i want to create an addon for firefox, that should check every JavaScript on a loading page. And if there is a Code, which is not allowed it should be blocked or modiefied (it is a part of XSS Protection).
But i don't know, how to implement this.
I tried to create an http-on-modify-request observer and so i have an access to the scripts. But how can i modify them before Firefox execute it?
My second trial was to create an addon like the Flashblock addon.
So i made a CSS-file and bind the script tags to a xml-file.
In the xml file i create a placeholder and replace the javascript.
When i start a page and look into DOM-Inspector it works fine... there are div-tags instead of javascript tags.
The Problem is, that Firefox still executed the original javascripts and so my trial failed.
Have anybody some tips for me?
ps: sry, for my english, but english is not my native language
I think you're looking for nsITraceableChannel:
http://www.softwareishard.com/blog/firebug/nsitraceablechannel-intercept-http-traffic/
Related
I'd like to connect to an existing instance of Google Chrome and run some JavaScript to find a specific tab and execute some code in it.
I remember reading something about how to do this a long time ago. Can anybody offer any guidance?
Edit: I've done this before using Firefox, and I just remembered I used the MozRepl extension there.
After remembering more about how I did this in the past with Firefox, it looks like the ChromeRepl extension may be the way to go here.
Well, I was scraping data from one of the website (purely in legal limits).
The situation is that the site has 5 questions on a page and answers to them.But the source code that I see by pressing Ctrl+u is different from the code that I see by Inspect element or firebug in Firefox.That means the site is changing the answers on page load to fool the people around as scrapers would normally grab the unmodified code.The correct answers are on the onLoad modified page.
What I want is to capture the source code that I see in Firebug or Inspect element (the modified code) instead of the code that I see on pressing Ctrl+U.
I used one of the scraping API but it is capturing that original Ctrl+U code.
Is there any solution?
In chrome, select root element (<html>) and right click -> Copy as HTML, paste wherever
[EDIT]
I suspect you are trying to scrape the data automatically, this obviously won't work, not sure how to do this otherwise. There are some headless web browsers that support JS (phantom js for example), they might do the trick. Also check out this super user post
I'ld suggest you to do a log of the html of your page before the onload happens. Which can be done using jquery.
Or plain classic debugging using "debugger" which will stop the exec of your webpage once the line where you put it is interpreted by the browser.
As a HTML5 game dev, I usually do advanced logging through the console, to know what does what and what's executed when. Although it may take some time, it allows you to have a good comprehension of what you've written and to ensure optimization (mostly in number of execs of some stuff) and to catch bugs that might not be obvious.
For my project I need to show a html file which uses JavaScript to render LaTeX code. This works fine, but everytime I open this file in the browser for the first time, the yellow band pops up that active code won't be executed until the user accepts so. This is annoying in this case, although I understand the purpose, however I want to mark my code as trusted! Do you have any idea how to "hack" the control to achieve the behavior I want? Or any other suggestions?
The solution ist really stupid as the security policy is badly implemented by Microsoft. Just add the comment<!-- saved from url=(0014)about:internet -->\r\n before everything else and the IE will recognize your local file as accessed from the internet and will then execute JavaScript code as wanted. But this is a better solution than hacking the registry...
I have a custom piece of Javascript which I would like to run on every web page from specific domains, or perhaps simply on every web page.
(If you are wondering: it is not malicious. It allows to display formulas by using MathJax.)
Is that possible? I tried including it in userContent.css, that of course did not work.
A simple Greasemonkey script I tried did not insert it. Is it because of the security precautions? (Which would be very logical).
Still, there should be a way to do it on the machine I physically control, by changing something in Mozilla chrome directory, shouldn't it?
Anyway, how can I do this for myself?
Welcome to stackoverflow!
Greasemonkey should do what you want. If it's not working either it's not being applied to the correct domains, or the code contains some sort of bug! (I personally use grease monkey on stack overflow to make some changes to the answer area).
Try placing some alerts() within your code to ensure that your grease monkey script is executing as intended.
If this is your first GreaseMonkey script, I suggest running through the links "For Script Authors" on The GreaseMonkey Wiki.
I am attempting to load an activex object on the same page where my flex application resides. Is this possible? Can I have 2 object tags on one page?
As of right now the flex application loads fine but when I attempt to access the activeX control it says its null. But if I have the same activex control on its own webpage it works perfectly fine.
Any Ideas?
Thanks in advance.
Whoops, I found the error. It was a simple error in my javascript code. Turns out it works fine adding another Object tag and loading another activex control. Chalk this up as a learning experience.
Why don't you post your mistake, that way we'll all benefit from what you learned - maybe your mistake was common.
Kudos for answering your own question though. May want to change the title so it says resolved.
One of the issues was that my browser was caching the page, I realized that once I made a change to the name of the ActiveX object and the error thrown was still referencing the old name of the ActiveX object. The other error was I had a Var with the same name of the ActiveX object inside the javascript code, that seemed to be causing it to fail, although I am not entirely sure why. Once I removed that variable the script worked fine. I had run into that same problem the day before just didn't notice it the second time around, because I have been working on this integration for a few days straight now.