473,245 Members | 1,790 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,245 software developers and data experts.

Low security web browser?

I found some code on a web site regarding accessing the html dom using
javascript, where the html resides in a frame. So I wrote a html
document with a frame which points to a real website, and tried to
access its html dom. Using IE6 (most up to date service packs, etc) or
Netscape (7.2 I believe, but I only used it for testing, so I cant be
sure), I got security errors - looking around, it appears that what I
want to do is not possible as most web browsers are too security
conscious. Is there any way to do what I want, or (worst case
scenario) a low security web browser that will allow me to do this?

Regards

Neil Danson
Jul 23 '05 #1
7 1974
Neil <n.******@lbs-ltd.com> wrote:
I found some code on a web site regarding accessing the html dom using
javascript, where the html resides in a frame. So I wrote a html
document with a frame which points to a real website, and tried to
access its html dom. Using IE6 (most up to date service packs, etc) or
Netscape (7.2 I believe, but I only used it for testing, so I cant be
sure), I got security errors - looking around, it appears that what I
want to do is not possible as most web browsers are too security
conscious. Is there any way to do what I want, or (worst case
scenario) a low security web browser that will allow me to do this?


Some browsers will let you turn down the security settings per website.
What do you want to do?
Jul 23 '05 #2
I basically have a frame on a local html page, which points at a web
site with some login information. Using Javascript I want the html
page to log in my use into the webpage. I have written an application
in c# which does this using the html dom, but in Javascript (while
code-wise it is much easier), it is seemingly impossible to access the
html of the frame (ie to populate the username/password fields)
without a security error.

Has anyone ever tried this? Loweing the security settings (in IE at
least) had no effect on the error.

Regards

Neil Danson

Ian Stirling <ro**@mauve.demon.co.uk> wrote in message news:<41***********************@ptn-nntp-reader02.plus.net>...
Neil <n.******@lbs-ltd.com> wrote:
I found some code on a web site regarding accessing the html dom using
javascript, where the html resides in a frame. So I wrote a html
document with a frame which points to a real website, and tried to
access its html dom. Using IE6 (most up to date service packs, etc) or
Netscape (7.2 I believe, but I only used it for testing, so I cant be
sure), I got security errors - looking around, it appears that what I
want to do is not possible as most web browsers are too security
conscious. Is there any way to do what I want, or (worst case
scenario) a low security web browser that will allow me to do this?


Some browsers will let you turn down the security settings per website.
What do you want to do?

Jul 23 '05 #3


Neil wrote:
I found some code on a web site regarding accessing the html dom using
javascript, where the html resides in a frame. So I wrote a html
document with a frame which points to a real website, and tried to
access its html dom. Using IE6 (most up to date service packs, etc) or
Netscape (7.2 I believe, but I only used it for testing, so I cant be
sure), I got security errors - looking around, it appears that what I
want to do is not possible as most web browsers are too security
conscious. Is there any way to do what I want, or (worst case
scenario) a low security web browser that will allow me to do this?


MS on Windows knows HTML applications, there your HTML is not rendered
by IE with its same origin policy but as a normal application. To start
save your .html file as a .hta file, then check the documentation on

http://msdn.microsoft.com/library/de...node_entry.asp
Such a HTML application is a way to have one frame loading an external
web site and scripting it with your locally loaded code.

If you want to use Netscape 7 to do such stuff then as long as the page
with your script is loaded locally (via file: URL) you/your script can
request permission to access the DOM of the external page e.g.

function setInnerText (element, text) {
if (element.childNodes.length == 1 && element.firstChild.nodeType == 3) {
element.firstChild.nodeValue = text;
}
else {
while (element.hasChildNodes()) {
element.removeChild(element.lastChild);
}
element.appendChild(element.ownerDocument.createTe xtNode(text));
}
}

function changeLinks (winOrFrame) {

netscape.security.PrivilegeManager.enablePrivilege ('UniversalBrowserRead
UniversalBrowserWrite');
var links = winOrFrame.document.links;
for (var i = 0; i < links.length; i++) {
links[i].href = 'http://JavaScript.FAQts.com/';
setInnerText(links[i], 'JavaScript.FAQts');
}
}

changeLinks(parent.frames[1])
Then the enablePrivilege call will popup a dialog asking the browser
user to grant the script the privilege. With standard security settings
for Netscape/Mozilla the enablePrivilege call will only popup the dialog
when called in a signed script or in a locally loaded script (file: URL)

--

Martin Honnen
http://JavaScript.FAQTs.com/
Jul 23 '05 #4
Neil <n.******@lbs-ltd.com> wrote:
I basically have a frame on a local html page, which points at a web
site with some login information. Using Javascript I want the html
page to log in my use into the webpage. I have written an application
in c# which does this using the html dom, but in Javascript (while
code-wise it is much easier), it is seemingly impossible to access the
html of the frame (ie to populate the username/password fields)
without a security error.

