Differentiating Adblock Disabled from Whitelist - javascript

Simple question here: I know there are lots of ways to detect a user is using adblock on the web using Javascript but I was wondering if there's a way to specifically detect when a user has whitelisted a website (as opposed to simply disable adblocking). I assume this varies based on the blocker but for the sake of simplicity lets just say AdBlock Plus.
Currently I can easily detect adblocking by simply seeing if my ads object has successfully loaded from an external script. I then store this boolean in localStorage so upon subsequent user visits I can detect if there's been a change in the user's adblocking. If so I thank them for disabling/whitelisting and update the localStorage. However it might be required to handle these two actions separately.
Any and all help appreciated. Thank you.

Related

Can sites detect auto-refreshing tools?

I don't want to get into details of my situation, but it's like this:
I'm part of a website and so are other people. On this site, we are all waiting for something to appear on the site, but one must refresh the site to see if anything new appeared. The site rules explicitly mention that auto-refreshing tools are prohibited.
If I for example use a browser extension that would refresh the site every minute, could the site detect that? Do these extensions make the same request to the site as if I clicked the refresh button? I'm sure they could detect the refreshing intervals, but that can be avoided by a random timer. So what is the most undetectable way of autorefreshing a site?
Different extensions work differently.some use the javascript reload function, some will just grab the url and replace window.location with it effectively making another GET request
The only difference in the actual request will be whether or not cache control is set etc..so they might use that for detection.So definitely you need to take a look in the documentation to see how the request is being issued in that specific extension
As far as circumstantial evidence they can cookie you,use local data storage,use your ip address to determine you are the same user which in that case you would need to find a workaround for each one

Is it possible to auto fill the input of another site?

I have a code that is unique to my organization that was supplied by a third party, think coupon code. What i am wondering is, is it possible for me to auto fill the required input box so that the user doesn't have to?
The site is a third party site which i don't have control over and the user would get to this site by clicking on a link on our internal intranet site. I can see this being considered a vulnerability and so prevented, but i was just curious to see if there were any options.
Whether this is possible depends on the site in question. Many sites will extract parts of the query string and populate form fields from them. For example, a link to https://www.google.com/?q=foo will populate the Google search box with the value "foo".
Check whether the site in question does something similar. A good way to do this might be by submitting invalid values to their form and looking for the value you submitted in the query string (this works more often than you might think).
There's no possibility to interact between pages on different domains.
The simpliest way is to embed an iframe but browser will prevent a communication if target is on a different domain.
As it was said in the comments only reconfiguring browser (probably Webkit has an adequate overrides) or UserJS/Greasemonkey are the only solutions if you have no access to the target site.

localstorage or sessionstorage can't persist data on cross browser

I am working on a small application but I am stuck on a problem. I want stored form element values on a HTML page when filled in on one browser(Ex. Firefox) and auto fill data when same page is loaded in another browser(Ex. Chrome). If anybody has any ideas please help me.
Unless clients can login and you're willing to share this data via your server, you can not change behavior of a different browser from your current, so in your example Firefox can not change a cookie, localstorage or whatever of Chrome. Browsers tend to only share information like cookies when they are first ran; such as with you the import wizard from Firefox.
I can think of two alternatives to achieve this:
An authentication system where the data is stored server-side.
Through custom browser extensions. You could create a custom browser extension that directly writes the data of the other browsers. This does require the user to install that extension though.
This link explain how to achieve that http://www.nczonline.net/blog/2010/09/07/learning-from-xauth-cross-domain-localstorage/
It's not simple, but it's the way that I know it can be done at the moment without the use of cookies.

Disable Cookies Inside A Frame/Iframe

Is there any way to programatically disable cookies being created by a page displayed inside of a frame/iframe? Or to generalise further, is it possible to programatically disable javascript running on such a page?
Thanks,
DLiKS
with iframe sandbox attribute (html5) it will be possible (implemented in chrome)
http://dev.w3.org/html5/spec/Overview.html#attr-iframe-sandbox
NullUserException already answered what you can do today without browser support
The only way you could change that for an external website you have no control over is to retrieve the pages using a server-side script, filter the input and display it to the user (ie: act as a proxy).
You just can't modify sites out of your domain (or subdomain - it might depend on the browser) using J/S for security reasons.
If you mean that you want to change the settings of the browser by code in a web page, then no, this is not possible (and if it were possible, it's a huge security breach and all alarms would go off).
You may surpass this, however, by writing a plugin, but then each user must first download the plugin. You can also request higher priviledges, but it'll depend on the browser whether you can change any user settings.
If you mean that you want to write a script on every pc in your company to disable JS + cookies for certain pages, you can write plugins and install them everywhere, or use a proxy (as has been suggested by others) and filter the pages. If it is just for debugging a self-made page, use the Developer Toolbar for the various browsers, that can turn JS/Cookies on and off.
Why would you want to do such a thing? If you want to disable cookies, you disable it on your own page by simply not using cookies. The same goes for javascript: don't add it to your page and you've disabled it on your page.
Note: if any page would change anything of the user settings of the browser, your page will probably be blacklisted by Google, most virus scanners and fishing prevention tools.

How can I tell if my page is set as the user's homepage?

Is there any way I can detect when my page has been set as the user's homepage in their browser?
I'm most interested in something in javascript, but I'd be happy to hear about other approaches as well.
Edit: I'm not looking for anything sneaky. I'm wondering if there is anything that is explicitly allowed through the browsers to find out this information.
There isn't likely to be a foolproof method, as that's an intrusion into the privacy of the user.
One thing that comes to mind is checking for a referrer. If the user arrived at your page without following a link, they a) typed the url, b) followed a bookmark, or c) have your page set as their homepage. But that's about the best I can do.
Nope. You can tell if they got to your page by following a link or not. Check the referrer. However, the browser going to your page as the home page will not appear any different than the user typing in your page or using a bookmark.
Mozilla/Firefox has a window.home() method which loads the user's home page. This method could be used (in an iframe, maybe) combined with server access logging, to see if the site's home page is instantly requested loaded by the current user.
However, other browsers don't seem to support this javascript method.
Simple solution, you shouldn't be checking if you or anyone else's site is set as the user's homepage. If they want it as their homepage, they'll make it so.
However, if you've got some Javascript that will check their email and see if they've sent links to your site to their friends or colleagues, I'd be very interested in that functionality ;-)

Categories

Resources