Is it still possible to run javascript in the address bar [duplicate] - javascript

So with the most recent Facebook phishing scandal1, Google Chrome (and, I assume, other browsers) disabled the ability to paste javascript directly into your URL bar. Well, it still lets you, but it strips the javascript: part.
I'm trying to find a work around to be able to directly paste javascript into the URL. Test it out for yourself:
javascript: alert('Hello World');
instantly (for me at least) strips the "javascript:" part of the code only in Google Chrome.
1 Facebook Phishing Scandal - It's when people where copy-paste that JavaScript code into their URL and it'd invite all their friends to an event OR post something malicious on every friend's wall.

Next best thing workaround: Leave out the leading j when copying the snippet and add only that character manually:
mark (w/ mouse) from avascript:…
Ctrl+C
Ctrl+L
j
Ctrl+V
Enter

When coding a little yourself, you may find yourself needing to frequently prepend javascript: into the address bar.
Here are two ways to speed this up:
Add a search engine keyword entry with the keyword j and the URL javascript:%s.
Then you can do:
Ctrl+L
j
Space
Ctrl+V
(It also works like a charm, when you already have JS code in the address bar:
Home
j
Space
)
Autocompletion can save you a few keystrokes, if you don't want to create a search engine keyword entry.
It requires a quick preparation: Feed javascript into the address bar:
Ctrl+L
javascript
Enter
From then on, this shortcut is available:
Ctrl+L
j
(javascript should be proposed as completion. Otherwise repeat submitting javascript in the address bar, until your browser promotes it to default completion for j.)
End
:
Ctrl+V

Yes. Use normal developer console.

So with the most recent facebook phishing scandal, google chrome(and i
assume other browsers) disabled the ability to paste javascript
directly into your URL bar. Well it still lets you, but it strips the
"javascript: " part.
IE9 and FF added this "protection" too... only Opera holds, for now.
Still, it became even easier. Just trick your user to paste code into console. Same effect as with old snippets.

It is so in any version of Chrome. As I think they are trying to protect you from execution of dangerous code. There are some ways of solving it:
Paste then type javascript: by hand
Press F12, open console and execute the code (without javascript:) from there
Add javascript link to favourites and execute just by clicking
Make an extension or use some suitable one

Simply bookmark the bookmarklet (that's the term for javascript:...). Create an anchor which links to the bookmarklet, and ask the user to bookmark this link.
Example:
Bookmark this by dragging it on your bookmark bar
I've just tested it in FF7, and it works like a charm.

Related

stop the event-listener operate while using website surfing

I like using the oxford dictionary site.
http://www.oxfordlearnersdictionaries.com/definition/english/loudly?q=loudly
Here is the website url when i searched a certain word, 'loudly'.
Hmm.. I'm chrome user and I also use a chrome-dictionary addon.
The feature of the dic-addon is that I can readily search a word just double click any words, then addon automatically find out what is mean by showing the little popup view located on the upper left corner of chrome browser.
The problem is, like the dic-addon, oxford dictionary site offer the same double click service.
In oxford dic site, if you just double click any words for search the meaning of word through chrome dic addon, suddenly they pick me up to a site where shows the definition of word that i double clicked, and addon's searching result page was canceled due to moved site url. How annoying.. :(
But I want to use only chrome dic addon double click feature.
And the more worse, I can't give up the use of oxford dictionary...
So.. There is any breakthrough to ignore the double click event in dictionary website?
If you open the developer tools (F12) on a page of http://www.oxfordlearnersdictionaries.com/ and they type $('.main-container').off('dblclick'); and hit enter this will disable oxfordleanersdictionaries double click feature. However this will need to be done each time you load a page.
If you know how to make Chrome Extensions you could create one that calls this code each time a www.oxfordlearnersdictionaries.com page is visited. Alternatively install something like Tampermonkey and add this line to a custom script.
I created a tampermonkey script with the following code and it works perfectly
setTimeout(function() {
$('.main-container').off('dblclick');
}, 1000);
Run at in the settings was set to document-end

Why is "javascript:" pseudo-protocol stripped from URL bar when pasted?

