Right Click Avoids Sandboxing - javascript

I am using an application who's features and code I do not control to create a number of reports. One of the things this is able to do is load and display a webpage. The webpage I am loading into this application has a number of links, and when I click on them from the application the links are blocked from opening because: "the request was made in a sandboxed frame whose 'allow-popups' permission is not set."
This makes sense from a security perspective to me, but I have noticed that if I right-click the link and click "Open in a new Tab" from the context menu that the link will be opened.
My initial attempt was to try to convert all left clicks on links to right clicks, but triggering right mouse up/down events followed by the context menu event did not show the default context menu. My second attempt was to use a custom context menu like here, but doing so required the window.open event being fired by my own js which was also sandboxed.
My question is what special sauce is the default right click behavior using and is there a clever way for me to emulate it or to trigger it via a left click?

Related

Javascript click on coordinates inside iframe

I have searched some things about click on coordinates with javascript and
i have found that this line of code helps you click on x,y coordinates
document.elementFromPoint(x, y).click();
So when i put the width and height of an html element or a button it clicks it good and it redirects me to the page that i want.
But when i have an iframe html object (like a google ad) it doesnt work.
I cant understand why though because i think "click()" is like simulating a normal mouse click... or am I wrong with this?
I have read that iframe has a protection that you cant go inside the html elements but all i'm trying to figure out is how to simulate a normal click on the iframe.
Thanks a lot for your time.
This is obviously prohibited due to security issues.
If it was possible to programmatically trigger a click event within an iframe, you could trigger certain actions on behalf of the user visiting your page. You could for example open your own twitter account in an iframe -- the visitor of your page logged in -- and let the user follow you with a click on the follow button. You can certainly think of more critical examples...
Basically, you could take over all accounts the user is logged in with a cookie. You can open any web page in an iframe and act on behalf of the logged in user by simulating click or keyboard events.

Extension bar always visible

I'm developing a multi-browser extension using the Crossrider framework.
Is there a solution to show an html horizontal menu on the top of each page ?
The menu will embed a JS script which uses some external libraries.
Indeed, I can prepend my html content to the "body" tag but each time the user clicks on a link on the webpage, the whole page is reloaded which makes the horizontal bar disapear and then reappear on the next page when the loading is completed.
I thought of putting the website content into an iframe but some websites (ex: amazon) send a header with the "X-Frame-Options" set to "DENY" or "SAMEORIGIN". This is something which Crossrider cannot modify (at least I didn't find how to do that).
Is there an other way to show a PERMANENT menu on top of each page ?
EDIT :
My toolbar won't contain any link but it will record the mouse position. My problem is that each time the user will click on a website link (ex : to see a product on the amazon website), the toolbar will be reloaded and so the mouse position won't be recorded until the next page has finished its loading.
Page reload is normal behavior when clicking on a link on Amazon sites and hence the toolbar redrawing when the page loads is normal and correct.
Based on the information provided and assuming I have understood what you are trying to acheive, it appears that you are going about this the wrong way. I would first think about why do you need a toolbar at all? For example, if you are only recording the mouse position when a link in the page is clicked, I think it makes more sense to register to mouse click events of the links you are interested in.
I suggest you rethink your approach and take in to consideration the issues you have to handle, such as the page reload and handling the click event before the page reloads.
[Disclosure: I am a Crossrider employee]

How to count outgoing links with Google Analytics in accurate and user friendly way?

Most resources suggest using onclick handler with trackEvent() for tracking outgoing links. BUT this way does not work with all navigation methods! It won’t work if you click with middle button (except Chrome) or control-click (except Chrome and FF) to open new tab, if you right-click and select new tab or window from context menu or if you drag link to another tab. Is such cases onclick is simply not called. You can check it with very simple link:
GO
Putting JavaScript in href attribute breaks the link in all cases when new tab or window is opened.
Putting onclick in span that looks like a link, will not allow users to decide if they want to open in new tab or not.
Finally, going through a redirect page, which tracks outgoing event, causes problems with back navigation – when users try to go back, they get back to the redirect page and then JS again redirects to the destination page. They need to click back twice … quickly.
Is there a better way, which would be both accurate and user friendly?
Context menu can't be detected by using JS. So if you want to catch that you need to use the redirect method. To fix the back button problem, redirect using location.replace to remove the tracking page from the back-button history.
I don't know any details about Google Analytics. In general, to track users' external navigation:
<a ping> is made for this purpose. If ping is not available, fall back to changing the links to go through a redirect page. Use a 302 redirect to prevent it from showing up in history; if you can't, try javascript:window.location.replace().

link running a javascript that open another page. how to make it do it in new tab if user uses middle click or right click menu

I have this link in my left navigation:
dashboard
That javascript opens a link based on the passed parameters.
All works fine, but I would like to be able to use the browser capabilities of opening the links in a tab (when user is using middle click or selects 'Open link in new tag' from right click menu). Though, this is not working for links handled with javascript code.
There are many reasons why this is not the default behaviour of the browser (e.g. javascript function might only do some validation and stay in the page ... browser can't know what the js might do or if a new window/dialog will result from that action so would make no sense to open new tag as a result of a middle click ...). But hopefully there is a workaround for the default behaviour.
Any idea how this could be done?
Cheers,
Stef.
Javascript links execute in context of the page where they are called. If you "open" the link in a new tab/window, the javascript code will be executed in the new window, i.e., empty, and will most probably fail.
A browser could try to add the feature you are asking for by cloning the page which contains the link, and executing the javascript code in the context of the cloned page. But this would most likely break some critical sites (imagine for example that your online banking site works with javascript, so when you open a link in a new tab/window, cloning the original window might lead to a duplicate transaction).

Capture link clickthrough events from JavaScript

In order to track the overall user clickstream, I'd like to fire a JavaScript event, if the user right-clicks, and select "Open in new Tab" (or middle-clicks in most browsers) on a link. Most of these links are linking outside of my site, and I'd like to interfere with overall browser experience (such as: status bar, etc) as little as possible. What options are there to solve this?
If you're looking at ways to see outbound link hits, you could try the following:
Use a script, example link.php?src=http://www.example.com that increments a counter per IP & User Agent combo when clicked. This however doesn't look very good in the status bar. It could also be saved by web crawlers.
Use unobtrusive JavaScript to attach event handlers on links that are external. You could determine if they are external if the hostname is present and doesn't match the one you are on. You could then use this event handler to save the href, prevent default of click event, to increment a number much like the first script and then send the window.location to the actual href. This of course fails without JavaScript enabled/supported.
There are many ways that a user can create a new tab in a browser:
Middle click
Context menu
Mouse gesture
"New tab" button on the toolbar
"File" > "New tab"
Unfortunately there is no way to handle all these and potentially more user actions that could create a new tab.
You could do a simple server redirect and log the hits that it gets
Or does it have to be js?
Middle click capturing does work.
You
have to check the browsers version (ie6 doesn't open anything on middle click),
have to use mousedown and mouseup to check if these two events happen on the same element,
have to check which button was pressed. (jQuery "which" function, for example)
If mousedown and mouseup happen on the same element, a new window opens, so you'll know that your link was clicked.

Categories

Resources