I have an e-commerce website and I don't want people to do phishing from inspect element (F12 or CTRL + U) on my checkout page.
On NVIDIA AI PLAYGROUND web site they was able to clean the hole site and keep only this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>nvidia-research-mingyuliu.com</title>
<meta name="description" content="">
<meta name="keywords" content="">
</head>
<frameset rows="100%,*" border="0">
<frame src="http://34.216.122.111/gaugan" frameborder="0" />
</frameset>
</html>
The link of the Nvidia clean source code page is: http://nvidia-research-mingyuliu.com/gaugan
I have no idea with language I have to use in order to clean the hole page by javascript or php.
This is not possible. The Nvidia site uses a frameset which loads another page and displays it. The code of this seperate page isn't hidden either. In Firefox it is even possible to inspect the elements of the frame.
Related
I am new to JS. I made a simple Snake game using vanilla JS in VS Code. There is minimal CSS in the code so I put that in the html.
When I open the index.html from VS Code with Live Server (http://127.0.0.1:5500/) it works fine.
But when I open it from the file explorer (file:///D:/Prog/Javascript/VanillaJS_projects/Snake/index.html) only the html gets loaded, no Snake and Food pieces appear. And the same happens if I try to open it with htmlpreview.github.io
This is the index.html:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Snake</title>
<script src="game.js" defer type="module"></script>
<style>
...
</style>
</head>
<body>
<div id="game-board"></div>
</body>
</html>
It doesn't matter what browser I use, I get the same result.
What is the difference? Why won't it load properly?
You browsers honor Content Security Policy.
If you open file:/// URLs, you may think of your browser as a poor man's file viewer.
I'm trying to get direct download links from embedded openload links (example: https://openload.co/embed/CoKeagPRpQg/). The result might look something like this: https://openload.co/stream/CoKeagPRpQg~1527355595~2a02:120b::~J-XBN0SR?mime=true. If you navigate to the embed link and run
document.querySelector("#mediaspace_wrapper > div:last-child > p:last-child")
from the developer console, the essential data for the stream link is returned. When I tried to implement this on an embedded video on my private site, I got an error for cross site scripting, which is understandable.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Proflix</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<iframe id="video" src="https://openload.co/embed/CoKeagPRpQg/" scrolling="no" frameborder="0" width="700" height="430" allowfullscreen="true"
webkitallowfullscreen="true" mozallowfullscreen="true">
</iframe>
</body>
</html>
However, I stumbled across this chrome extension, which with JavaScript alone can enter the iframe (Demo). This really puzzles me. I contacted the developer and he told me his extention was based on this script. But it didn't work from the developer console. My question is: How can JavaScript enter a foreign iframe in this example and how can I replicate it?
Related:
Get the unique download link on Openload
Get stream URL from openload
I want to show 3 urls inside my page with this code as you can see here:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>
<TITLE>A simple frameset document</TITLE>
</HEAD>
<FRAMESET cols="20%, 80%">
<FRAMESET rows="100, 200">
<FRAME src="http://www.asriran.ir">
<FRAME src="http://www.google.com">
</FRAMESET>
<FRAME src="http://www.yahoo.com">
</FRAMESET>
</HTML>
But when i run my page just one url is loaded why ?
The pages you are trying to load i.e. Yahoo and Google do not allow that by their X-frame-options.
So, it is virtually impossible now.
Note:
HTML5 has depreciated the use of frameset and frame tags. Browsers like Google Chrome (which are widely used) are switching completely to HTML5. So if possible, do not use framesets
Some web servers are preventing iframes for a security purpose. So, you can"t open it in the frame
Finally i install google chrome and iframeallow extension .after that every thing works fine.
I've added a WebView into my project. If I navigate to the html file that contains external javascript files they don't work. Bit if I write the javascript code hardcoded into the html file it works properly.
Here is the html portion:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title></title>
<script type="text/javascript" src="testjs.js"></script>
</head>
<body>
<div id="abcd"></div>
<br/>
hello! this is a simple html block.
</body>
</html>
Here is the javascript portion:
document.getElementById("abcd").innerHTML = "New text!";
When I open the webview it shows
hello! this is a simple html block.,
but if the javascript code worked it would show
New Test!
hello! this is a simple html block.
Here is the folder structure:
src="testjs.js" is correct. The issue is not related to the path.
[Update 1]
Your code should work as we usually do for web development. But seems we need to make sure the html element used in the script has been initialized, so we have to put the to the end of the body element. Please try the following html code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<div id="abcd">a</div>
<br />
hello! this is a simple html block.
<script type="text/javascript" src="testjs.js"></script>
</body>
</html>
[Update 2]
Also check if you have changed the build action for testjs.js to content. go to Solution Explorer -> right click on testjs.js -> Properties -> change Build Action to Content. That will make sure the .js file will be deployed as part of you app.
WebView msdn page suggests that for security reasons you can not link to local content except for:
However, you can still link to HTML content in the app package using the ms-appx-web scheme, and to web content using the http and https URI schemes.
So you should be able to link to your script file using ms-appx-web:///testjs.js url.
My boss wants our site to show an alert if a customer tries to exit the site with items in the cart.
How can I show an alert when the user tries to exit our site? Also I don't want to show the alert if they are just navigating to another page on our site, but only if they are navigating completely away from our site.
P.S. I am not using any frameworks.
There's no simple way to detect leaving a domain. You can detect leaving a page easily with the onBeforeUnload event, but leaving the entire domain isn't so simple. As suggested here, you could probably do this by implementing a single master page that loads all pages in an iframe...
Whilst you can use the onbeforeunload event to determine that the page is trying to leave the site, you can not get the new URL that the page is going to even if it is on your own site as this is a security violation.
The only workaround that I can think of is as suggested in another post by either using a Iframe or full frame, but that gives the difficulty of URL being static and therefore prevents bookmarking.
E.g.:
frame.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script language='JavaScript' type='text/javascript'>
window.onbeforeunload = function (evt) {
return "This is a demonstration that you are leaving me";
}
</script>
<frameset border='0' rows="*">
<frame src='test_page.htm' border=0 scrolling=no frameborder=0 noresize name=top>
</frameset>
</body>
</html>
E.g. Test Page
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
</head>
<body>
Hello World
<p>
<a href='javascript:top.location.href="http://www.google.com"'> Outside link Google</a>
</p>
<p>
<a href='http://www.google.com'> Inside frame link to Google</a>
</p>
</body>
</html>
This allows you to navigate to a link either inside the frame or outside the frame (just as an example both to the same destination). But only if you go outside or close the browser will you be asked if you want to do this?