Has anyone ever tried this? Loweing the security settings (in IE at
least) had no effect on the error.


The problem is that you're trying to defeat a security mechanism that
most of the world thinks is a good idea.
Do you not have control over the website, to maybe use a cookie instead?
Jul 23 '05 #5
Superb. That worked a treat. Thankyou.

On a (kind of) related note, Now my app can fill in the details, once
it submits the data (on a click of a button) it launches a new page in
a new window. Is there any way of stoppping that loading int IE, and
load it into a new frame? In C# I would have used the NewWindow2 event
of the IE object. Any ideas on how to do this in Javascript?

Regards

Neil
Jul 23 '05 #6


Neil wrote:
Superb. That worked a treat.
What exactly, HTAs, signed script, requesting privileges?
Now my app can fill in the details, once
it submits the data (on a click of a button) it launches a new page in
a new window. Is there any way of stoppping that loading int IE, and
load it into a new frame?


You will need to post the relevant markup and script you have so that we
know what exactly you are doing.
--

Martin Honnen
http://JavaScript.FAQTs.com/
Jul 23 '05 #7
Sorry - HTAs. Didnt try the other ones as this seemed to work OK.

As for the HTML:

<HTML>
<HEAD>
<TITLE>Binary Bet Trader</TITLE>
<HTA:APPLICATION ID="oHTA"
APPLICATIONNAME="Binary Bet Trader"
BORDER="thin"
BORDERSTYLE="normal"
CAPTION="yes"
ICON=""
MAXIMIZEBUTTON="yes"
MINIMIZEBUTTON="yes"
SHOWINTASKBAR="no"
SINGLEINSTANCE="no"
SYSMENU="yes"
VERSION="1.0"
WINDOWSTATE="maximize"/>

<SCRIPT>
function onLoad()
{
parent.left_frame.document.frmLogin.account_id.val ue='****';
parent.left_frame.document.frmLogin.password.value ='****';
parent.left_frame.submitLoginForm(parent.left_fram e.document.forms['frmLogin']);
}

</SCRIPT>
</HEAD>
<FRAMESET cols="100%" rows="100%" onload="onLoad();">
<FRAME SRC="http://www.binarybet.com" name="left_frame"
APPLICATION="yes">
</FRAMESET>
</HTML>

On the submitform call it launches a new window. I'd like to cpatue
that window and load it into another frame. ATM, because the 1st page
is not loaded by IE, the page which opens next does not load correctly
( i had this in my c# version too). As I said, in C# I would use the
NewWindow2 event - is there anything equivalent I can do here?

Regards

Neil
Jul 23 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: GingerNinja | last post by:
I am trying to prevent users from submitting HTML pages from their local machine to our website and I was wondering what the best way of doing this was. I was thinking about using the...
6
by: WhenAmIOn.com | last post by:
Hi all, I developed a web site that uses javascript and XMLHTTP to dynamically load info on the page from the server without having to re-load the page. Recently I've received complaints of it...
12
by: A.M. | last post by:
Hi at all, how can I do to insert into a HTML page a file .txt stored in the same directory of the server where is the html file that must display the text file.txt? Thank you very much P.Pietro
2
by: Razzbar | last post by:
I found an interesting JS technique being used by spurl.net and a few other sites, and implemented my own version of it. I like using it, but I'm rather surprised it works at all. One of my old...
15
by: osfwofujro | last post by:
According to a financial website I tried to access without JavaScript: "the site uses JS for security reasons." How would using JS improve security? Thanks.
2
by: J.Marsch | last post by:
Ok, so here's a problem you probably don't see every day: We are building an application that must run in a browser, but we need to do some things client-side that would be rather difficult to...
2
by: Joseph Geretz | last post by:
I'm having a credentialing problem in my web application. Actually, I don't think this is an IIS security issue, since I'm able to access the page I'm requesting. However, the executing page itself...
19
by: Blair P. Houghton | last post by:
I'm just learning Python, so bear with. I was messing around with the webbrowser module and decided it was pretty cool to have the browser open a URL from within a python script, so I wrote a...
4
by: tony | last post by:
I'm designing a survey form page that will be fairly complex and am becoming confident enough with PHP now to tackle most things. (Thanks to everyone here who has helped) Before I go too far...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.