I have a hyperlink in my html document as
click
When I click on the hyperlink, the specified file opens in the browser itself.
Is it possible to open that file in notepad or sublime text or any text editor which is the default program for the file type (txt in this case). Can I do it programmatically in javascript or jquery. Is there any way to do it?
Note: This is just a stand alone application. I have developed a plugin which searches for patterns, that I have given as input, in all the files in a given source directory and print out all the file names in that directory which contains that pattern. Its printed to a output report html file. I just want to link the file path name to the default editor, so that he can edit it and save. No issue of security. Can it be done?
If not, is there any other way to accomplish this task? I can generate the output report in any format. Pls help.
As others mentioned, you may not able to do this without compromising your browser's security. But I came across a link that may help you.
<script type="text/javascript" language="javascript">
function RunFile() {
WshShell = new ActiveXObject("WScript.Shell");
WshShell.Run("c:/windows/system32/notepad.exe", 1, false);
}
</script>
Edit: This opens an empty notepad, and it'll only work on windows. You may use js to distinct between different OS and run their default text editors accordingly, but I wouldn't on that route. Why not use online editors instead?
Due to security reasons HTML/JavaScript does'nt have allow to access local file system.
http://en.wikipedia.org/wiki/JavaScript#Security
JavaScript and the DOM provide the potential for malicious authors to deliver scripts to run on a client computer via the web. Browser authors contain this risk using two restrictions. First, scripts run in a sandbox in which they can only perform web-related actions, not general-purpose programming tasks like creating files. Second, scripts are constrained by the same origin policy: scripts from one web site do not have access to information such as usernames, passwords, or cookies sent to another site
You have to make a server request in order to get the resource.
You can't do this without compromising the browser's security. You'd have to modify the browsers MIME type for TXT and default program's associated. If it's on your local network, and you're on a domain, and each user has admin privileges on their machines, you could theoretically do a registry hack and change the default settings for opening text files in external editors, but this compromises security, and chances are if you're in a domain network, your admin privileges are stripped from local machines.
I was looking for something similar and found a solution. Maybe someone will find it useful.
If you only want to do this on your own computer, it works.
Related
Is there a way to identify and block JS files/events that are not part of your domain?
Like assume, if I'm writing a extension for chrome and I put following code in my JS
$('div').on('click', function(){ alert("yup"); });
is there a way for a website to handle this case?
Edit 1:
After discussion with #Clive, I realized that all extension/application should run in sandbox and should not be able to access events/elements outside the scope.
Case
A chrome extension have a keypress event on input[type=text] and input[type=password]. Now this extension runs in background, so there JS files are always available. Hence if you open facebook and login to your account, this extension will capture data and can send it to its server.
My Case
Two user was getting alert messages multiple times. Initially we thought its a part of our code and checked all JS files. But then realized, both user had same extension and so we diagnosed that extension's JS file and found alert in it. Now we were lucky, no damage was done, but it still posses a possible security threat.
Short answer: No.
Long answer:
Chrome extensions run their code in a separate space from your site's code, so they don't interact at all. The best you could do is prevent DOM edits. Luckily chrome extensions already run in a sandbox and have to explicitly ask for permissions for the domains that they inject code in and those domains are all listed when you install an extension. The only other way for extensions to interact with a page is through the activeTab permission which is a one time allowance on a specific user action. If you are using an extension that you think is malicious, you can always just read the code since JS is naturally open source. It really all boils down to a matter of trust. Installing something is explicitly trusting that thing to not mess up your stuff. This applies to all programs. If you don't trust an extension, then don't install it. A sandbox can only prevent so much while still letting extensions do something.
I am wondering if there is any method of reading file on the client side with javascript given the file name and path. I am aware of the method of reading through: input type="file".
What I mean is without opening up a file browser and selecting the file, just reading it with filename, like fopen.
If not an other method, how to instantiate a File object in javascript from filename and path?
Seeing the answers I thought of briefing a bit more on my purpose.
I am not really making a webpage. I am using browser just as a software that is available on any system. The html pages will all be local. I am doing this way be so that I have the advantage of the power of js. Given this situation is there any way to set permission flags that will let it read files?