So with the most recent Facebook phishing scandal1, Google Chrome (and, I assume, other browsers) disabled the ability to paste javascript directly into your URL bar. Well, it still lets you, but it strips the javascript: part.
I'm trying to find a work around to be able to directly paste javascript into the URL. Test it out for yourself:
javascript: alert('Hello World');
instantly (for me at least) strips the "javascript:" part of the code only in Google Chrome.
1 Facebook Phishing Scandal - It's when people where copy-paste that JavaScript code into their URL and it'd invite all their friends to an event OR post something malicious on every friend's wall.
Next best thing workaround: Leave out the leading j when copying the snippet and add only that character manually:
mark (w/ mouse) from avascript:…
Ctrl+C
Ctrl+L
j
Ctrl+V
Enter
When coding a little yourself, you may find yourself needing to frequently prepend javascript: into the address bar.
Here are two ways to speed this up:
Add a search engine keyword entry with the keyword j and the URL javascript:%s.
Then you can do:
Ctrl+L
j
Space
Ctrl+V
(It also works like a charm, when you already have JS code in the address bar:
Home
j
Space
)
Autocompletion can save you a few keystrokes, if you don't want to create a search engine keyword entry.
It requires a quick preparation: Feed javascript into the address bar:
Ctrl+L
javascript
Enter
From then on, this shortcut is available:
Ctrl+L
j
(javascript should be proposed as completion. Otherwise repeat submitting javascript in the address bar, until your browser promotes it to default completion for j.)
End
:
Ctrl+V
Yes. Use normal developer console.
So with the most recent facebook phishing scandal, google chrome(and i
assume other browsers) disabled the ability to paste javascript
directly into your URL bar. Well it still lets you, but it strips the
"javascript: " part.
IE9 and FF added this "protection" too... only Opera holds, for now.
Still, it became even easier. Just trick your user to paste code into console. Same effect as with old snippets.
It is so in any version of Chrome. As I think they are trying to protect you from execution of dangerous code. There are some ways of solving it:
Paste then type javascript: by hand
Press F12, open console and execute the code (without javascript:) from there
Add javascript link to favourites and execute just by clicking
Make an extension or use some suitable one
Simply bookmark the bookmarklet (that's the term for javascript:...). Create an anchor which links to the bookmarklet, and ask the user to bookmark this link.
Example:
Bookmark this by dragging it on your bookmark bar
I've just tested it in FF7, and it works like a charm.

Can a piece of code be dynamically placed on every webpage a user visit

So we have a program that the user can use by copying text from a webpage they visit, alt+tabbing to the program, then pasting it as input. It would be more convenient for users to be able to do it directly in the site.
We were thinking of a panel that would be small and expandable, following them to each site they visit. Is this possible? Either a snippet of code that is auto pasted, or a JavaScript command called that would dynamically paste the code (is Scratchpad any help here, at least in FireFox).
We've never made a FF add-on, but it seems like if the dynamic panel idea falls through, an add-on would be the next best thing.
Basically, users should ideally be able to copy text, either enter a key combo or click a button, see the interface and paste in the text. Would either of these methods work?
A browser add-on or a userscript could certainly do this.
You can also write a userscript and use a user script compiler (such as this one) to convert it to a "true" Addon.
Alternatively your application could act as a HTTP proxy and inject it dynamically, but I'd guess that this would probably be more complicated than the other two approaches.
This site Polyvore used to do something similar, although in the 2 mins hunting around I could not find it, but I have used it and I think the technique was used by Google and Digg for a while. From what I recal it involved iframes and a bookmark in your browser.
Basically you could download a small piece of code that would sit in your bookmarks bar and this would allow you to navigate to a fashion website click on the bookmark copy a picture and insert it back into Polyvore.

