I have a chrome extension I've developed that reads and parses HTML contents into a CSV file.
This part works great, and the user is able to download the file.
What I want to do at this point, is find a way to send that data directly to a MySQL database.
I know that a chrome extension cannot run PHP (obviously). I do however have access to a hosted web server to which I can upload custom PHP scripts.
Is there any way to send my parsed data directly to a hosted PHP script which will process the data and then send the data to a MySQL database on the same server?
Everything I've researched thus far has resulted in "chrome extensions cannot run PHP scripts" . . .
Thanks for your help!
Edit: One option I was thinking of would be to inject HTML hidden fields with values of my data, and then use javascript to POST the data to the PHP URL . . . . Would that be an option? Can chrome extensions inject hidden fields?
You can absolutely make a POST method HTTP request to a server from a chrome extension. It doesn't require any kind of hack to accomplish this. With native JavaScript use the 'POST' method to an XMLHttpRequest or with a library like jQuery just make a $.post request.
A couple of things:
You're going to want to use HTTPS, so get an SSL certificate for your server/domain. If you are parsing any kind of website content on an HTTPS protected page and sending that in the clear text to your own server you are doing A Very Bad Thing. Do Not Do That.
Make sure you tell your users that you are doing this. Some/Most people may not want that.
Use a content script to grab the content from the DOM. Pass it to your extensions background script using postMessage message passing.
Make the POST request from your background script.
You will need to update your manifest.json to have permissions to the URLs you want to inject the content into, and permissions to make the POST request to your server's domain. Users will have to see and approve these permissions, but they will not know what you are doing, so be sure to tell them.
Related
I'm a developer for the website Friconix, a collection of free icons. Users can include our JS file on their web pages as explain here : https://friconix.com/start/.
I would like to gather statistics on clients using our tools. How to know, on server side, information on pages (URL or at least domains) that request our JS file ?
It's important to explain that, for decreasing the loading time, the JS file is not dynamically generated. There is no PHP file loaded every time the file is requested. The file is saved in plain text on our server. I wonder if the right solution is not to add something in the .htaccess file ?
Since the script is requested from your server every time a user loads a browser-page you can track who and how often that path is requested.
A simple approach is that it will be present in you request log files. So you can create a script and read your log files every so often.
A second approach is to setup a special rule/location in nginx/apache/which-ever-server-you-are-running
A third approach is to serve the script via CDN that has all these attributes built in (ie. CloudFront)
This can be done via a simplistic REST API call from the script. Thus when your script will load it will call the rest API via an AJAX or XHR call. The request can contain a unique client ID. On the server-side, you can implement a simple API that will accept these requests and store them by extracting the necessary information for analytics.
All the information like domains and IP about the client can be gathered from the API request or requests which will be made from clients page.
Reference - How do I call a JavaScript function on page load?
I'm using a javascript scripting engine for a MUD i'm playing, they have a javascript client hosted on their server. I'm wanting to store some information in a database and access it from the client (or inject it somehow into the client) but I'm not seeing how I could do that.
Basically I can write javascript files into the trigger section of the website and they fire. It has Javascript and JQuery options. It does not have a database option on their end, which is why I'm trying to add it myself.
I know client side javascript has a lot of restrictions on it, so I'm not sure how far I could really go with this.
I think you might be able to do this, but it's going to be hacky.
If you're able to attach a script node to the dom, you can trigger GET requests with no origin restrictions wherever you want. You would do that to your own backend.
You would have to throw away all good practices and use GET requests with a lot of query params so send data to that (your) backend.
You would have to write the backend so that it does whatever you want with the data, e.g. store it in the db.
You would have to make sure you return valid js to the client, even if it's only to dismiss it.
Alternatively...
you could load an iframe to a site you control, and change the iframe src with the data, and then do with the data whatever you want (like sending it to some bakcend of yours properly) in your site (that's loaded in the iframe) by detecting changes in the url...
Python has a module called httplib which allows for the retrieval of an html resource from a URL. With this code:
httpServ = httplib.HTTPConnection("www.google.com")
httpServ.connect()
httpServ.request('GET',"/search?q=python")
...
httpServ.close()
I am trying to do the same thing in my angular app, but using $http get doesn't allow me to retrieve the html document due to the same origin policy.
Is there anything similar to the python method available in JavaScript?
So, the Same-Origin Policy has nothing to do with JavaScript. It basically says "don't allow scripts on a page to talk to scripts being run by another host."
This is an extremely important security feature. It means that if you put jQuery on your page, and somehow a jQuery CDN got hacked and they changed jQuery to send your passwords to another page, it wouldn't work (so long as the browser properly enforces the Same-Origin Policy).
You don't have this problem when working with Python because Python exclusively runs on the server (from a web-app perspective). Your server can talk to any machine it wants to, but browsers do not (and should not as seen above) give that freedom to webpages.
So, how to solve your problem? Make your GET request to a script running on your server. Have your server do a curl or wget or w/e of google.com, then have your server send the data back to the client.
I'm using adobe business catalyst to build a site. and it doesn't allow to use PHP and I can use just HTML,CSS,Javascript. and I need to add PHP API to my site. but directly, I can't do that. Is there anyway to do that like using iframes ?
PHP is a server side programming language. So just adding php tags to your CMS content absolutely does nothing.
Of course you could deploy some php code somewhere else and then use an iframe to display that page within your content in your cms.
Or, if you have control over the http headers of whatever php you want to serve from another server, you could use AJAX to get the information. Note that using AJAX to grab information from another server requires you to use CORS to bypass the security limitations of Javascript (same origin policy).
If all this does not ring a bell, you probably should not do it.
I'm making a script that lets my users open the page, vote for our site, and then get a password to some restricted content on the site. However, I plan on storing the password in a file outside public_html so it cannot be read directly from the source code.
Is there any way to do an AJAX call to a file above public_html? I don't want to AJAX to a file inside public_html that will read the file, it'll just defeat the purpose.
Not directly, no. And, frankly, thank goodness for that (since js is executed client-side, and the client should never have access to the web-server above public_html).
You can, however, use Ajax to call a php script inside the web root that has access to documents outside of the web-root. This way you're still keeping the password out of public reach, but still allowing your users to make use of it.
The down-side is that the password might make it to the client-side in the Ajax call (depending on what your Ajax call does). Basically, if JS can get access to the password then so can any interested user.
No, you cannot do that.
The web server does not allow you to do that.
Also, it is highly insecure to expose access to non public_html files on the server.
No, you can't have an AJAX call to a file that's not served by the web server (I'm assuming the file above public_html doesn't have an apache ALIAS or virtual directory setup).
To accomplish what you're trying to do, create a script (php?) on your site that AJAX calls and this script will either:
Read the password file wherever it is on the system (assuming the file has the correct file permissions)
Embed the password within the script itself since the source code of the script can't be retrieved.
No. An AJAX request is simply a request like any other that loads a resource from your server. The only difference is that it exposes the result to javascript on an already loaded page instead of loading a new page. So if an AJAX request can get this secure file, than anyone can.
You could setup a proxy script in some web application programming language to fetch the file from disk and send it along for you. But then it wouldn't be much different from putting the file right in the public directory.
You may need to rethink your approach here.
Why don't you do an AJAX call to some view function on the server that can access the file you need and then return whatever data to the AJAX request?