Is there any code in javascript like www.facebook.com.getElementById("some id").innerHTML;?
I was thinking if there's a way I could access the tags of another website (not written by me). I want to know if I can write a script, which when run, will,for example, fill the login form of a website.
Thanks!
No there is not.
If you would request another Website you should send an AJAX request.
To prevent cross-site-scripting, most modern browsers have disabled AJAX-requests to other Domains.
There would be the possibility that you request one php file on your own domain, which would request an external site and returns the external site to you.
Then you could perform these calls.
Related
We want to get the html content of a page on another domain. The following considerations are present:
1- The login page has a I am not a robot recaptcha.
2- The load of page in iFrame is restricted.
3- Could not use jQuery get or load methods because of cross domain restrictions.
With these limitations is it possible to develop a crawler or even use some client side codes to get data?
Thanks
Actually.. NO
But you can take the help of a backend server.
Let the server download the page and send it to the client.
This would solve problems related to CORS restrictions.
Coming to the captcha part, if the page operations are restricted by the captcha, then again there aren't much you can do. If it was that easy, the captcha wouldn't be used in the first place.
Is there a way with javascript on a page to tamper http requests done by other scripts (on same page)? The other scripts can be from external domains.
Let's say on a page X a script loaded from an external domain performs an http get like GET http://www.example.com?foo=bar is it possible that a previously loaded script in the same page X can capture this request, and tamper with it so it becomes GET http://www.example.com?foo=qux?
In jquery i can achieve this by wrapping the ajax get post methods. But is this possible for plain javascript, no frameworks, working across all page and client's http requests?
It seems to me that for this to be done, the script must be able to override something very deep in the core. If i have to guess i would say it's not possible by design and because of security. What do you think?
p.s. no proxies, no external tools.
No you can't capture the HTTP request going out of your app, once it has gone out of your app.
However, there is one work around possible
if you want to alter some parameters before it goes of your app,
All the other request from your website are AJAX requests
They are invoking your custom method, say customAjax() which can
alter the parameters of the actual request that will go out.
I have a web-page which content must be constructed on the fly. When user clicks some parts of the web-page, it must load information from the file which is placed on the server in the same directory along with web-page into special content <div>.
As far as I get it, with JavaScript, I must use ajax technology so I have a question: should I configure server so that he can handle ajax requests specifically, or is it just simple GET over HTTP request which should be supported by any web-server anyway?
And my second question - if ajax is technology, which will work out only if server is properly configurated, can I do what I need by simple GET from JavaScript somehow?
Also, if it is easier to use server-side scripting, how can it be done by VBScript?
AJAX requests are very much like usual HTTP requests. So you do not need to configure your server in any special way to make them work.
A usual server should already support at least GET and POST requests.
One thing, that might be important for you, however, is, that as long as there is no other "protection" for the files, everyone can access them directly, too. So in case the AJAX-loaded content contains some kind of user sensitive data, you should put some access control in place!
AJAX involves server side scripting, so it doesn't make sense to say it is easier to use server side scripting. Additionally, AJAX is nothing more than GET or POST requests that a script carries out for you asynchronously, allowing you to use the server responses in a document without reloading the entire page.
AJAX in and of itself is not so much of a technology as a technique. You can use AJAX, for example, without ever using the ubiquitous XmlHttpRequest object supplied by javascript.
With the jQuery AJAX methods, you can request text, HTML, XML, or JSON from a remote server using both HTTP Get and HTTP Post - And you can load the external data directly into the selected HTML elements of your web page...
and yes, no configa server properly
i suggest to you jquery framework (no server configure needed) (see also Sirko answer)
http://api.jquery.com/jQuery.ajax/
this is help you to load dynamic content see this
I am currently looking into a couple of possibilities for a microsite that I am building. The microsite sits on a different domain to the main site, and we want to use some of the forms from the main site. However we don't the user to see the main sites thank you page for a form submission.
My question is, is it possible to submit the form on the microsite to the action of the main sites form, so essentially I am wanting to submit a form that is set on http://domain1.com to http://domain2.com.
Will I able to this due to cross-site scripting etc?
You are fighting with http://en.wikipedia.org/wiki/Same_origin_policy.
Possible solution will be using a local proxy like http://developer.yahoo.com/javascript/howto-proxy.html
Using plain AJAX this is not possible, no.
You'd need to use a local proxy of some kind to achieve this. The form should submit it's data to a server side script on the same domain. That script should submit the data (using cURL or the like) to the remote location and give any response back to the form.
What you are trying to do is possible, but with some restrictions. Newer browser support cross domain ajax using the x-access-control-allow-origin etc. headers.
You could also use cross domain messaging (see CORS). To get backwards compatibility with older browsers, easyXDM is an option.
Another option is to build a hidden iframe, create a form, and send the data there using a normal for with action pointing to the other domain.
Remember though that Cross Site Request Forgery may be a problem. How do you stop other sites from posting to that same url.
You should be able to do this by placing the link to the action of mainsite in the microsite form. Also you can achive it via ajax, by sending call to the url of the mainsite and fetching results.
I have an application on one domain which needs to get data from an application on another domain.
I would like to use an iframe based cross domain ajax tool such as porthole.js to implement the following:
My application loads a page on the other server in an iframe.
A message is sent using porthole to the iframe.
The page on the other server checks to make sure the calling url is valid, and reads in the url of the ajax request it will make from the message.
The remote page then uses the passed url to make an ajax request.
The results are passed back to my application.
This solution lets me use the remote json data without systematically altering all of the services, which are built and managed by another team. If it doesn't work, I would work with them to use a system that uses porthole.js or jsonp for cross domain scripting.
The point that concerns me, though, is step 4. Does this count as an ajax call from the remote document inside the iframe, which would be able to make ajax calls against it, or does it count as a call from the outer window, which can't use ajax to call that domain?
Jeez, just use CORS. It's a one-line change to the web-server config.