Thank you.
There's the Drag 'n Drop API which would be the other option in reading files using JS
There will always be hurdles so that your code will not directly read from the client's filesystem. This is designed for privacy and security purposes.
Extensions/Plugins - sandboxing will be your enemy, limiting file system access
Java Applet - Needs a signed certificate to read the filesystem. A self-signed certificate will generate the "Will You Trust This Applet" prompt which would act as the security prompt.
Input type=file - gives the user the option to select the files or not
drag and drop - gives the user the option to drag in files or not
XHR - Same Origin Policy will block you, especially if you are executing the page locally and not on a server.
JSONP - Since this bypasses the SOP, however, your file should be in JSONP format.
I found solution to my problem, here it is...
It is true that we have restriction with javascript that whenever the user or the page requests for a file it has to go through that extra window that pops up,
but if all the files that you may request are inside a known folder then you can rather ask the user to point the zipped folder instead.
One can use tools like zip.js for opening a file that one needs in the zipped folder.
Thank you :)
I'm trying to build a sample bookmarklet to grab current webpage source code and pass it to a validator. Validator is not a an online website, but a folder with bunch of javascript and html files. I'm trying to open file:///C:/Users/Electrifyings/Desktop/Validator/Main.html file with the help of javascript bookmarklet code and put the source code in the textarea in the newly opened window, but it is not working for some reasons that I'm not aware of.
Here is the sample code with algorithm:
javascript:(function(){var t = document.body.innerHTML;window.open('file:///C:/Users/RandomHero/Desktop/test.html',_self);document.getElementById("validator_textarea")=t;})()
Here are the steps:
Grab current web page source code in a variable.
Open locally stored HTML web page in current or new window or new tab (either way is fine with me, but no luck)
Put the source code from the variable into the validator textarea of the newly opened HTML file.
I have tried above code with a lot of variations, but got stuck on the part where it opens the new window. Either it's not opening the new window at all or it is opening blank window without loading the file.
Would love to get some help with this issue, thanks a lot.
Oh and btw,
Windows 7 x64, Tried IE, Firefox and Chrome. All latest and stable builds. I guess it's not a browser side issues, but something related to javascript code not opening the URI with file:/// protocol. Let me know if any more details are needed. :)
You wouldn't want a webpage you visit to be able to open up file://c:/Program Files/Quicken/YourSensitiveTaxInfo right? Because then if you make a mistake and go to a "bad" website (either a sleazy one or a good one that's been compromised by hackers), evil people on the intarweb would suddenly have access to your private info. That would suck.
Browser makers know this, and for that reason they put VERY strict limits to prevent Javascript code from accessing files on a user's local computer. This is what is getting in the way of your plan.
Solutions?
build the whole validator in to the bookmarklet (not likely to work unless it's really small)
put your validator code up on the web somewhere
write a plug-in (because the user has to choose to install a plug-in, they get much more freedom than webpages ... even though for Firefox, Chrome, etc. plug-ins are basically just Javascript)
* * Edit * *
Extra bonus solution, if you don't limit yourself to a purely-client-side implementation:
Have your bookmarklet add a normal (HTML) form to the page.
Also add an iframe to the page (it's ok if you hide it with CSS styling)
Set the form's target attribute to point to the iframe. This will make it so that, when the user submits the form and the server replies back to that submission, the server's reply will go to the (hidden) iframe, instead of replacing the page as it normally would.
Add a file input to your form - you won't be able to access the file within that input using Javascript, but that's ok because your server will be doing the accessing, not your bookmarklet.
Write a server-side script which takes the form submissions, reads the file that came with it, and then parrots that file back as the response. In other words, you'll have a URL that you can POST to, and when it sees a file in the POST's contents, it will respond back with the contents of that file.
Now that you've got all that the user can pick their validator file using the file input, upload it to your server, your server will respond back with the file it just got, and that file will appear as the contents of the iframe.
