Low security web browser?

Neil <n.******@lbs-ltd.com> wrote:

I found some code on a web site regarding accessing the html dom using
javascript, where the html resides in a frame. So I wrote a html
document with a frame which points to a real website, and tried to
access its html dom. Using IE6 (most up to date service packs, etc) or
Netscape (7.2 I believe, but I only used it for testing, so I cant be
sure), I got security errors - looking around, it appears that what I
want to do is not possible as most web browsers are too security
conscious. Is there any way to do what I want, or (worst case
scenario) a low security web browser that will allow me to do this?

Some browsers will let you turn down the security settings per website.
What do you want to do?

I basically have a frame on a local html page, which points at a web
site with some login information. Using Javascript I want the html
page to log in my use into the webpage. I have written an application
in c# which does this using the html dom, but in Javascript (while
code-wise it is much easier), it is seemingly impossible to access the
html of the frame (ie to populate the username/password fields)
without a security error.

Has anyone ever tried this? Loweing the security settings (in IE at
least) had no effect on the error.

Regards

Neil Danson

Ian Stirling <ro**@mauve.demon.co.uk> wrote in message news:<41***********************@ptn-nntp-reader02.plus.net>...

Neil <n.******@lbs-ltd.com> wrote:

I found some code on a web site regarding accessing the html dom using
javascript, where the html resides in a frame. So I wrote a html
document with a frame which points to a real website, and tried to
access its html dom. Using IE6 (most up to date service packs, etc) or
Netscape (7.2 I believe, but I only used it for testing, so I cant be
sure), I got security errors - looking around, it appears that what I
want to do is not possible as most web browsers are too security
conscious. Is there any way to do what I want, or (worst case
scenario) a low security web browser that will allow me to do this?

Some browsers will let you turn down the security settings per website.
What do you want to do?

Neil wrote:

I found some code on a web site regarding accessing the html dom using
javascript, where the html resides in a frame. So I wrote a html
document with a frame which points to a real website, and tried to
access its html dom. Using IE6 (most up to date service packs, etc) or
Netscape (7.2 I believe, but I only used it for testing, so I cant be
sure), I got security errors - looking around, it appears that what I
want to do is not possible as most web browsers are too security
conscious. Is there any way to do what I want, or (worst case
scenario) a low security web browser that will allow me to do this?

MS on Windows knows HTML applications, there your HTML is not rendered
by IE with its same origin policy but as a normal application. To start
save your .html file as a .hta file, then check the documentation on

http://msdn.microsoft.com/library/de...node_entry.asp
Such a HTML application is a way to have one frame loading an external
web site and scripting it with your locally loaded code.

If you want to use Netscape 7 to do such stuff then as long as the page
with your script is loaded locally (via file: URL) you/your script can
request permission to access the DOM of the external page e.g.

function setInnerText (element, text) {
if (element.childNodes.length == 1 && element.firstChild.nodeType == 3) {
element.firstChild.nodeValue = text;
}
else {
while (element.hasChildNodes()) {
element.removeChild(element.lastChild);
}
element.appendChild(element.ownerDocument.createTe xtNode(text));
}
}

function changeLinks (winOrFrame) {

netscape.security.PrivilegeManager.enablePrivilege ('UniversalBrowserRead
UniversalBrowserWrite');
var links = winOrFrame.document.links;
for (var i = 0; i < links.length; i++) {
links[i].href = 'http://JavaScript.FAQts.com/';
setInnerText(links[i], 'JavaScript.FAQts');
}
}

changeLinks(parent.frames[1])
Then the enablePrivilege call will popup a dialog asking the browser
user to grant the script the privilege. With standard security settings
for Netscape/Mozilla the enablePrivilege call will only popup the dialog
when called in a signed script or in a locally loaded script (file: URL)

--

Martin Honnen
http://JavaScript.FAQTs.com/

Neil <n.******@lbs-ltd.com> wrote:

I basically have a frame on a local html page, which points at a web
site with some login information. Using Javascript I want the html
page to log in my use into the webpage. I have written an application
in c# which does this using the html dom, but in Javascript (while
code-wise it is much easier), it is seemingly impossible to access the
html of the frame (ie to populate the username/password fields)
without a security error.

Has anyone ever tried this? Loweing the security settings (in IE at
least) had no effect on the error.

The problem is that you're trying to defeat a security mechanism that
most of the world thinks is a good idea.
Do you not have control over the website, to maybe use a cookie instead?

Superb. That worked a treat. Thankyou.

On a (kind of) related note, Now my app can fill in the details, once
it submits the data (on a click of a button) it launches a new page in
a new window. Is there any way of stoppping that loading int IE, and
load it into a new frame? In C# I would have used the NewWindow2 event
of the IE object. Any ideas on how to do this in Javascript?

Regards

Neil

Neil wrote:

Superb. That worked a treat.
What exactly, HTAs, signed script, requesting privileges?
Now my app can fill in the details, once
it submits the data (on a click of a button) it launches a new page in
a new window. Is there any way of stoppping that loading int IE, and
load it into a new frame?

You will need to post the relevant markup and script you have so that we
know what exactly you are doing.
--

Martin Honnen
http://JavaScript.FAQTs.com/

Sorry - HTAs. Didnt try the other ones as this seemed to work OK.

As for the HTML:

<HTML>
<HEAD>
<TITLE>Binary Bet Trader</TITLE>
<HTA:APPLICATION ID="oHTA"
APPLICATIONNAME="Binary Bet Trader"
BORDER="thin"
BORDERSTYLE="normal"
CAPTION="yes"
ICON=""
MAXIMIZEBUTTON="yes"
MINIMIZEBUTTON="yes"
SHOWINTASKBAR="no"
SINGLEINSTANCE="no"
SYSMENU="yes"
VERSION="1.0"
WINDOWSTATE="maximize"/>

<SCRIPT>
function onLoad()
{
parent.left_frame.document.frmLogin.account_id.val ue='****';
parent.left_frame.document.frmLogin.password.value ='****';
parent.left_frame.submitLoginForm(parent.left_fram e.document.forms['frmLogin']);
}

</SCRIPT>
</HEAD>
<FRAMESET cols="100%" rows="100%" onload="onLoad();">
<FRAME SRC="http://www.binarybet.com" name="left_frame"
APPLICATION="yes">
</FRAMESET>
</HTML>

On the submitform call it launches a new window. I'd like to cpatue
that window and load it into another frame. ATM, because the 1st page
is not loaded by IE, the page which opens next does not load correctly
( i had this in my c# version too). As I said, in C# I would use the
NewWindow2 event - is there anything equivalent I can do here?

Regards

Neil