent="Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target);
curl_setopt($ch, CURLOPT_AUTOREFERER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$res = curl_exec($ch);
curl_close($ch);
echo $res;
?>
Client-Side Script
On your page, use the following JavaScript function to return the HTML of the target frame
var URL = top.frames.(YOUR FRAME NAME HERE).location;
var xh = null;
if (window.XMLHttpRequest) {
xh = new XMLHttpRequest();
} else if (window.ActiveXObject) {
xh = new ActiveXObject("Microsoft.XMLHTTP");
} else {
alert("Your browser does not support XMLHTTP.");
return false;
}
var ret = null;
xh.onreadystatechange = function() {
if (xh.readyState == 4 && xh.status == 200) {
// do whatever you want with the html here
ret = xh.responseText;
}
}
xh.open("GET", url, false);
xh.send(null);
Let me know if this works for you.
Related
After general advice, techniques or examples if possible.
I'm looking to integrate testing of URL's with SSLlabs API.
www.ssllabs.com/projects/ssllabs-apis/index.html
I've established the URL's that i need to execute to retrieve the info from this api.
e.g. Start analysis - https://api.ssllabs.com/api/v2/analyze?host=portal.testdomain.co.uk
Retrieve results - https://api.ssllabs.com/api/v2/getEndpointData?host=portal.testdomain.co.uk&s=10.111.222.234
My question is, how would i go about integrating into an Ajax/php site?
Or would this be better only executed on backend system and the results pumped into a DB?
So far, i have a button that simply grabs the contents of 2 hidden fields containing hostname and ip address to query.
function stateck()
{
if(httpxml.readyState==4 && httpxml.status == 200)
{
console.log(httpxml.responseText);
alert(httpxml.responseText);
}
}
var url="ssltest.php?commonname=" + commonname + "&s=" + ip;
url=url+"&sid="+Math.random();
httpxml.onreadystatechange=stateck;
httpxml.open("GET", url, true);
httpxml.send(null);
The ssltest.php contains the following cURL function to query then return the api page content. Browsing to this ssltest.php with the parameters in the url works a treat.
#$commonname=$_GET['commonname'];
#$ip=$_GET['ip'];
if(is_numeric($commonname)){
echo "Data Error";
exit;
}
$testurl = "https://api.ssllabs.com/api/v2/analyze?host=" . $commonname;
$resulturl = "https://api.ssllabs.com/api/v2/getEndpointData?host=" . $commonname . "&s=" . $ip;
function ssl_test_start($url,$useragent='cURL',$headers=false,
$follow_redirects=false,$debug=false) {
# initialise the CURL library
$ch = curl_init();
# specify the URL to be retrieved
curl_setopt($ch, CURLOPT_URL,$url);
# we want to get the contents of the URL and store it in a variable
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
# specify the useragent: this is a required courtesy to site owners
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
# ignore SSL errors
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
# return headers as requested
if ($headers==true){
curl_setopt($ch, CURLOPT_HEADER,1);
}
# only return headers
if ($headers=='headers only') {
curl_setopt($ch, CURLOPT_NOBODY ,1);
}
# follow redirects - note this is disabled by default in most PHP installs
from 4.4.4 up
if ($follow_redirects==true) {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
}
# if debugging, return an array with CURL's debug info and the URL contents
if ($debug==true) {
$result['contents']=curl_exec($ch);
$result['info']=curl_getinfo($ch);
}
# otherwise just return the contents as a variable
else $result=curl_exec($ch);
# free resources
curl_close($ch);
# send back the data
return $result;
}
function ssl_test_results($url,$useragent='cURL',$headers=false,
$follow_redirects=false,$debug=false) {
# initialise the CURL library
$ch = curl_init();
# specify the URL to be retrieved
curl_setopt($ch, CURLOPT_URL,$url);
# we want to get the contents of the URL and store it in a variable
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
# specify the useragent: this is a required courtesy to site owners
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
# ignore SSL errors
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
# return headers as requested
if ($headers==true){
curl_setopt($ch, CURLOPT_HEADER,1);
}
# only return headers
if ($headers=='headers only') {
curl_setopt($ch, CURLOPT_NOBODY ,1);
}
# follow redirects - note this is disabled by default in most PHP installs
from 4.4.4 up
if ($follow_redirects==true) {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
}
# if debugging, return an array with CURL's debug info and the URL contents
if ($debug==true) {
$result['contents']=curl_exec($ch);
$result['info']=curl_getinfo($ch);
}
# otherwise just return the contents as a variable
else $result=curl_exec($ch);
# free resources
curl_close($ch);
# send back the data
return $result;
}
if (!isset($ip)){
$result = ssl_test_start($testurl);
echo json_encode($result);
}
else {
$result = ssl_test_start($resulturl);
echo json_encode($result);
}
How do i then get the $result back into the original page and then access/display the result values? I am currently attempting to use XMLHttpRequest() but responseText does not seem to contain anything.