And now that you finally have the file that you worked so hard to get (inside your iframe) you can do $('#thatIframe').html() and viola, you have access to your file. You can save the current page's source and then replace the whole page with that uploaded file (and then pass the saved page source back to the new validator page), or you can do whatever else you want with the contents of the uploaded validator file.
Of course, if the file doesn't vary from computer to computer, you can make all of that much simpler by just having a server that sends the validator file back; this could be a pure Apache server with no logic whatsoever, as all it would have to do is serve a static file.
Either way though, if you go with this approach and your new file upload script is not on the same server as your starting webpage, you will have a new security problem: cross-domain script limitations. However, these limitations are much less strict than local file access ones, so there are ways to work around them (JSONP, cross-site policy files, etc.). There are already tons of great Stack Overflow posts explaining these techniques, so I won't bother repeating them here.
Hope that helps.
This has been asked a lot of times already: I need to get the full file path via a web-page. The use case is an application running on the same machine as the browser (i.e. the application starts a local HTTP server and fires up the browser.) File-paths are of course valid and the same for both client/server now. The use case it that the user selects a file and then the server process does some computation on it, and the input files are typically large (read: several GiB in size.)
The easiest thing would be to directly access the path using , but for security reasons, this is disabled. I'm looking now for the least intrusive workaround to this problem. The target browser in question is Chrome. I'm fine if the user has to click "accept" once on some security warning, as long as I can ensure that it won't appear again.
Do I have to write an extension, NSPlugin, can I use some special header magic to mark my page as "local", is there some security setting I can set? The less the client has to do the better, and I would prefer some "click here to allow access ..." solution above everything else. Can I directly install an extension from the server process that would do this (after the user clicks accept?)
Is it possible to do this with a Java applet/Flash? That would be the easiest solution, and clients are guaranteed to have Flash installed (as it is bundled in Chrome...)
You can create Java applet for tasks like this and self-sign it. User will have to allow it to run, but then you will be able to access applet's function that will return file path string via Javascript.
Clearly file io on the client's system is forbidden from JavaScript. If this wasn't the case it would be absolutely trivial to hack every web browser that visits your website.
Battlefiled 3 is controlled though the browser. To do this EA wrote a browser extension for the top three browsers. But that's resource intensive. If you just care about chrome you can use an addon, and for that i suggest using the NPAPI.
And as MOleYArd said, Java is a good solution and probably more common than an extension or addon.
In my application I want to open some files with the correct default programmes, like .doc file should be open with WORD and .psd files should be opened with Photoshop if it is installed, and this should be done under html or java script.
Please tell me how to do it.
JavaScript cannot run programs, but if you have a file on your server you can simply link to it:
<a href='image.psd'>Download File</a>
Users will be promped to download the file or open it using the default program (for most files). Again - as others have said - this is determined by the browser. IE can open doc files on the browsers, and PDF documents can be opened that way too.
There is no way for you to choose which application will be used to open your files with javascript...It just doesn't have that power.
I don't think this is possible in JavaScript without using any activeX or something like that. Js has no access to locally installed applications.
Browsers typically don't have access to the computer's filesystem for security reasons. If you know the exact path to a file you can point the browser at it using a file: URI, e.g.
file:///C:/path/to/file.ext
You may also be able to do this with a plugin, eg ActiveX, however I am unsure as to what security measures that would have.
Invoke the system command 'open'. Works on Windows and Unix based clients.
Depending on where your script runs, you might not be able to invoke system commands though, for instance in a browser sandbox.
If you provide a link to a file on the local file system (eg: <a href="file:///C:/mydoc.doc">) then the browser will open it - however this is not a great way to do it since the browser will first show a dialog ("Do you wish to Save or Open") and then it will "download" it into temporary files as it would if the file were remote. In this case, if you edit and save the file, it'll be the version now in your temp folder. This might not be a problem if your files are read-only, but generally it's not a great user experience.
The only other method is to use ActiveX, which is actually rather easy (though I don't have the exact code on me now - write a comment if you're interested in a snippet and I'll update). Of course this comes with the giant flashing caveats of:
It only works in Internet Explorer.
You need the user to fiddle with their security settings for the ActiveX scripts to run.