I have a client that hosts a touch screen kiosk in their lobby. It's essentially an internal html website. They want customers to be able to click a link and have a pdf print without seeing a print dialog or having to back track... completely unnoticeable printing.
I have read articles and tried snippets of code for almost a year without finding a reputable solution. There are those out there that rightly warn of security breaches or that it cannot be done at all.
The client's old touch screen structure was made entirely in Flash which I am avoiding. BUT, they were able to pull this off. I am sure this question has been asked a thousand times, but is it really impossible?
The current CPU running the touch screen is Windows XP. They do have an IT guy that works close, but I am not sure what to ask. He never offered any other solutions.
Thank you
Not 100% sure what you're trying to accomplish but maybe you could trigger a server-side program to run instead of relying on the kiosk itself to handle the printing. You could configure the server to send these PDF requests straight to the printer.
Maybe you can bake a custom browser for them (using webkit for example) that prints without asking.
Chrome running in kisok mode, started with the --kiosk AND --kiosk-printing switches and with a default printer set, can print silently using javascript print().
This is Windows only AFAIK.
Related
Is there any way to consistently detect PhantomJS/CasperJS? I've been dealing with a spat of malicious spambots built with it and have been able to mostly block them based on certain behaviours, but I'm curious if there's a rock-solid way to know if CasperJS is in use, as dealing with constant adaptations gets slightly annoying.
I don't believe in using Captchas. They are a negative user experience and ReCaptcha has never worked to block spam on my MediaWiki installations. As our site has no user registrations (anonymous discussion board), we'd need to have a Captcha entry for every post. We get several thousand legitimate posts a day and a Captcha would see that number divebomb.
I very much share your take on CAPTCHA. I'll list what I have been able to detect so far, for my own detection script, with similar goals. It's only partial, as they are many more headless browsers.
Fairly safe to use exposed window properties to detect/assume those particular headless browser:
window._phantom (or window.callPhantom) //phantomjs
window.__phantomas //PhantomJS-based web perf metrics + monitoring tool
window.Buffer //nodejs
window.emit //couchjs
window.spawn //rhino
The above is gathered from jslint doc and testing with phantom js.
Browser automation drivers (used by BrowserStack or other web capture services for snapshot):
window.webdriver //selenium
window.domAutomation (or window.domAutomationController) //chromium based automation driver
The properties are not always exposed and I am looking into other more robust ways to detect such bots, which I'll probably release as full blown script when done. But that mainly answers your question.
Here is another fairly sound method to detect JS capable headless browsers more broadly:
if (window.outerWidth === 0 && window.outerHeight === 0){ //headless browser }
This should work well because the properties are 0 by default even if a virtual viewport size is set by headless browsers, and by default it can't report a size of a browser window that doesn't exist. In particular, Phantom JS doesn't support outerWith or outerHeight.
ADDENDUM: There is however a Chrome/Blink bug with outer/innerDimensions. Chromium does not report those dimensions when a page loads in a hidden tab, such as when restored from previous session. Safari doesn't seem to have that issue..
Update: Turns out iOS Safari 8+ has a bug with outerWidth & outerHeight at 0, and a Sailfish webview can too. So while it's a signal, it can't be used alone without being mindful of these bugs. Hence, warning: Please don't use this raw snippet unless you really know what you are doing.
PS: If you know of other headless browser properties not listed here, please share in comments.
There is no rock-solid way: PhantomJS, and Selenium, are just software being used to control browser software, instead of a user controlling it.
With PhantomJS 1.x, in particular, I believe there is some JavaScript you can use to crash the browser that exploits a bug in the version of WebKit being used (it is equivalent to Chrome 13, so very few genuine users should be affected). (I remember this being mentioned on the Phantom mailing list a few months back, but I don't know if the exact JS to use was described.) More generally you could use a combination of user-agent matching up with feature detection. E.g. if a browser claims to be "Chrome 23" but does not have a feature that Chrome 23 has (and that Chrome 13 did not have), then get suspicious.
As a user, I hate CAPTCHAs too. But they are quite effective in that they increase the cost for the spammer: he has to write more software or hire humans to read them. (That is why I think easy CAPTCHAs are good enough: the ones that annoy users are those where you have no idea what it says and have to keep pressing reload to get something you recognize.)
One approach (which I believe Google uses) is to show the CAPTCHA conditionally. E.g. users who are logged-in never get shown it. Users who have already done one post this session are not shown it again. Users from IP addresses in a whitelist (which could be built from previous legitimate posts) are not shown them. Or conversely just show them to users from a blacklist of IP ranges.
I know none of those approaches are perfect, sorry.
You could detect phantom on the client-side by checking window.callPhantom property. The minimal script is on the client side is:
var isPhantom = !!window.callPhantom;
Here is a gist with proof of concept that this works.
A spammer could try to delete this property with page.evaluate and then it depends on who is faster. After you tried the detection you do a reload with the post form and a CAPTCHA or not depending on your detection result.
The problem is that you incur a redirect that might annoy your users. This will be necessary with every detection technique on the client. Which can be subverted and changed with onResourceRequested.
Generally, I don't think that this is possible, because you can only detect on the client and send the result to the server. Adding the CAPTCHA combined with the detection step with only one page load does not really add anything as it could be removed just as easily with phantomjs/casperjs. Defense based on user agent also doesn't make sense since it can be easily changed in phantomjs/casperjs.
I have latests CefGlue version (3.2272.2035)
I need to save current page as PDF. I'd like to interact with my CEF somehow (JS/C#) and make it create PDF for me.