Got this worked out in the end.
In a nutshell i used jQuery GET method to pass to the backend php.
$.ajax({
type: "GET",
url: "ssltest.php",
data: dataString,
dataType: "json",
success: function(response) {
//Do something.
}
})
Works a treat and easy to traverse through the resulting array sent back.
I´m currently working on a school project, where we are using Apache cordova (HTML, CSS and JS side) and currently our school has a server, where our .php file is located.
In our project, (one of the HTML files) we use API key and an domain address, that we want to get rid off from source code (so other students cant see it). What would be easiest way to execute this?
We´ve been thinking following;
We use the php-file as a wrapper with the following code;
IE.
<?php
function getJson($data){
$decoded = json_decode($data);
if (isset($decoded)){
// Toteutusten haku
$url = "URL THAT WE DONT WANT TO BE SEEN";
$apiKey = "API KEY GOES HERE";
// curl
$ch = curl_init($url);
// curl_exec returnsanswer (not boolean)
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Asets api key, ":"
curl_setopt($ch, CURLOPT_USERPWD, $apiKey.":");
// Setting message - JSON
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
// Sets false if necessary
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// Sends request
$responseJson = curl_exec($ch);
return $responseJson;
curl_close($ch); //close session
**}
}
?>
And in HTML file we have code snippets that looks like following;
// B building rooms
if (buildingcode.startsWith("B", 5)) {
var requestB = new XMLHttpRequest();
requestB.onreadystatechange = function () {
if (requestB.readyState === 4) {
if (requestB.status === 200) {
try {
var jsonB = JSON.parse(requestB.responseText);
for (var fb = 0; fb < jsonB.resources.length; fb++) {
var resB = jsonB.resources[fb];
if (resB.type === "room") {
if (bTilat.indexOf("code")) {
bTilat.push(resB.code + resB.name.slice(resB.name.indexOf(' ('), 50));
}
}
}
} catch (e) {
console.log(e.message);
return;
}
}
}
//console.log(bTilat);
};
requestB.open("GET", 'THIS PART HAS THE DOMAIN WE WANT TO HIDE', true, "THIS PART HAS THE API WE WANT TO HIDE", "");
requestB.send(null);
}
So my question is following; I guess we need to get rid off
requestB.open("GET", 'THIS PART HAS THE DOMAIN WE WANT TO HIDE', true, "THIS PART HAS THE API WE WANT TO HIDE", "");
requestB.send(null);
From html, but how do we request the code from wrapper?
Thank you in advance.
I'm trying to develop a tool which gets the links from a page, stores them in an array and opens with one click in a new tab. Is there a way to accomplish that without triggering the browser's popup spam filter?
Here's my code:
<?php
$base = "web.archive.org";
$time = "/web/20160101000000*/";
$domain = #$_POST["domain"];
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_URL, "$base$time$domain");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 20000); //in miliseconds
$output = curl_exec($ch);
curl_close($ch);
# REPLACES ALL URLs OF WAYBACK MACHINE
$replacedHrefHtml = preg_replace('/(href=")/', "href=\"https://web.archive.org", $output);
# REPLACES ALL SRCs OF WAYBACK MACHINE
$replacedsrc = preg_replace('/(src=")/', "src=\"https://web.archive.org", $replacedHrefHtml);
#get wbCalendar
$html = str_get_html($replacedsrc);
$elem = $html->find('div[id=wbCalendar]', 0);
#extract the links and store them into an array
$data = array();
$open = '';
foreach($elem->find('a') as $element) {
$extracted = $element->href;
$open .= "window.open('{$extracted}'); ";
$data[] = $extracted;
}
echo "Open multiple links";
?>
You can test it here: seotify.com/archive-opener
Thanks in advance.
