Sandboxed JavasScript function - javascript

I'm creating an extension for Chrome (Just noraml HTML/JS). I would like to make an advanced scripting mode for users.
In a form I'll put this:
function generateString(){
//EDITABLE PART
return val;
}
if somebody for example put window.location="", nothing should happen, or if somebody put myVar=55; (previously defined in my code), it shouldn't do anything either. The only thing that I want to access is the return value.
Is this possible somehow? Googled for it and found something about putting it into a iframe, but they could still do window.location="javascript:dosomehaxing()", right?
Thanks a lot!

Since nobody posted an answer in the answer section, I'll post my findings here:
From the thread that serg commented with, the question "Is It Possible to Sandbox JavaScript Running In the Browser?", JSandbox seems to be the best, lightweight option to me. Its syntax is quite simple, too.

Related

VS Code - unified checking of javascript, html, and CSS code as a whole - prior to running on a browser?

Forgive me if this is a really stupid question, but I haven't found any answers yet - or maybe I don't know the correct thing to ask for.
Given the following files that are part of the same project:
MyProject.html
MyProject.css
MyProject.js
(and a MyProject.py that runs on the server to make things happen)
. . . where all three of these items are related and are actually part of a single project and they need to integrate together.
The "html" part of VS code makes sure the html is correct.
The "css" part of VS code makes sure the css is correct.
the JavaScript part of VS code makes sure the javascript is correct.
However, they may not be correct together as a unified whole - I may have changed something in the javascript that references something in the html that may not yet exist - because I forgot to write it, and I don't discover this until I launch things and watch the web-page go all pear-shaped in ways I've never heard of before.
Is there something that will take all these pieces and say "Hey! You changed the definition of this element here in the Javascript but not in the HTML (or the CSS or whatever)
In other words, not only do I want to know if the individual files are syntactically correct, but do they agree with each other?
If there is a "something" that does this, what is it called?
That tool will never exist and for good reasons, it'd slow the living hell out of your computer when programming and wouldn't fair well as a best practice. Though it's cool, it's cooler to write code effectively and not have a slow code editor. So to that suggestion is write your JavaScript and HTML together hand in hand; split view and you won't ever have an issue. CSS can come into play any time.
Your best option for knowing if code is correct, would be a linter but that won't help you with the issues you face if you're calling elements that don't exist or did you'll want to improve how you code these functions/events.
As requested submitted as an answer for the OP.

what does utag.DB mean?

I am stumped on figuring out what this means..
utag.DB
I am seeing it in a web page via the console. And I'm trying to figure out what it means. Any pointers are useful.
utag.db is a Tealium function for debugging. It is similar to console.log(which is non standard). It is enabled via a cookie that's set.
Caught you!!
You are curious about utag means you have implemented or trying to implement Tealium data layer in your portal.
Basically utag.db is used to debug tealium functionalities related to utag files. As rightly mentioned by #webanalyticsdood, it should be used instead of non standard console.log
That's fine but how do I and why should I use it?
Simple, set utag cookie to true in your developer console using following command
document.cookie="utagdb=true";
Let's try with following command,
utag.data
Whatever data you are passing on to tealium will be found inside utag.data. If you can't read your data based on conditional events, it won't be sent to Teamium, better go back and correct your code. Let's try another one.
utag.id
it will return id you've set for synching with tealium,
You can explore more similar stuff inside utag.js
PS: would suggest you to add tealium tag in your question.

JS alert for particular location href/pathnames

Hi :) I'm a bit new to Javascript and Jquery in general, so I apologize if the question may seem confusing and whatnot.
I'm running a roleplaying forum (on the Jcink forum host), and I wanted some parts of the forum (which are technically "Out-of-Bounds" locations for members' characters, i.e., dangerous places in-character-wise) to display alerts whenever members access that particular part of the site.
I have tried to use
if(location.pathname == "[pathname here]") {
alert("[message]");
}
in order to achieve this, although it does not seem to be working. Can anybody help me? :) Much thanks in advance!

