Execute local command with JavaScript in Chrome - javascript

My mail client is configured to open links in mails with Chrome. But sometimes, when I get a mail from our ticket system, which doesn't work at all on Chrome, I'd like to open the link with internet explorer.
Therefore I tought a Javascript user script would probably do the job. I've searched, and there seems to be a way, with using ActiveX. Unfortunately this won't work in Chrome. Does anybody know how I'd go about that? Is there some kind of plugin or class which would allow me to do this kind of thing in Chrome? Or is there a another solution?

You could setup a custom protocol handler on your system.
For example, you could use a protocol in your html like this:
I get opened in IE
Then you register sd as a protocol, and tell Windows to open those kind of links with IE
Registering an Application to a URL Protocol
http://msdn.microsoft.com/en-us/library/aa767914(v=vs.85).aspx
ISSUE:
Looks like it passes in the protocol part, so IE wouldn't know what to do with that. You could write a very simple batch file to strip the protocol part, and then launch IE.
Here is an example batch file:
#echo off
set a=%1
start "" "c:\program files (x86)\internet explorer\iexplore.exe" %a:~3%
It creates a variable "a" that it sets to the first parameter "%1"
then its starts iexplore, stripping off the first 3 characters of "a"

There's not an easy solution. Any solution you could find for this would be pretty hacky as javascript is not designed to do this. The only solution I can think of is to use a chrome extension to launch an external application based on the url of the page visited, but I don't know if chrome extensions even have that capability.
Not sure how helpful it will be, but the chrome extension tutorial page might contain something useful.

Related

How to detect inline Firefox extension installation, and intercept it - Firefox extension development

I am building Firefox addon am trying to detect inline installation of the Firefox extensions. To be clear, installations on the places that are not on the Mozilla domain. So, when I am on some website, and when I trigger the extension installation (the .xpi file), I want to redirect the user to some website.
Before that dialog box appears, and if that is not possible, very soon after that, the one for 'installation confirmation', I want to redirect the user.
I am not very familiar with the download API, and I really don't know where to start. I have tried adding the listener for the downloads, but no result from it.
background.js (and included downloads in manifest.json)
function handleCreated(item) {
console.log(item);
}
browser.downloads.onCreated.addListener(handleCreated);
My expectations are to make my addon to recognize that the user is downloading a .xpi file, and perform redirection on some page when that happens.
Edit:
Of the redirection is not possible, then replacing websites .xpi with another one would do the job also.
Adding to the list of what I have tried.
I have tried to convert the page into the text format using .text() fro jQuery, and then search for the URL that has .xpi at the end. However, this did not work for some cases. Sometimes, some websites are pulling the .xpi from their own server, using their own API. So it is not a golden solution to my problem.

Open network location in Javascript

Is there any way to open a file or a folder located on the network? I understand reasons Browsers dont allow that. And I know that I need to add extensions to Chrome and FireFox to get a network folder shown. When I meet these requirements and I have an href that looks like:
file://network volume/directory
then by clicking on it I get a folder open. Now I need to open it by clicking on a button. Is that even possible?
Thanks
Assuming you jumped all the hoops and completely unsecured your browser (which I did not, which makes this answer a guess rather then a solid answer), I suppose that javascript actions on window.location might work. e.g.
window.location.href = 'file://foo/bar/';
or the window.open API http://www.w3schools.com/jsref/met_win_open.asp
A side note, do check the HTML5's file APIs. They explicitely require that user picks the files explicitely and do not seem to allow what you require, but they are the endorsed file approach and if, by any chance, your requirements can be met by using them you'll save yourself from a world of pain and going against the flow... See http://www.html5rocks.com/en/tutorials/file/dndfiles/ for a good starter.
If I understand you correctly. You want to access a file on the local server.The following would work for you.
window.open("http://www.example.com");//opens a url
window.open("file://server/serverfolder/index.asp");// server side

Detect installed extensions in browsers?

