Chrome doesn't want to let me access javascript from swf file directly in the URL bar (I know that isn't best practice, but that's what I am trying to accomplish):
Given:
/file.swf?cmd=alert();
With the following code (snippet):
flash.external.ExternalInterface.call("eval", cmd);
This only works in Firefox and not in Chrome. I am taking this approach because in chrome the actionscript 2 way to run JS was to use getURL("Javascript:...., however this doesn't work in Chrome either anymore.
Is there a way around this (by calling the file directly in the browser as opposed to be embedded in a page?)- I have my reasons!
Try creating a custom function the proxies the 'eval' function.
Try this in JS...
function exec_code( $value ) {
window.eval( $value );
}
... and this in AS.
var value:String = "[JavaScript Code to execute]";
if ( ExternalInterface.available ) ExternalInterface.call( 'exec_code', value );
Related
https://github.com/gg2001/monero/blob/master/monero/NewWallet.js
I have a js file that is quite large 6000 lines and JavaScript core does not seem to be able to retrieve variable values whereas running the same file in any web browser works fine for me. When I try to retrieve the value of a variable it shows up as undefined, but when I use a js console in a browswer it shows up fine. I am speculating that this is due to the size of the file because when I put
var helloWorld = "Hello World";
in the front of the js file this swift code can retrieve it
func helloWorld() {
if let variableHelloWorld = self.jsContext.objectForKeyedSubscript("helloWorld") {
print(variableHelloWorld.toString())
}
}
but when I put it at the end it cannot.
Normally this indicates a parsing error. Try adding an error handler to self.jsContext before calling objectForKeyedSubscript() and see if it outputs anything insightful.
self.jsContext.exceptionHandler = { context, exception in
print("JS Error: \(exception?.description ?? "unknown error")")
}
Although your JS code may be valid in a browser console, iOS Safari doesn't support as many Javascript features as newer browsers.
I did see a line in your JS source code beginning with just a semicolon (followed immediately by (function). I wonder if the parser might complain about an empty line without a statement..? Maybe nothing, though.
This is for Non-IE browsers-
I was working on a requirement which needed a XML file to be parsed. After looking at some options, i ended up finding $.parseXML in jQuery.
It worked fine and i can now read the content of the XML from there. But what surprised me was this-
Definition of $.parseXML is-
$.parseXML = function (n){
var r,i;if(!n||"string"!=typeof n)return null;
try{
e.DOMParser
? (i=new DOMParser,r=i.parseFromString(n,"text/xml"))
: (r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))
}catch(o){
r=t
}
return r&&r.documentElement&&!r.getElementsByTagName("parsererror").length||b.error("Invalid XML: "+n),r}
Now, if you look at the code, the part 'r=new ActiveXObject("Microsoft.XMLDOM")' is what confuses me the most.
Normally, if we try the same thing independently, then the following error is thrown-
ReferenceError: ActiveXObject is not defined
Can someone explain me how is this made possible in jQuery?
The code inside the function definition is meant for IE only.
The ActiveX code is present as a fallback mechanism in case the browser is IE and doesn't support DOMParser(IE9 Supports DOMParser). My guess it that it's still there in case of executing the jquery code in IE8 and below.
Is it possible, using javascript, to control an overlay firefox extension? I've extracted the contents of the extension and have identified what functions/methods I need to run, but they are not accessible within the scope of the console.
Thanks in advance for any ideas.
Yes it possible to interact with other add-ons, given the right circumstances.
My test case here will be com.googlecode.sqlitemanager.openInOwnWindow(), which is part of the SqliteManager addon.
In newer builds (I'm using Nightly), there is the Browser Toolbox. With it is is as simple as opening a toolbox and executing com.googlecode.sqlitemanager.openInOwnWindow() in the Console.
You may instead use the Browser Console (or any chrome enabled WebDev Console for that matter, e.g. the Console of "about:newtab"). But you need some boilerplate code to first find the browser window. So here is the code you can execute there: var bwin = Services.wm.getMostRecentWindow("navigator:browser"); bwin.com.googlecode.sqlitemanager.openInOwnWindow()
Again, enable chrome debugging. Then open a Scratchpad and switch to Chrome in the Environment menu. Now executing com.googlecode.sqlitemanager.openInOwnWindow() in our Scratchpad will work.
You may of course write your own overlay add-on.
As a last resort, patch the add-on itself.
Bootstrapped/SDK add-ons: you can load XPIProvider.jsm (which changed location recently) and get to the bootstrapped scope (run environment of bootstrap.js) via XPIProvider.bootstrapScopes[addonID], and take it from there (use whatever is in the bootstrap scope, e.g. the SDK loader).
Now about the right circumstances: If and how you can interact with a certain add-on depends on the add-on. Add-ons may have global symbols in their overlay and hence browser window, such as in the example I used. Or may use (to some extend) JS code modules. Or have their own custom loader stuff (e.g. AdBlock Plus has their own require()-like stuff and SDK add-ons have their own loader, which isn't exactly easy to infiltate)...
