I want to develop an extension which works on scripts coming from HTTP response. I know that whole HTML code first goes to rendering engine inside browser where it is parsed to create a DOM tree. Any script embedded inside is passed to the JavaScript Engine.(Correct me if I am wrong. :) )
So I wanted to intercept the JavaScript code before it is sent to the JavaScript Engine in order to modify them accordingly.
Are there any APIs for Mozilla Firefox which would allow me to do this? How can I do it?
while doing some stuff i stumbled across this:
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/NsITraceableChannel?redirectlocale=en-US&redirectslug=NsITraceableChannel
this allows you to modify stuff before it is parsed. see this topic here:
http://forums.mozillazine.org/viewtopic.php?f=19&t=2800541
here is a working example of getting the content before it is shown to user. it doesnt change it though, thats what im asking in the mozillazine topic. the writeBytes should modify it, once you figure it out please share as im interested as well
https://github.com/Noitidart/demo-nsITraceableChannel
You can follow this answer on how to intercept each request and modify before sending it to the page itself. You can do transpilation or whatever you'd like there.
take a look at this guys addons code. he does exactly what you are looking for:
https://addons.mozilla.org/en-US/firefox/addon/javascript-deminifier/
You can try invade before HTML'll be parsed and take all tags, work with them and put it back.
...I wanted to intercept these javascript code before Javascript Engine and modify them accordingly. Is there any APIs for mozilla firefox? How can I do it?
You can use page-mod of the Addon-SDK by setting contentScriptWhen: "start"
Then after completely preventing the document from getting parsed you can fetch the same document on the side, do any modifications and inject the resulting document in the page. Here is an answer which does just that https://stackoverflow.com/a/36097573/6085033
Related
I'm not exactly sure how to phrase my question but I'll give it my best shot.
If I load up a webpage, in the HTML it executes a JavaScript file. And if I view the page source I can see the source of that JavaScript (though it's not very well formatted and hard to understand).
Is there a way to run the JavaScript from e.g. Python code, without going through the browser? i.e if I wanted to access a particular function in that JavaScript, is there a clean way to call just that from a Python script, and read the results?
For example... a webpage displays a number that I want access to. It's not in the page source because it's a result from a JavaScript call. Is there a way to call that JavaScript from Python?
If you want to scrape a page with javascript in it you've got at least two options:
Use selenium to load the page and get the node value you're interested in
Use python-spidermonkey to leverage the javascript right from your python script and get the value you're interested in.
Although your question isn't very clear. I'm guessing that you are trying to access the javascript console.
In Google Chrome:
Press F12
Go to the 'console' tab
In Mozilla Firefox with Firebug installed:
Open Firebug
Go to the 'console' tab
From the console you can execute javascript query's (calling functions, accessing variables etc.).
I hope this answered your question properly.
I think you are talking about Obfuscate js code
You can always de-obfuscate them
There are lots of tools availaible
Here is a addon of mozilla
https://addons.mozilla.org/en-us/firefox/addon/javascript-deobfuscator/
and an online tool
http://jsbeautifier.org/
I'm new to javascript and I want to ask if there is any way to modify javascript code that was loaded from the server side? There is an external script <script src="myscripts.js"></script>
Can I modify this, let's say with Google Chrome inspector. I want to alter for example, one of the script's functions. Can I do it?
Yes, you can.
However, if you refresh (or the script is requested again) you'll get the original script from the server.
JavaScript cannot be modified on the client. Think of the havoc this would cause if you could.
I'm using Mechanize, although I'm open to Nokogiri if Mechanize can't do it.
I'd like to scrape the page after all the scripts have loaded as opposed to beforehand.
How might I do this?
I think a good option is something like this with Nokogiri, Watir, and PhantomJs:
b = Watir::Browser.new(:phantomjs)
b.goto URL
doc = Nokogiri::HTML(b.html)
The resulting doc will be from when after the scripts have been loaded. And phantomjs is nice because there is no need to load a browser.
Nokogiri and Mechanize are not full web browsers and do not run JavaScript in a browser-model DOM. You want to use something like Watir or Selenium which allow you to use Ruby to control an actual web browser.
In addition to watir-webdriver and capybara-webkit, celerity is a good option although it is jruby only.