As far as I know there is no way you can ensure the popup filter won't catch you. I think the only thing you can do is to make the windows open in an "on-click" event someElement.onclick = function(){ /*POPUP CODE*/ } (so that the code is triggered in response to a user action)
Please i want to use JavaScript and Ajax to send to a php script that sends to a remote server using Curl. But the first time i will send to this php script, i will get a result, after the first time i will no longer get a result, except i refresh the page. I want to do this without refreshing the page. that is, i want to send to the remote server so many times and get a result.
function go() {
var xmlhttp = new XMLHttpRequest();
var url = "url.php";
var text = document.getElementById("text").value;
var name = document.getElementById("name").value;
var email = document.getElementById("email").value;
var variables = "text="+text+"&name="+name+"&email="+email;
xmlhttp.open("POST", url, true);variables in the request
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.onreadystatechange = function() {
if(xmlhttp.readyState == 4 && xmlhttp.status == 200) {
var data = xmlhttp.responseText;
document.getElementById("flash-message").innerHTML = data;
}
}
xmlhttp.send(variables);
}
my php script
<?php
if(!empty($_POST['text']) && !empty($_POST['name']) && !empty($_POST['email']) {
$url = "http://url.com/api";
$xmlString = "
<profile>
<names>
<firstname>john</firstname>
<lastname>doe</lastname>
</names>
</profile>";
$fields = "XML=" . urlencode($xmlString);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
echo $response = curl_exec($ch);
curl_close($ch);
}else {
echo "Please fill in those fields";
}
?>
As long as you are able to send requests you could get response from the php script.
Check you are sending requests from the browser net panel using firebug
In js code see calling go() function by logging some help text to console panel using console.log('calling go function')
as title says, is it possible to monitor a local dir in the real filesystem (not html5 sandbox)? I'd like to write an automatic photo uploader that looks for new photos and uploads them.
Potential repeat of Local file access with Javascript.
My understanding is that you can't access the local filesystem directly through a web browser, you have to use an intermediary like the form input tag or drag and drop.
You may be able to get away with accessing the filesystem if you were to use the operating system's javascript interpreter or something like V8. There may also be experimental javascript api's in Chrome that you could look for on the Chrome flags page if thats your browser of choice. That all depends on whether or not you were doing a personal project or something for the web.
Otherwise another scripting language such as PHP, Ruby, or Python would better suit your needs.
You can set a Javascript Timing event. ie: use the setInterval() method.
On the other hand, you can make a button to trigger an onClick event, or any other event, to execute the following code.
NOTE:
If you set an interval, make sure the request was received before sending it again.
For achieving this, you need to check that the readyState of your XML HTTP Request equals 4, as follows:
xmlhttp.readyState == 4
NOTE:
This is for sending the request, parsing the response and putting it in a Javascript array:
xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST", "check_dirs.php", true);
xmlhttp.send();
fileArray = new Array();
xmlhttp.onreadystatechange = function()
{
if (xmlhttp.readyState == 4 && xmlhttp.status == 200)
{
xmlDoc = xmlhttp.responseXML;
fileList = xmlDoc.getElementsByTagName("filesChanged");
while (fileArray.length > 0)
// clean the whole array.
// we want to store the newly generated file list
{
fileArray.pop();
}
for (i = 0; i < fileList.length; i++)
{
fileArray[fileArray.length] = fileList[i].childNodes[0].nodeValue;
}
}
}
Moreover, you will need to write a little PHP script to check your custom directory for files newer than a given date, that could be sent in the request by the way, and send an XML response back, like this:
<?php
(...) // check dir. output $files contain the xml nodes for the files to send
// mockup below
// Get our XML. You can declare it here or even load a file.
$xml_builder = '<?xml version="1.0" encoding="utf-8"?>';
$xml_builder .= $files;
// We send XML via CURL using POST with a http header of text/xml.
$ch = curl_init('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_builder);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_REFERER, 'http://www.hello..co.uk');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$ch_result = curl_exec($ch);
curl_close($ch);
/*
echo $ch_result;
*/
?>
Here are some mockup functions to check the directory and build the XML response:
<?php
function analizeDir($dir)
{
if (is_dir($dir))
{
$dir_resource = opendir($dir);
while (false !== ($res = readdir($dir_resource)))
{
if ($res != "." && $res != ".." && $res != "old")
{
if (is_dir($dir . "\\" . $res)) // this is a subforder
{
analizeDir($dir . "\\" . $res);
} else { // this is a file
checkFile($dir . "\\" . $res);
}
}
}
}
}
function checkFile($file)
{
$today = date("Y-m-d H:i:s");
// if the difference in days between today
// and the date of the file is more than 10 days,
// print it in the response
if (date_diff(datemtime($file), $today) > 10)
{
$files .= "<filesChanged>" . $file . "</filesChanged>";
}
}
?>