Run a JavaScript function from a URL

I need to link to a page that uses javascript to create the appearance of different pages. Each of the links on the page I am pointing to calls a javascript function that produces the "new" page. So, if I just link to the page, I get the default configuration. But what I need to link to is a particular configuration after the js function has run.
At first I thought I would be able to append the function to the url, but apparently that functionality is not supported for security reasons (is this correct?). Is it possible to post the values?
Does anyone know how I can display the correct configuration?
In the general case, no, it's not possible, which is why these sort of JavaScript-only pages are an inaccessible, unusable total pain in the neck and people should stop creating them, the idiots.
If you are lucky and the site you're talking about has actually Done It Properly, then they'll have used #fragment navigation, so when you click a link it does a history-able and bookmark-able navigation, updating the URL to one with a #something at the end that you can use to navigate back there. If you're really lucky, there might even be a fallback URL for non-JavaScript browsers that you could link to. But more often all there is is a JS function, which you can't link to or invoke outside of that site, leaving you quite out of luck should you want to deep-link anything.
(Did we learn nothing from the <frame> fiasco, guys? All you trendy webmasters hacking up clever-clever swooshy jQuery-animated load()-powered multiple-pages-in-one sites are churning out rubbish that is no better than the frame-addled worst of the Netscape 3 era. Stop it. Seriously.)
Okay, I was given the solution by a friend. It seems I should answer my own question. In fact, I felt a little silly once I saw how simple the solutions was. I just forgot how to plant "posts" in a URL. It seems the question itself was erroneous.
All I really needed to do was set some Javascript variables in a page I don't own. Solution looks something like this.
http://www.apage.com/control.aspx?var1=someVal&var2=someVal...&varn=someVal
Thanks to those who responded.
The owner of the page could do you a favour and provide a mechanism to run functions depending on a value in the querystring.
Otherwise there may be something that can be done with ajax but it could be messy.

IE Operation Aborted - None of the regular fixes work

First of all, I've been researching this "Operation Aborted" error / bug for what seems like weeks, so here are a couple related questions and good articles if you are not familiar with it:
Why does ASP.NET cause the “Operation Aborted” Error in IE7? (so question)
Detecting cause of IE’s Operation Aborted Issue (so question)
Official Microsoft Knowledge base
Official IE Blog
Now here's my problem:
First I tried moving all my <script> elements to the end of my body tag. Didn't work. Then I refactored all my js functions to an external file that is linked in the <head>, all of my js functions are called from onclick or onkeypress anyway. Still getting the error. The last line of one of my .js files is
document.onload = setTimeout("foo()",500);
so I moved that to <body onload="setTimeout('foo()',500);">. I'm still getting this error. I don't know what to do. The only place I'm editing DOM elements is in foo(). Please help!
About my setup:
Java, Hibernate, Struts, JSPs ... I think that's all that is relevant.
What am I missing here?
Thanks in advance.
There are several causes for this. Two of the most common are:
1) scripts attempting to modify the DOM before the document has completely loaded
2) Trailing commas in object or array declarations
Number two is usually relatively easy to find, while number one is much tougher. Generally the best way to track down IE Javascript problems is to install Microsoft Script Debugger, so at least you can see what lines are causing the problem. With Script Debugger, IE will halt execution inside the browser and kick the script to a Script Debugger console, which will show the problem line. Much more informative than regular IE error messages.
Please see my answer to this question in another thread. I love this little trick and it has never failed me (when the cause is DOM manipulation before IE is ready, I mean). And as written, it doesn't affect the DOM-compliant browsers.
That problem can be a bear on a large page. Beyond the advice in the articles you already have, the only thing I can suggest from here is to remove wide swaths of the page in a dev environment until the problem goes away. Keep refining what is/is not on the page until you know which piece of content is causing the problem.
I've actually seen a confluence between two unrelated page elements cause this problem. I don't remember excisely why but the above approach, although painstaking, still worked.

Categories

Resources