Is it possible to detect via JS what extensions / add ons a user has installed on his browser? The use case was the a particular chrome extension, Autofill was setting some text values into hidden zip fields causing some validations to fail and I want to show a message to the user that this extension might create problems.
For Firefox: First snippet of code on: AddonManager.jsm - MDN
Components.utils.import("resource://gre/modules/AddonManager.jsm");
AddonManager.getAllAddons(function(aAddons) {
// Here aAddons is an array of Addon objects
});
// This code will execute before the code inside the callback
Must run this code in privelaged javascript, as in not a tab. You can try for specialPowers though I don't know how that works.
To run privelaged script from your site you will have to create a firefox addon and addEventListener's to your site, like a button to list the addons, you would attach a privelaged function to that.
With the addon you enable/disable addons, but users find that annoying because addons do some obtrsuvie stuff on install sometimes.
For Chrome extensions specifically, only certain extensions are detectable so this is not a very good method, but as far as I know, there are no longer any reliable methods to detect browser extensions.
For the extension that you want to detect, you would need its Extension Id and its Web accessible resource.
Some extensions have web accessible resources and some do not. If there is no web accessible resource, you will not be able to detect that extension.
To find the web accessible resource, you will need to look at the extensions chrome.manifestfile. It will tell you if there is web accessible content. For example, the chrome.manifest file might say:
content web-developer content/web-developer/ contentaccessible=yes
Generally, its not very effective to look for browser extensions since you have to know which extensions you want to detect ahead of time and many times they are undetectable.
Also, here's a good link that I used when I was trying to do the same thing here
NavigatorPlugins.mimeTypes
Take a peek at the MDN page
https://developer.mozilla.org/en-US/docs/Web/API/NavigatorPlugins.mimeTypes?redirectlocale=en-US&redirectslug=Web%2FAPI%2FNavigator.mimeTypes
Hope it helps
In JavaScript check to see if the zip field has been changed while it is hidden and show a warning to the user that an extension might be causing issues.
For Firefox you can do it with Mochitest/SpecialPowersAPI
https://developer.mozilla.org/en-US/docs/SpecialPowers

What is "chrome-extension://"

I found the some strange <script/> tags on a site:
<script src="chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/document_iterator.js"></script>
<script src="chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl/find_proxy.js"></script>
...
I haven't been able to find much information on this, but I highly doubt this is actually related to Google Chrome since this site in particular is still using <table>s for layout, and the source in question was retrieved with curl not a graphical web browser.
So,
What on earth is this?
What is chrome-extension://
Why is it using lifbcibllhkdhoafpjfnlhfpfgnpldfl as a directory name
Why is it pretending to be valid URL to a javascript file?
Why would I need find_proxy or document_iterator
Solved. As far as I know...
chrixian was right, It seems that only on this and a few select other pages, someone had re-saved them from Chrome's source-view with the Skype extension installed.
Thanks everyone for all your help, +1's for all! enjoy!
That is actually Skype Click to Call chrome extension.
Manage and view it using this link
chrome://extensions/?id=lifbcibllhkdhoafpjfnlhfpfgnpldfl
If you are using cURL to get the page, you're getting the HTML as it exists on the server--so I think a safe assumption would be: the author of the page initially saved the page from Chrome, he had an extension installed that inserted these script tages and lastly he didn't remove the script tags for one reason or another before putting the page on the server.
This is added by chrome as the page loads, to inject the extension's Javascript code into the page, so it can access the HTML document.
The Skype extension causes it by inserting all kinds of junk in webpages that you visit.
Do you have the Skype browser extension installed for Chrome?
Just disable the extension.
Chrome, like Firefox, provides developers with an easy API to extend the functionality of the web browser without needing to actually download and build the browser to do so.
They also provide a robust delivery system. In Google's case, it's the Google Chrome Web Store.
Extensions are installed locally on your computer, and use long strings as directory names to reduce the risk of collisions with another extension. In other words, if you and I both named our extensions "mycoolextension", then there would be a problem if a person tried to install your extension and my extension. The long string helps prevent collisions such as this.
The chrome-extension:// protocol is used by the browser to make requests to these local resources. Chrome extensions are developed using HTML5, JavaScript, and CSS, along with an API exposed to allow the local JavaScript to perform actions it would not normally be able to do on the Internet.
When you see these in the Chrome developer tools, it's just the extension doing it's thing, whatever that may be.
If you're seeing these, then you likely installed some extensions from the Chrome Web Store. To view them, go to the Tools menu and select "Extensions". This will show you a list of all installed Chrome extensions and apps.
To learn more about extension development, see the Getting Started Tutorial.
Also, as someone else mentioned, you're using the Skype Call Extension. However, an app using that directory name doesn't appear in the first page of the search results. It might be worth doing some more research to make sure you got that extension from a legitimate source, whether that be Skype or the Chrome Web Store.
If you're seeing it in Chrome developer tools for every request you make, it means it has access to all your websites, which could be benign, like if they're just making phone numbers clickable, or it could be malicious, if it's scraping your bank account info and shipping it off to some third party server. :)
It's a Chrome extension, and chrome-extension:// is a URL for extensions to address their contents via Javascript.
lifbcibllhkdhoafpjfnlhfpfgnpldfl is the unique identifier for the extension. I can't find it with a search, but apparently it might be Skype.
It's not pretending... it is a valid URL. The Javascript file is located in the extension. If you were to look on your harddrive you'd probably find that very file in the extensions folder.
The functions its calling probably are some sort of detection used by the extension to see if it needs to enable itself.
See this for some additional information:
Checking if user has a certain extension installed

