I've developed interactive content for a client ( VR Objects ) using javascript and Flash (if needed) that they now want to distribute to prospective customers via a flash drive. That makes it local content causing security issues especially with IE. Actually there doesn't seem to be much problem with any browser except IE. True, IE displays the "allow blocked content" button but they fear that is too complicated or scary. And on IE11 in Win 8.1 it still may not work.
The development environment I use has a way around that for testing using an "embedded web server" although all that seems to do is produce a localhost address such as http://localhost:60331/wyj-01xn/output/surfacide_flash.html. Paste that in the URL bar of any browser on the same machine and you are good. Try it on another machine and no go. So I gather the port address and whatever the /wyj-01xn/ is about are machine specific. Another possible problem -- it may not work easily with IE11 on Win8.1, but I don't personally have that setup to test.
QUESTION: Is there a way I can produce this same functionality for my client, distributed along with the content on the flash drive, without the need to install some special software (local web server) on each client computer??? The current workaround is to tell customers they should us any browser except IE. Client isn't happy.
You could distribute your webpages along with a portable Nginx server, or wrapped inside a Node-webkit or AppJS package.
Related
I would like to access a special hardware (a penta scanner, for the wisest ;) ) from a web page.
The aim is to retrieve the information from the scanner and compute it on server side.
The problem here, is that I have to summon functions from a DLL that has to be on the client side. I have two leads for that:
Develop a COM DLL and use ActiveX
Try to get through a homemade extension for a web browser in order to communicate with the local DLLs.
I've tried the first option, and I got stuck and I've posted another thread about it. Anyway, even if it works, there are too many constraints about it (as to use IE or the fact that even Microsoft is not fond of this feature and banned it from edge).
The second method is something that I found on another forum but, I do not understand how I can interact with a browser extension (whatever the browser).
So what I am asking is:
Is it possible to use a web browser extension as a medium to a local DLL and if so, would you be so kind as to give a hint about how to do ar anything that might look like a start about how to do it (even just some key words to use on google, since mine didn't get anything)....
Thanks.
Based on my understanding, the motive to develop an Extensions is to enhance the feature and functionality for particular web browser.
You cannot control any hardware devices like printer or scanner with it.
So if your goal is to control the scanner from your web page with the help of any kind of extension than I think you cannot do this with Extension.
Are there any built-in methods in Electron / Node.js allowing to transfer a file over local network to another device?
I want to be able to send files locally from one computer to another (through an Electron app), but I also want it to be able to send files to smartphones.
How do I do it? Is it possible to just create a temp local server and download the file from another device by opening the URL (e.g. 192.168.0.x:x/file.txt)?
I tried using https://www.npmjs.com/package/quick-transfer which does exactly that, but for some reason opening the link on another device doesn't do anything.
As painful as it is for me to suggest... I'd recommend WebRTC for this, for these reasons:
It will make a local connection, when possible.
It will work over the internet as well, if required.
You can work around any firewall difficulties with TURN.
You will have compatibility with browsers.
You won't be opening up some server to a file that anyone on the network can get... transmission occurs over a secured connection. (This doesn't mean you can ignore other security aspects in your application however!)
Sample code: https://webrtc.github.io/samples/src/content/datachannel/filetransfer/
Commentary: It's amusing to me that in 2018, we still haven't solved the problem of sending a file from point A to point B. Network Neighborhood in Windows was the golden age, and now it's all screwed up with this newfangled cloud crap. :-) Obligatory: https://xkcd.com/949/
How to open an EXE file from a Client Machine through a Web Application using Chrome?
I am able to open the EXE through Internet Explorer since I am using ActiveX Objects to open the Exe file through client side scripting. But since chrome does not support ActiveX I am unable to open the EXE from chrome. Can somebody provide an alternate way to open the exe from chrome?
I know it works if IETab addon is added to the browser for supporting ActiveX. But the client policy will not accept adding add-ons.
I am trying for a solution as such in WebEx websites where a temporary application is run once and each time it is accessed it opens in the temporary app without each time installing it.
Thanks in Advance..
Short and simple answer, NO! it's not possible just by using plain HTML5/JavaScript API, and thank god it's not possible or else the consequences would be devastating! Imagine any random website executing a file on your computer! That would be the worst security nightmare!
But, there are workarounds!
1. You can, for example, use Flash (but you shouldn't) or Silverlight but as mentioned the OP doesn't want any plugin-based solution so I guess they are not as useful.
2. Another solution would be to deploy a Desktop agent, if possible, and then communicate with it using a local Rest API and handle all the native access in that Desktop agent.
Still, the most preferred way would be to just ask your user to scan (or whatever) the document and upload it to your site.
More references can be found here
I'm developing a local JavaScript webapp for demo purposes. The webapp consists of a single HTML page and a few JS files that are included into the app using <script> tags in <head>.
When I run this file (from the local filesystem on windows) on FF or Chromium, everything is as it should be - the app works fine.
