i want to close the web page when user click the button in the flash.this is the code i used
public static function close():void{
// ExternalInterface.call("window.close()");
navigateToURL(new URLRequest("javascript:window.close();"),"_self");
}
this approach seems out of date nowadays. it only works for local page,use file:/// to access,but access it in a remote way,the code didn't give me a **,not even throw a security error.What do i suppose to do?
UPDATE:
This regretfully does not help with the firefox. The issue is not in actionscript, but in the way how the firefox handles the window.close() function. You can simply replicate this by trying to call window.close() directly from javascript without any actionscript. It is a security restriction. There are some related questions, answers and possible solutions here:
Close windows that were not opened by script using javascript
and here:
How can I close a window with Javascript on Mozilla Firefox 3?
END OF UPDATE
I am sure this is a security issue.
Have a look in the console, isn't there something similar to the following?
Scripts may not close windows that were not opened by script. # javascript:window.close();
I suggest to create a function in javascript which would close the window and call this function using external interface. Something like this:
JS:
function closeWindow() {
...
}
AS:
if(ExternalInterface.available) {
ExternalInterface.call("closeWindow");
}
Related
Situation
In our Android app (Xamarin), we open a web page using an ActionView intent. The code looks like this:
Intent intent = new Intent((string)Intent.ActionView, Android.Net.Uri.Parse(args.url));
intent.AddFlags(ActivityFlags.NewTask);
The opened page at some point does a JS redirect, with a line like this:
window.location = '...';
We tried many different variations of that line, including window.location.href = '...', window.location.assign('...'); and some more. All show the same behavior.
Problem
This has worked fine for years now, in all browsers - but now we ran into a problem, when the browser on the android device is the Edge browser:
When the browser tab is initially opened by the intent, the window.location = '...' line in Javascript is just ignored by the browser. No error message - just ignored.
However, if that same browser tab with exactly the same URL is opened manually (either by reloading or by copying and pasting the URL), the JS redirect is executed just fine.
Question
How do we fix this, how do we make the JS redirect reliably work?
My guess is that we are running into a security feature, which prevents JS redirects in browser tabs that the user has never interacted with.
Is there something (maybe an intent flag?) to circumvent this? We already tried the flag GrantWriteUriPermission, but it did not help.
Possible duplicates
Android Browser Facebook Redirect Does Not Always Trigger Intent for URL :
The proposed situation of setting the URL on a link and faking a click on it did not work.
Microsoft Edge security
Microsoft Edge recently fixed an issue regarding XSS Targeting Non-Script Elements (June 24, 2021).
The vulnerability was found by two researcher when they visited a website in another language via the Microsoft Edge browser and attempted to translate the page. The goal of the recent fix by Microsoft is to avoid vulnerability regarding accessing dynamically to a content from a third party application and specifically in the case of browser redirection. They need to act quickly because the vulnerability is quite huge.
In order to mitigate a large class of potential cross-site scripting issues, the Microsoft Edge Extension system has incorporated the general concept of Content Security Policy (CSP)
Ok, but ... is there any solution?
Maybe you can find a solution to solve your issue here, in particular the part concerning the <button onclick="...">.
Inline code is considered harmful in concept of CSP and microsoft recommend some good practices :
1 - The clickHandler definition must be moved into an external JavaScript
2 - The inline event handler definitions must be rewritten in terms of addEventListener and extracted into your external js file. If you are currently starting your program using code like <body onload="main();">, consider replacing it by hooking into the DOMContentLoaded event of the document, or the load event of the window, depending on your requirements. Use the former, since it generally triggers more quickly.
3 - Function inside onclick call must be rewritten to avoid converting the string of function into JavaScript for running.
The code exemple of the external .js file cited in the documentation look like this :
function awesome() {
// Do something awesome!
}
function totallyAwesome() {
// do something TOTALLY awesome!
}
function awesomeTask() {
awesome();
totallyAwesome();
}
function clickHandler(e) {
setTimeout(awesomeTask, 1000);
}
function main() {
// Initialization work goes here.
}
// Add event listeners once the DOM has fully loaded by listening for the
// `DOMContentLoaded` event on the document, and adding your listeners to
// specific elements when it triggers.
document.addEventListener('DOMContentLoaded', function () {
document.querySelector('button').addEventListener('click',
clickHandler);
main();
});
Hope it's helps
I want to create an extension to firefox using addon builder that
stops users from visiting a malicious website; When I see a URL that is
suspicious, I stop the page from loading and ask the user if he really
wants to visit the site. How could I implement that? I am expecting the functionality programmatically, so that I can make an extension.
if(site.is_malicious)
window.stop();
There is an event called beforescriptexecute supported my mozilla ..... Have a look , I think it will work the job for you. But what you desire can be done something like this:
var r=confirm("Are you sure you want to visit this site ?");
if (r==false) { window.stop(); }
You are creating a FF extension right? Why not use greasemonkey or so? You can execute a script BEFORE the page loads(on greasemonkey). when that script is called, you can potentially stop the pageload and throw an error message.
I'm using IE9 to debug a web app. I made some changes to the javascript after loading the page. I'm not able to get IE9 to stop on the new code. The message is "The code in the document is not loaded". I can set breakpoints when I'm not debugging, but they won't be valid when I start debugging. I'm using IE7 Browswer Mode, IE7 Document Mode.
