is there a way to press a button on external site with javascript and/or jquery? Like I open a new window like this:
windowObjectReference = window.open("http://some_site.html","name");
Then I want to press a button on this site. Something like this:
windowObjectReference.button.click();
Or:
name.button.click();
It would be a huge security violation if a browser would let you do that from the script placed on your own website.
So, no, this cannot be done, and should not be possible.
But...
If both sites belong to you (you have access to their code), you can pass a parameter (eg. as a hash within URL), then the target website may read it and fire the event you mentioned (name.button.click()).
You can't do this with JavaScript from a webpage.
You can do it from browser extension though.
NO !
For security reasons. This kind of attack is called clickjacking! and it was used on Twitter.
is there a way to press a button on external site with javascript
and/or jquery?
I know that I'm late at party but YES, Unfortunately it is and is a quite simple way.
make a div on your page (ex. #externalDiv);
set CSS attribute to hidden and display to none;
use (simple way) jQuery method .load() or make your own JS method using XMLHttpRequest();
load external page on your page;
click on button you wish
$('#externalDiv').load('http://www.externalPage.com', function(){$('#externalPageButtonId').click();});
Can not doge by something if you don't know how it's work :)
You are not allowed to do so because of SOP. Any trick to force user to perform click on your behalf will be considered as clickjacking attack and could lead to bad consequences.
Related
I'd like to do the following in my application via javascript.
1) Press a button from a web page that opens a popup.
2) Select some options in the popup and accept them.
3) Change the content of what is in the first web page according to what has been selected in the popup and change it. A GET Request is acceptable, and if possible popup with the selected options should again be on top, either by putting it on top or by opening a new one with the same options chosen.
I think javascript must have some way of saving the name of the browser tabs your are opening and later, if you want, open a new URL, or put one over other but I cannot find them. The window.open options doesn't look like they can do this.
Any idea on how to achieve this thing? Thanks for your time.
You can try the window.opener method in the popup to access the main page. High level details here: http://www.w3schools.com/jsref/prop_win_opener.asp, but if you Google it there's examples.
We did this for a project and it works, with a few caveats:
Cross domain basically doesn't work, if you have multiple domains you have to get more creative.
Be careful cross browser as well, we had to add some custom javascript to handle
Basically, what you need to do on your main page is define a global javascript method that does what you want it to (it can take parameters). Then, on your popup, you can call it with window.opener.MethodNameHere();
Theoretically, if you do need to handle cross browser, you can try using postmessage, which I believe is only supported in html5 natively (there are plugins for html4), but it would probably be tricky getting it right in this circumstance and I'm not sure how to do it off the top of my head.
I know there have been several similar questions, but I haven't seen an answer to my specific need: Is there a way to click a button in a separately launched web page? For example, I launch another web page via:
<a href="x" target="y"> or
window.open()
Can I then click an input button in that launched web page programmatically?
Unless the page is underneath your own control or resides on the same domain then no, it is not possible. This would be cross-site scripting and all browsers have security sandboxes in place to keep something like this from happening. Why are you trying to programmatically press a button on a page that you're also programmatically opening?
Yes. When you do window.open it will return you a window object. Var win = window.open(); win.fnSubmit(); assuming fnSubmit is the function on the other page that will do the.clicking. and both pqges on the same domain.
This is a technique used by some hacking injection attacks. Basically you can inject javascript into the querystring that can attach itself to the DOM, change an image or swf file source or simply run when the page is loaded; example here and example here.
Or if you already know the structure of the other page you can directly target methods or objects.
But as these are not nice things I assume that you have good reasons why you can't touch the code on the receiving page but want to adjust its behaviour?
You can click on any element you can select.
You can only select elements in windows that you have security privelages to.
You have rights to your own window, and rights to windows within the same domain & security.
To access the element you'll need the window object, which is returned from window.open
var newWin = window.open(siteYouHaveAccessTo);
newWin.document.getElementById('foo').click();
If you're trying to click on the Search button on www.google.com, you're SOL.
Survey says... maybe. If you've done your homework, you will probably be able to get communication to happen within the same subdomain. It gets progressively more difficult from there -- I've never had consistent cross-browser sub-domain support for manipulating JavaScript between two windows (or iframes).