Since your question is rather unspecific, I'll leave it at this.
Edit by question asker: This is correct, however I figured I'd add an example of the code I ended up using in the end, which was in fact taken directly from mozilla's developer network website:
In my chrome js:
var myExtension = {
myListener: function(evt) {
IprPreferences.setFreshIpStatus(true); // replace with whatever you want to 'fire' in the extension
}
}
document.addEventListener("MyExtensionEvent", function(e) { myExtension.myListener(e); }, false, true);
// The last value is a Mozilla-specific value to indicate untrusted content is allowed to trigger the event.
In the web content:
var element = document.createElement("MyExtensionDataElement");
element.setAttribute("attribute1", "foobar");
element.setAttribute("attribute2", "hello world");
document.documentElement.appendChild(element);
var evt = document.createEvent("Events");
evt.initEvent("MyExtensionEvent", true, false);
element.dispatchEvent(evt);
Update for Firefox 47 and up
Things changed drastically in Firefox 47. This is the new way to access it.
var XPIScope = Cu.import('resource://gre/modules/addons/XPIProvider.jsm');
var addonid = 'Profilist#jetpack';
var scope = XPIScope.XPIProvider.activeAddons.get(addonid).bootstrapScope
Old way for < Firefox 47
Update for methods of today
Typically you will do so like this:
If i wanted to get into AdBlocks scope, I check AdBlock id, it is {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} so I would go:
var XPIScope = Cu.import('resource://gre/modules/addons/XPIProvider.jsm');
var adblockScope = XPIScope.XPIProvider.bootstrapScopes['{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}'];
You can now tap into anything there.
Another example, I have an addon installed with id NativeShot#jetpack
I would tap into it like this:
var XPIScope = Cu.import('resource://gre/modules/addons/XPIProvider.jsm');
var nativeshotScope = XPIScope.XPIProvider.bootstrapScopes['NativeShot#jetpack'];
if you do console.log(nativeshotScope) you will see all that is inside.
For loading a local file into Firefox I have noticed that...
location.href = "./relative/path/file.htm"; //this works
location.href = "http://localhost/path/file.htm"; //this works
location.href = "file:///c:/absolute/path/file.htm"; //doesnt work (also doesnt work if remove the "file:///" bit)
I would like to get the last example to work. Is there some about.config setting I can add to allow this or maybe a "netscape.security.PrivilegeManager..." statement?
(This is for a special Firefox profile and not for general use so the insecurity issues are not relevant).
Thanks.
http://kb.mozillazine.org/Links_to_local_pages_don%27t_work#Firefox_1.5.2C_SeaMonkey_1.0_and_newer answers this
when using "file:///" you need to use backslashes ( windows ) in other words you need to type
the physical address of the file as it accessed from file explorer ( windows )
dont forget escape with "\\".
example:
var url = "file:///c:\\myDir\\1.html";
I upgraded from jQuery 1.4.2 to 1.6.2 and now I get error(in IE). I have JavaScript on the page that gets executed by jQuery globalEval() function
// Evaluates a script in a global context
// Workarounds based on findings by Jim Driscoll
// http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
globalEval: function( data ) {
if ( data && rnotwhite.test( data ) ) {
// We use execScript on Internet Explorer
// We use an anonymous function so that context is window
// rather than jQuery in Firefox
( window.execScript || function( data ) {
window[ "eval" ].call( window, data );
} )( data );
}
},
In IE the call throws exception:
"Error: Could not complete the operation due to error 80020101."
The data parameter that get executed is javascript variables on page surrounded by <!-- -->
<!--
var id = \"ctrl90900\";
var url = \"myur.com/blah.html\";
-->
I'm using IE9, and jQuery 1.6.2 Not sure why this would cause an error.
If there is any error at all in a script passed to execScript, as far is Internet Explorer is concerned, it will report a 80020101 instead of the original error.
So, also check for missing semicolons and JS features not supported by IE.
For short code passages, i found the most effective debugging technique was to comment out parts of code and see if the error still turns up. If it doesn't, examine the code block that was just commented out for above errors.
It might be the commenting of the code, which is invalid JavaScript and unnecessary in this day and age.
You can strip it out with this regex...
$.globalEval(str.replace(/<!--\s*([\s\S]*?)\s*-->/, '$1'));
jsFiddle.
Just wanted to add a bit to this -- I was getting an error 80020101 whenever in an AJAX-called PHP script that included JavaScript. The script inside the PHP file was also breaking somehow, and refusing to render any of the script in the designated div (other elements of the PHP came through, but nothing inside the JavaScript -- I was trying to draw a chart using HighChart).
Turns out there was an undefined PHP function inside the JavaScript in the included PHP file (used to echo some text). I found this using Firebug.
So bottom line, make sure you don't have any undefined functions inside code coming back via AJAX.