Raising X11 urgent flag from webbrowser

The global picture is that I want my Firefox X11 window to have its urgent flag set when (say) a new Gmail mail arrives.
I feel confident that I can produce the code to check Gmails arrival by reading some other Firefox extensions' code. What I can't figure out is how to get the Window ID of the webbrowser, so that I can call, say, an external program to raise the urgent flag (that is, setting the XUrgencyHint).
Any help appreciated; if my methodology (i.e. create an extension) is no good, don't hesitate to say so.
While you did not mention your programming/scripting language you where planning to use to find firefox's window to set, I found this answer on SO to your exact question (both questions are essentially the same: find ff window in x11).
Generally spoken, in firefox each 'container of tabs' is a window and each tab is a window (hence you can load firefox ui inside firefox ui). So you could search for firefox windows with a specific title or src/url.
But.. since you are after a open gmail-tab in firefox anyway.. why not think inside the box instead of outside the box.. (I know, feels strange right :) ?)
Why not craft a simple bookmarklet (called something like 'monitor new gmail') and add it to your bookmarks(-bar) (working around FaceFox's -yes I made this diss- insanity of not accepting web-standard javascript in the address-bar anymore..).
This bookmark should do:
make gmail check for new mail periodically (it'll be AJAX-like
anyway),
detect new mail (by comparing the contents of the first row
in the table that holds the mail-subjects or what ever you can hook)
and finally set window.getAttention() (for firefox)
OR (a little more cross-browser:) change document-title OR alternate/change blinking/non-blinking favicon..
See this and this topic on SO for some simple and nifty scripts on doing this.

What percentage of followed hyperlinks might have their "onclick" JavaScript ignored?

As far as I know all popular web browsers execute the onclick attribute of an anchor link first, then follow the path specified by the href attribute.
The problem here is that the onclick attribute only gets called when clicking with the left mousebutton (without pressing ctrl or shift for a new tab or window) or when pressing enter on your keyboard while the tabIndex is set to the link you want to follow.
But there are many other ways of following a link than just those two.
Ctrl + click
shift + click
rightmousebutton + open
rightmousebutton + new tab
drag & drop link to address bar
and so on...
My client uses onclick for conversion statistics. Which seems heavily unreliable.
My question:
What percentage of hyperlinks are being followed without activating their onclick attribute?
All estimates are highly appreciated. I'm completely lost; I think it can be any number...
Aside from those of us who habitually middle-click/ctrl-click to open links in new tabs, there's another major cause of onClick failure: NoScript and similar plugins which allow javascript to run only when it comes from whitelisted sites. If your domain isn't on my whitelist, then your onClick won't run, no matter how I trigger the link.
If you want reliable stats on which pages people are visiting, there's only one bulletproof source for that: The web server logs.
The logs are probably also your best bet for tracking how people move throughout the site, but they're not entirely reliable, as some privacy-paranoid users will falsify their referer headers or just not send them at all, but I expect that to be far less common than disabling javascript.
It depends. If the audience is more technically inclined, I'd assume that using alternative ways of following a link would be more common. All in all, though, even a lot of technical people seem to be unaware of things like clicking the middle mouse button to open or close a tab. If that's the case with technical people, I wouldn't be surprised if almost no one in the general audience used it.
The links are all exit-links. I was thinking of a PHP script that does the counting of clicks.
Though this is not the subject of your question, you might want to have a look at Google Analytics then. They are The Master in tracking you. They track right-clicks (even when not actually selecting "open in new window" after that, which they obviously cannot know), which will yield Ajax calls to http://www.google.com/url.
To see Analytics in action: with Adblock and the like disabled, search something on google.com and open up Live HTTP Headers in Firefox (or your Firebug Net tab in Firefox, or WebKit's Resources pane in Safari or Chrome, sorted by time). Next, click, right-click, shift-click or control-click any search result (preferably a result that does not require a lot of HTTP traffic by itself, or is in your browser's cache).
the onclick attribute only gets called when clicking with the left
mousebutton (without pressing ctrl or shift for a new tab or window)
Not entirely true. I created a quick test at JS Bin, to show that modifier keys do not affect the onclick event. (For right-click, one should use the oncontextmenu event.)
What are you doing in your onclick handler that you are worried about not working? e.g. if you have a regular link to a page... and the onclick just opens that same page in a pre-sized popup for user convenience in a web application... then there's likely no issue (e.g. CTRL+Click) still opens the page, it just gets opened in a new tab)
If you are just trying to "log" every click in the site/application for tracking purposes then maybe you can hook into the onmousedown/up or focus/blur events instead/also.

Categories

Resources