I don't know anything about mechanize or nokogiri so I can't comment specifically on them. However, the issue of getting JavaScript after it's been modified is one I believe can only be solved with more JavaScript. In order to get the newly generated HTML you would need to get the .innerHTML of the document element. This can be tricky since you would have to inject js into a page.
The only way I know of to accomplish this is to write a FireFox plugin. With a plugin you can run JavaScript on a page even though it's not your page. Sorry I'm not more help, I hope that this helps to put you on the right path.
If you're interested in plug-ins this is one place to start:http://anthonystechblog.wordpress.com/category/internet/firefox/
I have to write some javascript code to take screenshots of a webpage but without rendering it in the foreground.First of all is it possible?Do I need to use some external libraries?Please give me some ideas :)
If you're talking of doing it in Firefox chrome code (i.e. extensions/addons) there's a really easy way to do it. If you're talking about content code (i.e. webpages) you can do it as above but you have to ask permission first (i.e. netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');).
What is this screenshot for? Depending on your needs you can do it directly on the server using one of these libraries:
http://code.google.com/p/wkhtmltopdf/
http://code.google.com/p/dompdf/
The only way to do it is via ActiveX, which of course only works on IE. See this SO question for examples of this:
Take a screenshot of a webpage with JavaScript?
This question already has answers here:
How do I hide javascript code in a webpage?
(12 answers)
Closed 8 years ago.
How do I hide my javascript/jquery scripts from html page (from view source on right click)? please give suggestion to achive this .
Thanks.
You can't hide the code, JavaScript is interpreted on the browser. The browser must parse and execute the code.
You may want to obfuscate/minify your code.
Recommended resources:
CompressorRater
YUI Compressor
JSMin
Keep in mind, the goal of JavaScript minification reduce the code download size by removing comments and unnecessary whitespaces from your code, obfuscation also makes minification, but identifier names are changed, making your code much more harder to understand, but at the end obfuscation gives you only a false illusion of privacy.
Your best bet is to either immediately delete the script tags after the dom tree is loaded, or dynamically create the script tag in your javascript.
Either way, if someone wants to use the Web developer tool or Firebug they will still see the javascript. If it is in the browser it will be seen.
One advantage of dynamically creating the script tag you will not load the javascript if javascript is turned off.
If I turned off the javascript I could still see all in the html, as you won't have been able to delete the script tags.
Update: If you put in <script src='...' /> then you won't see the javascript but you do see the javascript file url, so it is just a matter of pasting that into the address bar and you d/l the javascript. If you dynamically delete the script tags it will still be in the View Source source, but not in firebug's html source, and if you dynamically create the tag then firebug can see it but not in View Source.
Unfortunately, as I mentioned Firebug can always see the javascript, so it isn't hidden from there.
The only one I haven't tried, so I don't know what would happen is if you d/l the javascript as an ajax call and then 'exec' is used on that, to run it. I don't know if that would show up anywhere.
It's virtually impossible. If someone want's your source, and you include it in a page, they will get it.
You can try trapping right click and all sorts of other hokey ways, but in the end if you are running it, anyone with Firefox and a 100k download (firebug) can look at it.
You can't, sorry. No matter what you do, even if you could keep people from being able to view source, users can alway use curl or any similar tool to access the JavaScript manually.
Try a JavaScript minifier or obfuscator if you want to make it harder for people to read your code. A minifier is a good idea anyhow, since it will make your download smaller and your page load faster. An obfuscator might provide a little bit more obfuscation, but probably isn't worth it in the end.
Firebug can show obfuscation, and curl can get removed dom elements, while checking referrers can be faked.
The morale? Why try to even hide javascript? Include a short copyright notice and author information. If you want to hide it so an, say, authentication system cannot be hacked, consider strengthening the server-side so there are no open holes in server that are closed merely though javascript. Headers, and requests can easily be faked through curl or other tools.
If you really want to hide the javascript... don't use javascript. Use a complied langage of sorts (java applets, flash, activex) etc. (I wouldn't do this though, because it is not a very good option compared to native javascript).
Not possible.
If you just want to hide you business logic from user and not the manipulation of html controls of client side than you can use server side programming with ajax.