473,748 Members | 2,672 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Getting around the XSS filter in web browser control...

1 New Member
Hello, I am working on a pet project and need to overcome a major hurdle in an application. I have checked countless forums and articles and have only found bits and pieces of what I am looking for, so I hope a more direct approach will help me.

Here's the scenario:
1. The site is actually a game, which uses Javascript/JSON with DHTML on a page that has several IFRAMES - two of which are deeper inside the outside page AND of a separate domain.

2. There are NO security issues with what I am trying to do. All programming and access is limited to merely simplifying and automating normally access functions only. All authentication and private information is done prior to any access, and only the session information will ever be used, and only to facilitate game operations that the user knows will happen.

3. The idea is to use the webbrowser control to access the game and provide ordinary access, while the app hosting the browser gets the game session information and makes separate automated calls to the game servers. This has already been done via Firefox using Greasemonkey scripting, and it works well - except that Firefox has a horrible memory leak that eventually causes the whole operation to break down.

The problem I am running into is obvious. I am trying to access the iframe that is technically on a different domain, and the web browser DOM model won't let me in. I have seen enough articles to know there are several workarounds to XSS filter blocks but they are quite vague and vary depending on scenario.

So, I will outline exactly what I need in hopes that I can obtain an amicable solution...

1. I need to obtain the DOM of a nested IFRAME of a different domain. If need be I could live with just the source, but the DOM and the JS vars would be the most ideal. My strategy here is to use the session information and make HttpWebRequest calls parallel to the web browser in-game. That way I can automate some functions while still playing. It can be done - if I can get the session information and pass it the same way. It will all be done on the same client with the users permission and knowledge, so no security issues.

2. I would really like it if I could pass information BACK to that IFRAME. One of the major things this project is trying to do is make some visual changes to simplify the look and feel of the interface. It is all in HTML, so changes would simply be adding some in-line styling of JS code...

So anyways, what ideas and suggestions would work best? At this point I am open to all scenarios, but ideally something as simple as possible to get what I need. This is already a huge project :).

Thanks in advance!
Sep 15 '13 #1
0 1132

Sign in to post your reply or Sign up for a free account.

Similar topics

1
5748
by: Mohan | last post by:
Hi All, I am using web browser control in a VB 6.0 client server application to print reports. I am writing the report into a HTML file and displays the report to the user using the code, webbrowsercontrol.navigate2 "path of the html file" method. When the user clicks command button on the VB form to print the report I am using the following code, webbrowsercontrol.ExecWB
0
1309
by: Marwan Shaban | last post by:
Greetings, I want to host a browser control in my windows forms application and deploy it using No Touch deployment. The windows-forms app is run in the Intranet zone with default Intranet Zone permissions (framework 1.1). I keep getting a security exception when I try to create a browser control on my form. I tried both deriving from AxHost and using an ActiveX wrapper for shdocvw. Both methods work when running in full
8
1567
by: David | last post by:
Hi I'm developing an internet app. in which I want to prevent the user from being able to browse the web whikst they are in the app. So I want to hide the I.E. address bar and prevent any new instances of I.E. other than the one running the app. I.E. 5 or later are specified as the only programs for running hte app, so I donlt have to be concerned about other, or earlier, browsers. Any pointer would be appreciated. I can't modify the...
9
13723
by: hzgt9b | last post by:
I am using a web browser control to display some PPT slides saved as HTML. My client has recently asked that the background of the browser be changed to sonething other than white so that the slides "standout". I've tried setting the browser's BackColor setting, but that had no effect at run time. Any suggestions on how to control the default back color of content displayed in a web browser control?
1
7629
by: Praveena | last post by:
Hi All, I am developing a Web Page in ASP.NET where i am using a Web Browser control. I created this selecting the "Microsoft Web Browser" in the custom controls. Now the problem is with the access. Once I drag and drop this control on the ASPX page then some code like this gets added to the WebForm1.aspx OBJECT language="C#" id="mybrowser" with a class id and a list of properties.
12
7633
by: VJ | last post by:
I am using the web browser control.., I would like to add the control at runtime... I was adding the web browser control at desgin time. Now I decided to add the control at run time so I removed the control from the form and also the refrences to AxSHDocVw and SHDocVw, then I added the following statments Dim axwbOfficeDocEditor As New AxSHDocVw.AxWebBrowser Me.Controls.Add(axwbOfficeDocEditor) axwbOfficeDocEditor.Dock = DockStyle.Fill
1
3057
by: celoftis | last post by:
BACKGROUND: I have some PPT slides that have been converted to HTM (ensuring that the show slide animations while browsing checkbox is checked). The original HTM slides have custom animations to allow movie (wmv) playback on mouse click. (All animations have been verified to work when viewing slides in ppt.) Further, I have ensured that the converted HTM file(s) contain only relative file paths. SITUATION #1 When I open the converted...
6
3161
by: kimiraikkonen | last post by:
Hello, I have a listbox and folder browser control. I need to display all .mp3 files' pathes into listbox. It was Ok with openfiledialog but how can list all .mp3 extension- having files into my listbox using folder browser control. A sample code would be great.
6
1715
by: =?Utf-8?B?UGFycm90?= | last post by:
I cannot access my SQL database in a browser control created in my C# Windows application program I can, however, access the database from an IE browser. I get the ubiquitous "Login failed for NT AUTHORITY\NETWORK SERVICE" error message. I researched all the advice on the internet and tried to add an NT AUTHORITY\NETWORK SERVICE login to my database under the Security/Users tab using SQL Server Mangement. However, there is no NT...
1
2145
by: klharding | last post by:
I am trying to load a web browser with a web site that contains an IP Address. I am able to load this website in an IE7 window with no issues on my Vista machine. But when I try to load this web site through the web browser control I keep getting the error "System.AccessViolationException was unhandled". I then tried this application on my XP machine and the web site loads fine inside of the web browser. I am assuming this has something to...
0
8995
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8832
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9381
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8252
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
6078
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4608
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4879
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2791
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2217
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.