That said, if they are the same domain, it is a matter of descending into it. If I have:
Window A opens Window B
Window B declares var winBVar
Window A is able to access winBVar after, and only after, that variable is declared (as in, you still need to wait for document.onload, etc)
I'm trying to display an map inside an iframe that has a needle which on mouseover shows some information about a certain company, the thing is once you click the link the page opens up inside the iframe which ruins the experience, so i was wondering is it possible to make the links inside an iframe open up in a new window instead perhaps using jquery or something similiar?
the code i have atm is
http://www.jsfiddle.net/rkd59/1/
Edit: the very least capture a click within the iframe so i might resize the iframe
You will need some kind of open API to do this properly, and Eniro doesn't provide one according to this page (in Swedish).
I would recommend you to use the Google Maps API v3 instead. I've made an example on jsFiddle that looks similar to that of Eniro.
I'll gladly give you more help with this, so just ask away!
You can't (or it is extremely hard to ) make events inside the iframe affect the parent page. This is to prevent attacks from XSS, or cross site scripting. Having said that, if the site within the iframe is on your own domain and you want to set up some extremely tricky ajaxing and php session IDs, maybe you could make something work, but even then I'm not sure. And I don't know if this would be a security hole, maybe someone else can speak to that. It would perhaps look like:
main page sets up session ID and passes that to the iframe url via a get variable
the iframe takes click information and sends it to a Session variable via an ajaxing call to a script on the server.
The main page then reads (how?) the session cookie and makes changes based on it's value.
All in all, you may find that it may be much simpler and more secure to acheive what you want using a different method.
Due this map is loaded inside an iFrame, it's not possible to run any javascript event listeners on the links, neither is it possible to change the html.
Please try the following:
<script>
x=document.querySelectorAll("a");
for(i=0;i<x.length;i++)
{
x[i].setAttribute("target","_blank");
}
</script>
Thus all links open in new frame.
To make a link popup in a new window you would usually use target="_blank" as such:
Go to Yahoo
However this will only work if you can modify the code you're showing within the iFrame
There is a partial solution.
You can add an absolutely positioned DIV tag over the top of the IFRAME and capture clicks on this instead. See example here shaded in 20% alpha red.
http://www.jsfiddle.net/rkd59/6/
However, this means that the map works in "read-only mode" and while you can capture the click event you wont know what link the user has clicked on.
I have used popup at many places in my website (its in PHP with Mysql DB and lots of javascript). These are mostly been blocked my browsers, which restricts user to move ahead. what should do in my code so that my popups becomes Popyp blocker independent..
Use Jquery Dialogs http://jqueryui.com/demos/dialog/ they are purely javascript and so popup blockers will not block this
Make sure your popups's URL is on the same domain as the main site. Using a link with 'target="_blank"' will never get blocked unless it was manually blocked as the user did the action himself. Switch to alerts and prompts instead of popups.
Not a direct answer but may be Floating div is a good replacement. Build a js dialog box.
I want to have a popup div with iframe content.
Can search engines read this when I'm using jquery to create it?
Alternatively, is there a way to detect a search engine on the server side and remove the option of this popup?
The best way would be to degrade gracefully, e.g. by using a standard
<a id='mylink' href='xyz.html'>
link that points to the resource that is opened in the popup.
You would then add the JQuery code to the link, causing it to open in the pop-up.
That way, even users that do not have JavaScript turned on can access your popup.
Most Lightbox clones like Thickbox work that way.
Generally speaking, search engines do not execute JavaScript, so there's no way for them to index anything contained in a popup div.
You can, however, inspect User-Agent header to see if the page is requested by web spider, but this is something that's not considered best practice.
Search engines do not play well with javascript but you can see how google bot would fetch your page using Google's webmaster tools.
Rendering a different page to bots is not considered a best practice too. The best you can do is graceful degradation.
Just to say it at once: DON'T use the iframe, as it is bad-ass technology and search engines won't index the iframe'd page.
First question:
No, it cannot, if the data are loaded simultaneously with the popup "popping up" (as search engines, as said already, generally doesn't execute javascript). If the data are already loaded, and the popup div are somehow hidden at page load, the search engine will index the content.
Second question:
Don't do that. That's called cloaking, and will be punished by search engines if detected - they don't like content customized just for them, and then you're back at scratch.