I need to simulate the user's work - click buttons, enter data in the field and so on. Is this can be done only through using executeScript or I can receive DOM of and manipulate with it? Or maybe I can work with the tab in the browser separately or exist some other way to do what I need?
I do not believe that you can do this with a Chrome App, but you can do this using a Chrome Extension. Extensions can have full access to a tab's DOM and you can manipulate the DOM as needed. (e.g. fill in form fields, click buttons, etc...).
From: https://developer.chrome.com/extensions/overview
Extensions can interact with web pages or servers using content scripts or cross-origin XMLHttpRequests.
This is how extensions like LastPass are able to fill in the username and password field on any web page you visit.
Related
I've been working on a requirement that involves a website fetching/manipulating data stored on a different domain. There didn't seem a way except for enabling CORS on the other server to allow me to get and modify data from a different domain. However, that caused some issues with Office 365 apps and I had to take a different approach.
The approach is to use postMessage to talk to a hidden iframe (not a good approach, but I was insisted to use it) on the page that is running on the target domain. The source page posts message along with information about the REST call to the hidden iframe which makes a requests on behalf of the parent page and uses postMessage to return back the results.
Everything works fine except for when the website is being used on an iPhone. Turned out placing alert calls in the script running inside the target iframe makes it to work but removing the alert calls sort of disables the target iframe from making those cross-origin network calls.
My theory is that it is due to the security of mobile Safari that in order to make cross-origin calls from an iframe running on a different domain, the user needs to provide their consent by interacting at least once with the embedded iframe. Does that sound correct?
The comment by diodeus-james-macfarlane is the closest that we could go but the iframe being hidden, there was no way we could have placed a control for the user to interact with, even if that was only for it to work.
To my surprise, turning off a setting on the SharePoint site made it work. The setting was around mobile view compatibility and without that, the iframe is able to make HTTP requests, send and receive messages to and from the parent webpage.
Is it possible to create a link that the user clicks (say in an email) which opens a Chrome extension that's already installed?
Or, put it in another way, is it possible to develop a Chrome extension that handles how a link is shown (e.g. inside Gmail.com or other sites), that whenever the user clicks it, the extension shows up instead of the user being directed to a site?
I've come across articles talking about custom protocols:
Custom protocol handler in chrome
But what if the extension is not installed, how do you fall back to HTTP?
http://mywebsite.com/somevalue
This could easily be done with a webNavigation.onBeforeNavigate listener which listens for a specific URL. When the URL is encountered, it can cause a specific page within the extension to be opened instead.
Quickly prototyping this, the code could look something like (untested, may have errors):
chrome.webNavigation.onBeforeNavigate.addListener(function(details){
chrome.tabs.update(details.tabId,{url:chrome.runtime.getURL('/thePageIWant.html'});
},{url:[
{urlEquals:'http:/www.domain-for-my-extension.com/invokeMyExtension.html'}
]});
References:
chrome.webNavigation.onBeforeNavigate
chrome.tabs.update()
runtime.getURL()
I want to save full web page as a image or a pdf.
I tried to use html2canvas but it doesn't support iframe element.
I tried to use phantomjs but it doesn't work in Windows Server 2003 Operation System.
I usually use 360 browsers' plugin and Google Chrome's Full Page Screen Capture.
How can I call the Chrome plugins using JavaScript?
You can use Full Page Screen Capture extension.
Regarding calling this extension by javascript:
As far as I know the externally_connectable is the only official way to call an extension or send messages (maybe with data) from a web page (using javascript) as mentioned here.
If extension not support being externally_connectable, this requires editing the extension and add predefined values for every single domain you wish to integrate with.
If this is the case we can play with a workaround to integrate with any website (and not to define any domains)
If you just want to notify the other side (extension) about some thing, you can use the native JS Event dispatching it on the document from one side(web page) and listening to it at document also from the other side(extension) as the document is shared between the extension content script pages and the web page.
You can't use JS CustomEvent to send data as every time you send data, you receive it empty as a result of sandbox effect of any extension.
If you want to share data (may be the limit of scrolling when taking the screenshot) so the only workaround I know so far is to have a combination between some sort of a storage and the JS native Event mechanism.
The solution in steps (suppose you need the web page to call and send some data to the extension):
Make an event on document from the web page.
Save the data temporarily inside any storage technology you prefer
(localStorage, the DOM itself, or what ever..)
Edit the extension and add event listener to receive the event at the other side (extension) by listening on the document.
Read data and remove it.
I was wondering if there was a way to prevent a user from saving/downloading a web page? Specifically, I mean not letting them have access to the data displayed through my web application on their own machine?
I've heard that this is not possible since the browser must have access to the source code/data, but at the same time, I've noticed that if I to my gmail account, open an email, save the page, but when I try to open that page on my computer, it doesn't work. Furthermore, if I click "view source", I can see that even the source does not display the entire email message, even though the email is opened in my browser.
How it's possible for gmail to prevent me from seeing that email data?
Thats what called rendering pages using dynamic data without refreshing page (AJAX). The entire page source code is not downloaded in one go and components within the page request data asynchronously to display content. Try googling it and you will find more information.
In View source you can only see the HTML, CSS, JavaScript codes. No one can copy any dynamic code (PHP) from view source.
You can't stop anyone to see your html,css code in browser, as we are having view source option.
Maximum what you can do is disable right click on your page. Thant can be done through JavaScript.
Is there any way to programatically disable cookies being created by a page displayed inside of a frame/iframe? Or to generalise further, is it possible to programatically disable javascript running on such a page?
Thanks,
DLiKS
with iframe sandbox attribute (html5) it will be possible (implemented in chrome)
http://dev.w3.org/html5/spec/Overview.html#attr-iframe-sandbox
NullUserException already answered what you can do today without browser support
The only way you could change that for an external website you have no control over is to retrieve the pages using a server-side script, filter the input and display it to the user (ie: act as a proxy).
You just can't modify sites out of your domain (or subdomain - it might depend on the browser) using J/S for security reasons.
If you mean that you want to change the settings of the browser by code in a web page, then no, this is not possible (and if it were possible, it's a huge security breach and all alarms would go off).
You may surpass this, however, by writing a plugin, but then each user must first download the plugin. You can also request higher priviledges, but it'll depend on the browser whether you can change any user settings.
If you mean that you want to write a script on every pc in your company to disable JS + cookies for certain pages, you can write plugins and install them everywhere, or use a proxy (as has been suggested by others) and filter the pages. If it is just for debugging a self-made page, use the Developer Toolbar for the various browsers, that can turn JS/Cookies on and off.
Why would you want to do such a thing? If you want to disable cookies, you disable it on your own page by simply not using cookies. The same goes for javascript: don't add it to your page and you've disabled it on your page.
Note: if any page would change anything of the user settings of the browser, your page will probably be blacklisted by Google, most virus scanners and fishing prevention tools.