Is there any way to open a file or a folder located on the network? I understand reasons Browsers dont allow that. And I know that I need to add extensions to Chrome and FireFox to get a network folder shown. When I meet these requirements and I have an href that looks like:
file://network volume/directory
then by clicking on it I get a folder open. Now I need to open it by clicking on a button. Is that even possible?
Thanks
Assuming you jumped all the hoops and completely unsecured your browser (which I did not, which makes this answer a guess rather then a solid answer), I suppose that javascript actions on window.location might work. e.g.
window.location.href = 'file://foo/bar/';
or the window.open API http://www.w3schools.com/jsref/met_win_open.asp
A side note, do check the HTML5's file APIs. They explicitely require that user picks the files explicitely and do not seem to allow what you require, but they are the endorsed file approach and if, by any chance, your requirements can be met by using them you'll save yourself from a world of pain and going against the flow... See http://www.html5rocks.com/en/tutorials/file/dndfiles/ for a good starter.
If I understand you correctly. You want to access a file on the local server.The following would work for you.
window.open("http://www.example.com");//opens a url
window.open("file://server/serverfolder/index.asp");// server side
Related
In a web application I am working on I would like to be able to download files, modify them localy and reupload them to the server.
To make it as easy as possible for the users, I would like them to choose the download location and use a single button to upload the changes afterwards.
My current apporach is the following:
Use window.showSaveFilePicker to choose location and get a FileSystemFileHandle
Download the content and write it to the FileSystemFileHandle
Show a button which allows to upload the changes using FileSystemFileHandle#getFile to get the modified content.
This approach works pretty well but the user has to manually search and open the file after the download and I would like to support them in this step and make it as simple as possible.
Ideally the file should automatically be opened with the default application after the download but I couldn't find a way to do that.
One idea was to open the file in a new tab using the file://-URL, allowing the browser to decide what to do but the FileSystemFileHandle does not seem to expose the absoulte path.
Is there any way to open the downloaded file with the default application? If not, what other possibilities are there to make the mentioned use case as simple as possible?
Thanks in advance
EDIT:
I found that you can open certain applications using special urls like ms-excel:ofe|u|file://path/to/file.xls.
This would be enough for most use cases but for this to work I would need to get the file url from a FileSystemFileHandle.
For security reasons, there is no way for a Web app to open local apps. In the future, though, once file change events are implemented, you can await changes to the file, and then re-open it. This should solve your use case.
I have created a webpage but my friends or collegues always copy the source code and copy all the data easily, so is there any way to hide page source option from browser ?
As a rule, if you are putting information on another user's computer (whether because you made a document or they viewed your webpage), you really can't control what they do with it.
This is an issue that larger companies deal with often. Have you heard of DRM? It's a mechanism that companies like to try to use to control how people can connect to their services, use their content and in general, try to exert control over their data while it's on your system.
Now, a web page is a relatively simple container for holding information. You expressed an urge to prevent your friends from copying the source code. You could try to encrypt it, but if it's using local data to decrypt itself, there still isn't going to be anything that stops them from just copying what's in the View Source window and running it again (even if they can't really read it).
I'd suggest that you don't worry about it. If what you have on your page is so important that others shouldn't be able to see it, don't put it on a webpage.
Finally, Google doesn't much care that you're able to view the source to their home page. Why not? Because the value of the search engine isn't in what the home page looks like, but in the data on the back-end that you don't have direct access to. The value is in the algorithms that execute on the server when you hit that Google Search button that queries that data and returns the information you're looking for. There's very little relative value in the generated HTML that you see in the page. Take a leaf from their book and don't stress that they copy your HTML.
No , there isnt any way to do it, however you can disable right clicking in browser via javascript, but still they can use shortkeys to open developer view (in chrome F12) and see the source. You cannot hide html or javascript from client, but maybe you can make it harder to read.
