473,699 Members | 3,360 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Getting around the XSS filter in web browser control...

1 New Member
Hello, I am working on a pet project and need to overcome a major hurdle in an application. I have checked countless forums and articles and have only found bits and pieces of what I am looking for, so I hope a more direct approach will help me.

Here's the scenario:
1. The site is actually a game, which uses Javascript/JSON with DHTML on a page that has several IFRAMES - two of which are deeper inside the outside page AND of a separate domain.

2. There are NO security issues with what I am trying to do. All programming and access is limited to merely simplifying and automating normally access functions only. All authentication and private information is done prior to any access, and only the session information will ever be used, and only to facilitate game operations that the user knows will happen.

3. The idea is to use the webbrowser control to access the game and provide ordinary access, while the app hosting the browser gets the game session information and makes separate automated calls to the game servers. This has already been done via Firefox using Greasemonkey scripting, and it works well - except that Firefox has a horrible memory leak that eventually causes the whole operation to break down.

The problem I am running into is obvious. I am trying to access the iframe that is technically on a different domain, and the web browser DOM model won't let me in. I have seen enough articles to know there are several workarounds to XSS filter blocks but they are quite vague and vary depending on scenario.

So, I will outline exactly what I need in hopes that I can obtain an amicable solution...

1. I need to obtain the DOM of a nested IFRAME of a different domain. If need be I could live with just the source, but the DOM and the JS vars would be the most ideal. My strategy here is to use the session information and make HttpWebRequest calls parallel to the web browser in-game. That way I can automate some functions while still playing. It can be done - if I can get the session information and pass it the same way. It will all be done on the same client with the users permission and knowledge, so no security issues.

2. I would really like it if I could pass information BACK to that IFRAME. One of the major things this project is trying to do is make some visual changes to simplify the look and feel of the interface. It is all in HTML, so changes would simply be adding some in-line styling of JS code...

So anyways, what ideas and suggestions would work best? At this point I am open to all scenarios, but ideally something as simple as possible to get what I need. This is already a huge project :).

Thanks in advance!
Sep 15 '13 #1
0 1128

Sign in to post your reply or Sign up for a free account.

Similar topics

1
5745
by: Mohan | last post by:
Hi All, I am using web browser control in a VB 6.0 client server application to print reports. I am writing the report into a HTML file and displays the report to the user using the code, webbrowsercontrol.navigate2 "path of the html file" method. When the user clicks command button on the VB form to print the report I am using the following code, webbrowsercontrol.ExecWB
0
1306
by: Marwan Shaban | last post by:
Greetings, I want to host a browser control in my windows forms application and deploy it using No Touch deployment. The windows-forms app is run in the Intranet zone with default Intranet Zone permissions (framework 1.1). I keep getting a security exception when I try to create a browser control on my form. I tried both deriving from AxHost and using an ActiveX wrapper for shdocvw. Both methods work when running in full
8
1565
by: David | last post by:
Hi I'm developing an internet app. in which I want to prevent the user from being able to browse the web whikst they are in the app. So I want to hide the I.E. address bar and prevent any new instances of I.E. other than the one running the app. I.E. 5 or later are specified as the only programs for running hte app, so I donlt have to be concerned about other, or earlier, browsers. Any pointer would be appreciated. I can't modify the...
9
13717
by: hzgt9b | last post by:
I am using a web browser control to display some PPT slides saved as HTML. My client has recently asked that the background of the browser be changed to sonething other than white so that the slides "standout". I've tried setting the browser's BackColor setting, but that had no effect at run time. Any suggestions on how to control the default back color of content displayed in a web browser control?
1
7622
by: Praveena | last post by:
Hi All, I am developing a Web Page in ASP.NET where i am using a Web Browser control. I created this selecting the "Microsoft Web Browser" in the custom controls. Now the problem is with the access. Once I drag and drop this control on the ASPX page then some code like this gets added to the WebForm1.aspx OBJECT language="C#" id="mybrowser" with a class id and a list of properties.
12
7625
by: VJ | last post by:
I am using the web browser control.., I would like to add the control at runtime... I was adding the web browser control at desgin time. Now I decided to add the control at run time so I removed the control from the form and also the refrences to AxSHDocVw and SHDocVw, then I added the following statments Dim axwbOfficeDocEditor As New AxSHDocVw.AxWebBrowser Me.Controls.Add(axwbOfficeDocEditor) axwbOfficeDocEditor.Dock = DockStyle.Fill
1
3054
by: celoftis | last post by:
BACKGROUND: I have some PPT slides that have been converted to HTM (ensuring that the show slide animations while browsing checkbox is checked). The original HTM slides have custom animations to allow movie (wmv) playback on mouse click. (All animations have been verified to work when viewing slides in ppt.) Further, I have ensured that the converted HTM file(s) contain only relative file paths. SITUATION #1 When I open the converted...
6
3157
by: kimiraikkonen | last post by:
Hello, I have a listbox and folder browser control. I need to display all .mp3 files' pathes into listbox. It was Ok with openfiledialog but how can list all .mp3 extension- having files into my listbox using folder browser control. A sample code would be great.
6
1713
by: =?Utf-8?B?UGFycm90?= | last post by:
I cannot access my SQL database in a browser control created in my C# Windows application program I can, however, access the database from an IE browser. I get the ubiquitous "Login failed for NT AUTHORITY\NETWORK SERVICE" error message. I researched all the advice on the internet and tried to add an NT AUTHORITY\NETWORK SERVICE login to my database under the Security/Users tab using SQL Server Mangement. However, there is no NT...
1
2142
by: klharding | last post by:
I am trying to load a web browser with a web site that contains an IP Address. I am able to load this website in an IE7 window with no issues on my Vista machine. But when I try to load this web site through the web browser control I keep getting the error "System.AccessViolationException was unhandled". I then tried this application on my XP machine and the web site loads fine inside of the web browser. I am assuming this has something to...
0
8623
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9187
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9053
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8936
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
5879
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4636
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3071
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2360
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2015
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.