When I run it in IE9, there is a "Internet Explorer restricted this page from running scripts or ActiveX controls" and the app fails to load properly. Clicking on "Allow content" does not help that much because the app already is a train wreck.
How when I host a local webserver with
python -m http.server 8888
and point IE to it - everything works fine.
Because this is a corporate setting I am not interested in changing the security settings.
I've dealt with the problem by sending these files to a server, but the questions remains: why does IE treat files from the filesystem (within the same directory even) as some sort of cross-site request or security risk?
PS. Bonus WTF: When opening the page with the developer tools on, everything is ok.
EDIT: In case you're wandering: I did add a closing script tag.
<script type="text/javascript" src="vendor/d3.v3.js"></script>
why does IE treat files from the filesystem [as a] security risk?
Historical Reasons.
When Microsoft came up with the idea of web security Zones, they originally decided that the My Computer Zone, containing the local filesystem, was more trusted than the Internet Zone.
This almost sounds like a sensible thing to do, except that (a) users expect web pages they download not to gain a load of privileges when run from the hard disc, and (b) lots of programs download files from the internet and put them in a predictable place... so if you can persuade them to download an HTML file, you are persauding them to inject privileged script into the My Computer Zone.
The original settings for the My Computer Zone were to allow ActiveX controls to install and run without prompting. This meant that if you could ever get some HTML onto the filesystem, you essentially had an execute-arbitrary-code security vulnerability. There were lots of web exploits that leveraged this as part of their infection mechanism to load malware.
Microsoft feared any change to My Computer Zone security settings would break applications that used the web browser control to render their own HTML content as part of their UI. So instead, the web browser control defaulted to existing settings, and browsers such as IE that used it were invited to enable "Local Machine Lockdown" mode, which would drop the extra privileges My Computer Zone pages got by default. IE turned this on by default.
Unfortunately in a classic over-reaction, "Local Machine Lockdown" was not just the same level of privilege as the Internet Zone would have been, but even more restrictive - blocking JavaScript as well as ActiveX. This broke pages that users had saved to the hard disc, so to work around that IE adds a marker to pages it downloads to allow them to escape the (formerly privileged, now restricted) My Computer Zone and be treated as normal Internet Zone pages.
This is the Mark of the Web and you can include it in your static files to make them behave normally too.
Of course this makes the added restrictiveness of Local Machine Lockdown completely pointless, as any file can opt out.
But then the whole thing is now completely pointless, because since then the default settings of the Local Machine Zone have been changed and now resemble the Internet Zone more closely, not allowing arbitrary ActiveX. So that's a lot of confusing added complexity for no gain whatsoever.
I would like to read the browser's "localstorage" when the browser is off using the OS !
I want to save client data in localstorage and then switch off the browser and the internet and then let an OS program (a windows exe) access and analyse that data and then write new data into that localstorage area so that when the browser restars the new data is in localstorage.
This should be possible because my OS (i.e. windows) can read can delete cookies from the browser "files" ... so presumably once i know the format of the localstorage "file" then the OS is boss of all of its files and so it should be able to alter them !
So: how do i read and write to JavaScript/HTML5/DOM "localstorage" using "client side .exe programs" ?
FAILING THAT: is there any other way that the OS can pass simple data into (and out of) the browser ?
Obviously all of this has both huge potential POWER and huge potential DANGER !
The browser can only become the "virtual OS of the future" if the real OS can interact safely with it !!
Thank You.
Of course an app running locally with the appropriate permissions can access any file on disk. However, the real question is what to do with that file once it's open?
Consider the following:
Each browser (Chrome, Firefox, IE, Opera) is likely to store localstorage data in its own proprietary format. You'd have to reverse engineer those formats.
Since those formats are an implementation detail (not a documented API), they are liable to change. This will break your app and/or corrupt user data.
What happens if you modify those data files while the browser is open (even if the page in question isn't open)? The browsers don't expect their data files to change out from underneath them, so it's likely you'd see strange behavior.
All of this is to say that this is a very bad idea. You're messing with the internals of someone else's application; that's a big no-no.
Have you considered an alternative approach? When I was faced with a similar problem, I simply implemented a very simple HTTP server in my app that was bound to a specific port on 127.0.0.1.
With XHR and the appropriate CORS headers, your browser-based application can communicate with your desktop app in a safe manner.
Here are some other ways:
Embed a web browser control in your application. The web browser control can readily peek into the page, and the page can readily peek into the local storage. The web browser control refers chiefly to Internet Explorer.
You can pass parameters from the web page into an initiated executable (even a batch file) by manipulating the name of the executable. (Use application/bat as Content-Type to invite the OS to run your program when the user downloads it.)
A ClickOnce program initiated from the browser can readily receive data from the webpage.
You can use automation in your program (AutoIt, AutoHotKey) to copy/paste to an from a field on your web page. You can find the window by title as you control the title on the web page side. You can even automate opening a browser, navigating it to a page that dumps the local storage into a text field, and focuses the field.
ActiveX controls (good luck)
I can't speak for similar tricks for OS X or Linux.