Things I've tried:
close dev tools window, re-open
stop debugging, start debugging
Ctrl R in dev tools window (same as Clear Browser Cache button)
Ctrl R on the IE9 web page
Ctrl F5 on the Ie9 web page
Clear browser cache for this domain
Check (set) Always refresh cache from server
Next thing to try (I guess) would be closing IE completely. Is that the fix for this? If so, yuck. It takes me a couple of minutes to set the page up so doing that after every JS change really stinks. I can use FF4 to develop the JS, but the JS issue I'm seeing is specific to IE7 so I have to do it this way.
>> How can I get IE9 (running in IE7 mode) to reliably debug the most current JS from the server?
This issue wasn't related to caching etc. IE9 was hitting a script error (missing closing paren) in the new code and not allowing breakpoints anywhere in the script. IE seemed very quiet about the script error though. Anyway, fixing the script error fixed the issues with breakpoints / caching.
If you have access to the code:
In you javascript file reference add a query string, something like this:
<script src="Scripts/main.js?v=1" type="text/javascript"></script>
And every time you change in the js file change the v value to something else, like that the browser will feel that this is a new file and will get it.
Add this:
window.applicationCache.addEventListener('updateready', function (e)
{
if (window.applicationCache.status == window.applicationCache.UPDATEREADY)
{
window.applicationCache.swapCache();
if (confirm('A new version of this site is available. Load it?'))
window.location.reload();
}
}, false);
I found this solution somwhere in the Net. Sorry, but I don't remember the author. It works for me when I debug Web App with JavaScript in Visual Studio and use IE.
I found this question based on the "the code in the document is not loaded" error message. I'm not using IE7 document mode or any of that, just IE9.
Like jcollum, my issue wasn't related to caching.
I'm using MVC.Net, and someone had set up a piece of javascript to rely on a string in the ViewBag. I changed a couple things, and that ViewBag string disappeared, so the resulting javascript looked something like this:
if(!()) {
// Some code
}
Javascript died right here, and wouldn't process the rest of the code in the block. This was confusing, as it was still trying to execute javascript in a different set of script tags, but which relied on a variable set in the other block it wouldn't load.
So, basically, a syntax error was introduced via strange means, and the debugger refused to load some of the code which came after it. Another lesson on the dangers of ViewBag.
Hey guys --
The website I'm working on requires a bookmarklet launchable from your bookmark toolbar.
I've noticed that some browsers are blocking my bookmarklet.
However, similar bookmarklets such as Tumblr's, Twitter's, and Delicious' have workarounds where their bookmarklet pages are not getting blocked.
My current launch script looks like:
javascript:void(window.open(%22http://mywebsite.com/share/form?
u=%22+encodeURIComponent(location.href)+%22
&t=%22+encodeURIComponent(document.title),
%xz%22,%22status=0,toolbar=0,location=0,menubar=0,resizable=false,scrollbars=false,height=379,width=379%22));
It's a simple window.open, which is clearly not enough to handle certain exceptions
The sites, below is Delicious' launch script, all seem to have workarounds that look very similar to that of below:
javascript:(function(){
f='http://www.delicious.com/save
?url='+encodeURIComponent(window.location.href)+
'&title='+encodeURIComponent(document.title)+
'¬es='+encodeURIComponent(''+(window.getSelection?window.getSelection():document.getSelection?document.getSelection():document.selection.createRange().text))+
'&v=6&';
a=function(){
if(!window.open(f
+'noui=1&jump=doclose','deliciousuiv6','location=yes,links=no,scrollbars=no,toolbar=no,width=550,height=550'))
location.href=f+'jump=yes'};
if(/Firefox/.test(navigator.userAgent))
{setTimeout(a,0)}else{a()}})()
It seems like they append some extra GET parameters to the URL if the user agent is firefox.
I'm assuming then, if that is the case, that the init scripts on the actual page loading from the bookmarklet handles this exception somehow?
Has anyone had any experience with this issue? Would you be able to point me to any resources or tips? I have been stuck with this roadblock for sometime now.
Thanks in advance
the delicious bookmark does not directly invoke the window.open() - it creates a function (called a in there) which is then executed in a setTimeout(a,0) for firefox (i assume the problem you have is in firefox).
You can try a similar method, and see if it works for you.
I'm working on a project and run into an issue where I need to distinguish a chrome app window from normal ones. (Specifically I'm using the --app=URL from a bash script) Because of the way things are setup, I have to have run a js script on all windows, but only do something if they are an app window. It seems that the API listed here is what I need to distinguish one window from another, but all I've managed to get are errors saying that a function or object is undefined. So how am I suppose to get the window type from the API with something like window.type?
Additionally, if you know of some other way to tell the difference between chrome windows if they are an app window or not, then that would also work. I really just need to be able to do:
if (window is app) //I don't really care how it's done
{
doSomething();
}
More information:
Tried in both Chrome and Chromium (both fully updated)
Using Ubuntu 18.04
JavaScript is running in the app window and not an extension (not developing an extension)
Can you try the following. In your console
windowType=window.location.host
It should return if you are in app window it will return as "app". Using this you can write your logic
if (windowType === 'app' ) //I don't really care how it's done
{
doSomething();
}
Hope it helps.
Doing windowType.window.location.host returned not the type of window but rather the url provided with the --app=url flag in my bash script. This means that if you open a normal window and go to the same url as provided in the app window, both would return the same url. However, since the normal window would be the same content just a different window type, the JavaScript code that I need to run on the webpage is the same, thus I would want it to run on both windows. So this solution works for me, but for anyone else who is looking for a window specific identifier, and not just a url, I suppose that is still up in the air.
(Thanks Ragavan Rajan)