I'm trying to write some web-based automation. The sites I'm hitting aren't on the same domain as my automation, so cross-site scripting issues make it impossible to access the DOM on the target website.
I don't want to use a proxy or deal with proxifying the target websites (like Selenium does, for example). Cross-platform is a nice to have, but isn't a must. I'll go Windows only if I'm forced to.
I realize I could simply write a Windows program that runs a WebBrowser control and my own set of scripts, but I don't want my users having to download an EXE from my webpage, or any registry overrides to disable cross-domain checking. It has to be extremely easy to use, no extra software downloads or anything.
I tried to write an ActiveX control which includes the MS WebBrowser control, so I could have a "browser-in-a-browser", so to speak. This didn't work. I ended up with winocc.cpp assertion failures.
What other options do I have? Would a Java applet work? I'd need a Java-based browser.. would I have to look at using JRex or Lobo?
There has just got to be a better way.
You could use a server-side language to obtain the external page using a screen scrape. I've done this using PHP and also in C#.NET, but you could use pretty much any server side language to make a web request that returns the whole chunk of HTML from the target page.
Once you have the HTML, you can do what you want with it, as it's just a string that you're going to manipulate in some way and then write on your page.
Related
Is it a realistic possibility to use WebKit (or any other available web engine) with Tcl/Tk to build the UI elements in a Tk top-level window based on HTML/CSS/JS?
I don't mean to build a web browser for viewing all internet content, but only to use it to display my content and store user input through interacting with a local SQLite database. I'd also like to be able to allow the user to update the database from a server when new information becomes available, but it is otherwise a desktop application requiring no connection to the internet.
I like Tk and may still use it only, but I'm having issues displaying multi-byte characters in RTL languages that I don't think can be resolved in the current version. I have this set up working as a web extension (which is mainly an application-specific UI library) using native-messaging to communicate with a C program compiled with the SQLite amalgamation file. It works fairly well, but I prefer to not have to depend on a web browser and have been trying to move it to Tcl/Tk.
Is this a stupid thought to consider a web engine, and I ought to just learn GTK or Qt, or perhaps Qt WebKit or WebKitGTK? I'm using Linux but would like it to work on Windows also.
Thank you.
I have made an exe program using vb.net but I want to make a webpage on which that exe is embedded.
Like the way this site has done.
You already have the source code for your VB.NET application, the path of least resistance is to factor out the desired functionality into a library DLL. Your web server presumably runs Windows and so will probably have ASP.NET capability. Just reference the DLL in your ASP.NET project and call into that instead.
My advice is don't make a rod for your own back by creating your own CGI binaries:
With a CGI application you'll have to generate all of the response headers and markup by yourself, you'll also have to parse any inbound headers, cookies etc yourself. It's a lot of work to replicate functionality already present in ASP.NET
Enabling CGI executables on your web server increases the risk of a security compromise, either through a mistake in your VB.NET executable, or because via some other vector an attacker has been able to upload a malicious executable and run that.
This question already has answers here:
How to write a browser plugin?
(4 answers)
Closed 9 years ago.
In my legacy web application I need to read user system registry from JS and do some other stuff. I cannot not use ActiveX for security reasons so I have written a plugin. My Plugin consists of a DLL file which is a COM component. This COM component exposes few functions which I call from Java Script code.
In IE I package my DLL in a CAB file and install it, say it's test.dll, in the following way:
<object classid="clsid:some class id here" codebase="test.cab" height="0" width="0" onError="testInstalled=false; return true;" id="testComp"></object>
The above HTML tag install the COM component as plugin in IE and Im able to access the exposed functions of the same from my JS code:
var testCompApp = document.testComp;
testCompApp.callSomeFunction();
It works fine in IE. I need the same functionality in other browsers(Chrome,Firefox, Safari)
Can you pls suggest how to develop plugins for other browsers using my DLL file?
Thanks,
I don't get it: First you say "I can't use ActiveX for security reasons", and then you do the same bad things that ActiveX does in all its dangerous glory: a CAB-packaged COM object running unrestricted native Win32.
How does doing that solve your security concerns with ActiveX?