No. Your HTML output is in the user's realm. Even if there was a way to disable view source in one client, a user could use a different one
Always assume that your site's HTML is fully available to end users.
Yes and no. You can definitely make HTML and JS harder to intrepret by obfuscating your code - that is, taking your code and making it look confusing. Here is a tool that can do that: http://www.colddata.com/developers/online_tools/obfuscator.shtml
However, these things all use code, and code can be decrypted through any number of methods. If you post a song to the internet, even if they cannot find the mp3, they can simply record their speakers. If you upload an image and prevent users from downloading it, they can take a screenshot or use their camera. In order for HTML and Javascript to work, it has to be intrepreted by their computer, and even if you do find a way to disable "View Source" there are others ways, like a DOM inspector (F12 in IE/Chrome, Ctrl+Shift+K in Firefox).
As a workaround, use copyright, warn your users they will be punished if they copy your code, and put watermarks, labels and logos over any mp3s or images you don't want stolen. In the end, disabling right clicking (which is also possible, see How do I disable right click on my web page? ) or disabling selection (also possible) does nothing, because there is more than one way to get your code, like searching through temporary internet files.
However, you ask "what if I want a site where my users can log in and I need security? How can I make it so nobody can see my code then? Doesn't it have to be secure and not out in the open?"
And the answer is, yes, it needs to be secure. That's what server-side languages, like PHP, are for. PHP does all the work on the server itself so the user cannot see it. PHP is like a pre-rendered language - rather than doing it in real-time, PHP does all the work beforehand so the user's computer doesn't have to, making the code safe. The code is never put onto the user's computer, because the user's computer doesn't need it. The work is done by the website itself before the page is sent. SSL is often paired with PHP to make absolutely sure that websites have not been hacked.
But HTML and Javascript have to be done in real time on the user's computer, so you cannot disable View Source because it is useless. There are many, many ways that users could get around it, even if View Source is disabled, and even if right clicking is disabled.
If your code doesn't need to be secure, however, I'd recommend you consider keeping it open source. :)
Is it possible to detect via JS what extensions / add ons a user has installed on his browser? The use case was the a particular chrome extension, Autofill was setting some text values into hidden zip fields causing some validations to fail and I want to show a message to the user that this extension might create problems.
For Firefox: First snippet of code on: AddonManager.jsm - MDN
Components.utils.import("resource://gre/modules/AddonManager.jsm");
AddonManager.getAllAddons(function(aAddons) {
// Here aAddons is an array of Addon objects
});
// This code will execute before the code inside the callback
Must run this code in privelaged javascript, as in not a tab. You can try for specialPowers though I don't know how that works.
To run privelaged script from your site you will have to create a firefox addon and addEventListener's to your site, like a button to list the addons, you would attach a privelaged function to that.
With the addon you enable/disable addons, but users find that annoying because addons do some obtrsuvie stuff on install sometimes.
For Chrome extensions specifically, only certain extensions are detectable so this is not a very good method, but as far as I know, there are no longer any reliable methods to detect browser extensions.
For the extension that you want to detect, you would need its Extension Id and its Web accessible resource.
Some extensions have web accessible resources and some do not. If there is no web accessible resource, you will not be able to detect that extension.
To find the web accessible resource, you will need to look at the extensions chrome.manifestfile. It will tell you if there is web accessible content. For example, the chrome.manifest file might say:
content web-developer content/web-developer/ contentaccessible=yes
Generally, its not very effective to look for browser extensions since you have to know which extensions you want to detect ahead of time and many times they are undetectable.
Also, here's a good link that I used when I was trying to do the same thing here
NavigatorPlugins.mimeTypes
Take a peek at the MDN page
https://developer.mozilla.org/en-US/docs/Web/API/NavigatorPlugins.mimeTypes?redirectlocale=en-US&redirectslug=Web%2FAPI%2FNavigator.mimeTypes
Hope it helps
In JavaScript check to see if the zip field has been changed while it is hidden and show a warning to the user that an extension might be causing issues.