Opera: .js file won't load

I have a page that calls a script in the header, like so:
<script type="text/javascript" src="http://www.discoverfire.net/analytics/l/a.js"></script>
(Note you will NOT be able to load this script as it is DNSd locally as a staging domain)
Very Simple.
Firefox, IE, Chrome all have no problem with this basic, square-one feature.
Opera, however, refuses to load the script. Any variables or functions in it are "undefined" and in dragonfly, the script tag is shown in the DOM, but the "Script" tab says "No script files found."
I go to google and find random pages, their external .js files seem to work just fine.
Any idea why Opera hates me? Is there a security/javascript thing I am missing?
A few things that may be relevant, but really should make no difference:
The script is on a different domain than the page.
The script is only available on my local network. The domain is DNS'd locally for staging, from outside the network it points somewhere else. Does Opera have a setting to secretly use an external DNS server?
The script works on every other browser I have.
The problem isn't in the script content. I've reduced it to a single line with an alert and it simply won't work in Opera.
Update:
OK, the problem seems to be how Opera treats the domain.
I have moved the script to several other domains, and it DOES work just fine. I've moved it to several paths on the locally DNS'd domain, and it won't work from anywhere on that domain.
This leads me to believe that the problem is that Opera can't, or won't, load the script from this domain for some reason.
Strangely, there seems to be no problem loading pages and other resources from the domain, the problem lies in .js files only.
The domain is registered, but parked. We DNS'd it locally so we can use it for staging/testing, and that may be messing with Opera somehow with JS security.
I could be wrong though - I really have no idea. If anyone else has one, I'd love to hear it.
Update 2:
Regarding Dragonfly and the error console/developer tools, they don't say anything about the script at all. There are plenty of Undefined Variable errors for variables and functions that should be present from the script, but other than that, no errors. Oddly, the script tag does show up in the DOMM, but if I click on the Scripts tab, it says "No Scripts Found".
Update 3:
There is no blocked content, so we can at least rule out that setting.
You may want to see if its ad blocker is getting in the way. Your URL contains the text "analytics," which may be part of a "block this" pattern. I know some block Google analytics through Opera. An easy test for this may be to try moving your .js to a different path on the host.
Have you checked Opera's error console? Tools > Advanced > Error Console
It should provide information on why it won't load or if there another error of some kind.
Like Jacob suggested, you should check if it isn't blocked. To do this:
Right-click on your page
Select "Block Content..." in the context menu
At the top of the screen, click the "Details..." button
You should see the URL's that are blocked on the current page
You should ask in the Opera Forums. I had some problems with Opera in the past and they answered quickly.
Is the host serving the correct mime type of the JavaScript file. It's not a commonly known fact but the type=text/javascript attribute is actually ignored by browsers as it trusts that the server is specifying the correct type.
Additionally the mime type of text/javascript is actually wrong when it comes to JavaScript, the actual JavaScript mime type is application/ecmascript (if I recall correctly, it may be application/javascript though). If you don't believe me you should have a look here where I had more information and linked off to the Douglas Crockfords videos where he discussed the mime type.
I had something similar recently - opera would just not run a script on an external server... nor if I downloaded it and had it on localhost. It only ran when copy/pasted between script tags into the html page.
It turned out that the script was encoded with UTF-16 and that was somehow confusing the browser. When I converted it to UTF-8, everything ran fine.
So, just in case and if you still have that problem, check out the encoding settings...
I had the exact same issue, tying to load a script from a localhost/development server into a page, hosted on the public server at no avail. The only way I managed the script to load in Opera was to save a copy of the page into a location on the same development server and use the tag to refer to the original domain to get the page's .css and .js linked files. That worked. Looks like Opera doesn't like to mix public and localhost domains, but handles localhost without complaints.
what you're seeing is probably Opera's security precaution against the so-called "phish pharm" attacks: cross-network protection. You can not mix content from a public server and content from a local server.
Have a look at my answer here for a workaround:
Opera won't load some JavaScript files

Categories

Resources