Leaving aside for a minute the question of "security": if you are not doing "ActiveX" already, you're pretty close. I don't remember off the top of my head all the details of what goes into [the-IE-plug-in-architecture-that-shares-with-other-stuff-the-marketing-moniker-of] "ActiveX", but I think all you are missing to be called "ActiveX" is a few interfaces you must implement. I also suspect that by being shy of "ActiveX" you don't even get to sign your CAB with Authenticode, which would provide your users with a modicum of confidence (assuming you maintain proper controls and key management, and that your users trust you enough to allow your native code to run on their computers).
In any case, that DLL you wrote will only ever run in IE. There is no other browser that supports Win32 native COM objects (whether you choose to follow the ActiveX specification to the letter or not). If you want to do the same thing in other browsers, you are going to have to rewrite it with something else.
I think you have (at most) two options for doing what you want to do:
COM/ActiveX: Native Win32 code in a COM object. What you are doing now. This only works on IE and it's extremely dangerous for users, unless it's done in a controlled environment (e.g. if this is a commercial product to be distributed by an enterprise customer's IT department, or if you have an established presence and a reputation, like some large companies do).
Java:. This would run on all browsers assuming your users have the proper runtime installed and enabled. But it will only work for you if Java allows access to the information you seek via a sandbox-authorized method, because you can't call registry API's from the Java sandbox. The same goes for "the other stuff" you need the plug-in to do.
Ok, so you have a third option:
Reimplement the whole thing in something that is not tied to the browser: a native Windows executable; maybe in a downloadable installer or maybe a .NET program deployed via ClickOnce.
You are in a pickle: You are saying "I have security concerns with running ActiveX but I need to do something dangerous". Any piece of code downloadable and runnable by a web browser that is able to access the registry directly is - necessarily - a dangerous piece of code. Any conceivable technology that allows you to run such code from a browser will immediately elicit the very same security concerns that ActiveX elicits.
Indiscriminate access to the registry is out of the question from a modern browser sandboxed environment, so you either have to find a different source for the specific information you want, or you have to use ActiveX/COM running under IE.
Is it possible for a website to automatically find a folder on usb stick and upload all the files in it to the web server by clicking only one button?
The problem is that I don't know how to make upload form automatically detect usb stick as the drive name(ie. G:, F:, etc) may vary from computer to computer, so hard coding path is not possible.
Ps. I'm using yii framework for site development, but can add a new page that will handle this in any other language as the client really wants this feature.
Web sites are not allowed to set default files to upload (it's a major security risk!). Also, web sites cannot scan the hard drive/enumerate what file systems exist on a system, again, for security purposes.
It might be possibly to do this with Flash/Silverlight/Java. Java seems the most likely to allow a web developer to do this (Java plugin seems to be quite willing to give out every permission under the Sun).
Short answer: No.
Long answer: Allowing automatic uploads in web browsers would be a huge security hole so the browsers intentionally prevent it. Even if you manage to find a hole that permits it, the browser makers will break it as soon as they find out.
However, if you have an environment where an actual separate program can be installed on the end user's computer you could easily write a program to do automated uploads of specified directories when launched.
What I'm looking for is some sort of a proxy tool that will allow me to specify a local file to load instead of one specified in the web page that is being browsed. I have tried Burp Suite which is almost working - it allows us to intercept a file and replace it by pasting the contents of the file we are swapping in into an input field. The file content is compiled code (Flash content) so we are pasting in bytecode, but something isn't working.
The reason is we are a 3rd party software developer without access to our client's development or testing environments. Our content must interact correctly with the rest of the content on their webpage (there are elements on their page that communicate with our content) and to test any changes we make takes several hours turnaround to get our files uploaded to their servers. So what we need is some sort of hacking tool to let us test our work with their web pages, hence the requirement to specify a file in a webpage to swap with a local version.
The autoresponder feature in Fiddler Web Debugging Proxy might do what you need, if it's only static content.
I've been using HTTP::Proxy for a long time, and it has always helped me fiddle with things on the fly.
You might be able to do this with Greasemonkey but I'm not sure if the tests will be totally reliable.
http://diveintogreasemonkey.org/patterns/replace-element.html
And if Greasemonkey seems plain wrong for you I would take it as the perfect excuse to try out mouseHole. Now I have to admit that I've never tried it but since _why also made Hpricot I expect it to be fun, productive, and different.