For Firefox you can do it with Mochitest/SpecialPowersAPI
https://developer.mozilla.org/en-US/docs/SpecialPowers
I'm debugging a CSS/JS problem on a live website, and in this situation it is unfeasible to clone the entire production system onto a local machine to fiddle with 2 lines of code.
I would LOVE it if there were a simple way to trick a browser (FF, Chrome, anything - I'm not fussy) into loading the live site but redirecting certain internal URLs to a local webserver. Any ideas?
eg. I want to load the entire live website, except one specific Javascript file. The attempt to access http://...production.../js/map.js should be rerouted to http://localhost/debug/js/map.js, which I can edit locally until the problem is fixed.
Edit re-read your issue, if you aren't happy to find/edit the SQL database for the file in question, you could always just add an adblock rule against it, and manually run your own script from console/greasemonkey it in.
Answer to question in the title:
HTML5 has a feature called an "application cache" just for this. It involves adding a manifest attribute to your <html> tag.
<html manifest="what_to_cache.appcache">
Then in what_to_cache.appcache,
CACHE MANIFEST
http://...production.../js/map.js
Future requests of items listed in the manifest will thereafter be loaded from the cache, if available, even if the user is offline. The file is stored in an SQL database for that website, so you can thereafter edit the database.
You can do this with fiddler.
Use the AutoResponder to intercept URLs and return content from local file or different server.
http://fiddler2.com/
I have found a Chrome extension which, despite its bugs, achieves precisely this behaviour. DevTools Redirect: https://chrome.google.com/webstore/detail/devtools-redirect/jmhdebkkippcccflcoddckhjjfgnfhnp
This allows developers to specify JS or CSS files to redirect, and a new URL to grab them from (eg. http://localhost/.../debug.js).
For future readers I would like to answer this question. Have a look at
Requestly - A Chrome Extension to modify Network Requests.
You can setup a Redirect Rule Request following these steps:
Select Redirect Request Rule Type
Create a new Redirect Rule
Disclaimer: I have created this So you can blame me if you do not find this helpful :)
In my application I want to open some files with the correct default programmes, like .doc file should be open with WORD and .psd files should be opened with Photoshop if it is installed, and this should be done under html or java script.
Please tell me how to do it.
JavaScript cannot run programs, but if you have a file on your server you can simply link to it:
<a href='image.psd'>Download File</a>
Users will be promped to download the file or open it using the default program (for most files). Again - as others have said - this is determined by the browser. IE can open doc files on the browsers, and PDF documents can be opened that way too.
There is no way for you to choose which application will be used to open your files with javascript...It just doesn't have that power.
I don't think this is possible in JavaScript without using any activeX or something like that. Js has no access to locally installed applications.
Browsers typically don't have access to the computer's filesystem for security reasons. If you know the exact path to a file you can point the browser at it using a file: URI, e.g.
file:///C:/path/to/file.ext
You may also be able to do this with a plugin, eg ActiveX, however I am unsure as to what security measures that would have.
Invoke the system command 'open'. Works on Windows and Unix based clients.
Depending on where your script runs, you might not be able to invoke system commands though, for instance in a browser sandbox.
If you provide a link to a file on the local file system (eg: <a href="file:///C:/mydoc.doc">) then the browser will open it - however this is not a great way to do it since the browser will first show a dialog ("Do you wish to Save or Open") and then it will "download" it into temporary files as it would if the file were remote. In this case, if you edit and save the file, it'll be the version now in your temp folder. This might not be a problem if your files are read-only, but generally it's not a great user experience.
The only other method is to use ActiveX, which is actually rather easy (though I don't have the exact code on me now - write a comment if you're interested in a snippet and I'll update). Of course this comes with the giant flashing caveats of:
It only works in Internet Explorer.
You need the user to fiddle with their security settings for the ActiveX scripts to run.