I've tried to use javascript.window.print() for that purpose with no success, because, all i've got is such window.
I've found OnPrintJob method in CefPrintHandler but I don't know what is the right way to call it + comments say: "Implement this interface to handle printing on Linux"
and I need to handle printing to pdf on Windows environments (both x64/x86)
Any code example would be appreciated. Thanks in advance for any help.
You'd need to merge this patch and recompile cef from source; Besides, you might have to add some glue logic to CefGlue. I tested the patch myself (on C++ API) and it worked fine.
EDITED: the patch will be merged in trunk.
If you only need to print some pages (specially if these pages are under your control), you will do just fine. However if you need (as I did at the time) to print almost anything, you'll probably face the fact that some web pages don't render anything useful to the print view. Also, even those well-behaved diverge significantly from what you see on the screen - and that's not a CEF behavior, as even google chrome showed the same issues. In my application this was a no-go so I dropped printing and started capturing the screen (and implemented saving that to a pdf using a pdf library in C++), but perhaps your application isn't as demanding as mine was. Cheers!
Nowadays it appears that many webpages want to use my cpu/harddrive/bandwidth in order to show me their ads/pages/information in beautiful but expensive ways.
Often I like these new pages, but sometimes I'm a curmudgeon and am just annoyed that my fan starts spinning and the EMF loads rise when I open the pages.
Is there a browser/plugin that I can use to throttle, best case, and/or monitor, worst case? I am not very knowledgeable of the Reactive JS, etc techniques, so I am hoping there is an easy solution?
thank you!
Anne
ps Normally I use Firefox but of course I have Chrome on my machines (win8, win7, mac 10.8) as well.
You need a client side javascript manipulator.. they are known as User Scripts... For firefox, you want something like grease monkey.... its worth a google... This is not the simplest method, but most effective.
Otherwise you will just want a ad-remover addon for firefox.
Example For Chrome: https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en
They simply search for common code that are used to display adverts (like adsense) and will remove the code from the webpage anytime you view/load a page.
The GreaseMonkey/UserScripts path would be more if you want to customize how your browser interacts with web sites.. For example, you could say for every image on a webpage to be hidden/removed and so on..
As for monitoring, throttling.. Well, you can monitor.. but to throttle.. well that would require a application/proxy that goes between your browser and net connection.
There was one i used years ago that would allow me to simulate a 56k modem speed while developing web pages.
Monitors: https://addons.mozilla.org/en-us/firefox/collections/smayer97/for-managing-bandwidth-usage/
Throttle/Limiter: http://www.netlimiter.com/
OP, in Firefox 68+ (and probably earlier as long as it's Quantum) you can open Tools, Web Developer, Network, or CTRL-SH-E and see how long each element on a page takes to load. It actually has a lot of info. From there you can tell which ad servers are overloaded and take a while to load. Ad servers often slow down a page load because they are busy, but so do larger animated images shown as ads, or ad videos.
I know this isn't exactly a throttle, but it will help you find out more details of what is going on in a specific web page. FWIW, I simply block all ads on most pages and that helps increase load time and reduce bandwidth usage from Firefox.
I am currently creating a web application that will be deployed in an intranet environment. I chose firefox to be the browser that will run it.
However, in the application I am building, I need to be able to print to different printers quickly since they use different paper size depending on what client is coming. To avoid many time-wasting mistakes that could occur, for instance someone choosing the wrong printer and wasting paper. Also, the time used to find the right printer for the job and then pressing print is considered too long in the current context.
Is there any solution to this problem? I understand the potential security flaw behind this, but please be aware that this is solely an intranet project and that I can reduce the browser's security to the lowest since they don't access internet.
I know there could be something doable behind IE (ActiveX or VBScript) but I am using firefox. Also, I guess there could also be something rather tricky that when you press print on the browser, it saves what needs to be printed to a DB and then there is an exe app that runs and fetch that DB every set ammount of time and print to the right printer.
Any suggestion would be greatly appreciated. I doubt I am the only one to ever face this issue! :)
Thank you very much.
You need to write a Firefox extension or plugin and distribute it throughout your enterprise.
There's an alternative approach, that might even be faster, besides requiring even less setup and development.
If you are in an intranet, why not print from the server instead of the browser?
You'd have the following advantages:
Zero setup on the client side (except perhaps choosing a "printer set" according to the location)
Zero dependency on the browser setup, version, page configuration, etc
More flexibility (depending on the libraries you use to print, you can do things that a browser does not allow)
Of course the downside might be additional development on the server side, but that's probably easier.
I am working on a site that has some jquery based animation, and I was wondering if there is any way to detect if the site is running in browser that is being run in a terminal services (remote desktop) session so I can disable the animation?
I run through remote desktop quite often from remote locations and animations always annoy me, but I really like them when I'm not running through remote desktop. Is there any way to ease the pain without getting rid of animations all together?
I guess I could allow the user to turn them off, and have it store a cookie... but is there any way to do it automatically?
This is almost certainly impossible with JavaScript (way, way above the level JavaScript operates at). It may be possible via something like Flash or ActiveX.
Edit: You will likely need something along the lines of what nVidia is using here: http://www.nvidia.com/Download/Scan.aspx?lang=en-us
Looks like a Java applet.
If the site animation is annoying to you, you may want to take it off completely as it may be annoying to site users?
I would suggest not building in extra code to stop the site from displaying as it should, in some cases users of the site may be running terminal services themselves (creating a point of failure)
If the animation is some kind of intro you could have a "skip" feature that switches it off an use a cookie as you mention.