Using javascript to open a shell - javascript

Is there a reliable crossbrowser way to open up a shell using javascript (e.g. explorer.exe)?

This is not possible as it would be a (gaping) security risk.

No, that is not possible for security reasons. Accessing client machine is the problme here !

If you have access to the client machine, and the client machines are all Windows XP or later, there actually is a way by defining a custom protocol as described in this SO question (Mozillazone article here).
That way, you can create links like my_custom_protocol://helloworld.txt that cause an explorer window to be opened in Windows.
This potentially opens a (however remote) security hole, as connecting a custom protocol to explorer.exe could be used to send arbitrary parameters to that executable. Make sure you are aware of the security implications; depending on your situation, it might work for you, though.

Related

Headless browser integrated into frontend of website?

So I don't have any practical experience with headless browsers just yet.
Is it generally possible to have a headless browser run within the frontend javascript of a website?
If so, wouldn't that be a way to bypass cross origin policy? I mean at that point it's no security issue anyway, as it would be a freshly created browser, right?
Thank you!
While you can port parts of a browser to JavaScript, e.g. using emscripten, you are still restricted to the APIs offered by the browser itself. There are no APIs to open raw TCP connections, so you will not be able to bypass the same-origin policy.

How to open an EXE file from a Client Machine through a Web Application using Chrome

How to open an EXE file from a Client Machine through a Web Application using Chrome?
I am able to open the EXE through Internet Explorer since I am using ActiveX Objects to open the Exe file through client side scripting. But since chrome does not support ActiveX I am unable to open the EXE from chrome. Can somebody provide an alternate way to open the exe from chrome?
I know it works if IETab addon is added to the browser for supporting ActiveX. But the client policy will not accept adding add-ons.
I am trying for a solution as such in WebEx websites where a temporary application is run once and each time it is accessed it opens in the temporary app without each time installing it.
Thanks in Advance..
Short and simple answer, NO! it's not possible just by using plain HTML5/JavaScript API, and thank god it's not possible or else the consequences would be devastating! Imagine any random website executing a file on your computer! That would be the worst security nightmare!
But, there are workarounds!
1. You can, for example, use Flash (but you shouldn't) or Silverlight but as mentioned the OP doesn't want any plugin-based solution so I guess they are not as useful.
2. Another solution would be to deploy a Desktop agent, if possible, and then communicate with it using a local Rest API and handle all the native access in that Desktop agent.
Still, the most preferred way would be to just ask your user to scan (or whatever) the document and upload it to your site.
More references can be found here

Open a link in another browser: Javascript

Is it possible to open a link in another browser using Javascript?
I basically want to open Firefox from Google Chrome. I'm (attempting to) write an extension for chrome, but I can't find anything pointing to be able to do this.
I think I could use NPAPI plugins for Chrome, but they are being deprecated and are very insecure, so are there any alternate options?
You did not provide enough info so I can't asses the utility of what I'm about to offer, but here's an option:
Basically, use URL schemes to launch your application of choice from the browser. Start reading this SO question - How do I register a custom URL protocol in Windows?. You'll need to register some prefix - like "firefox://" for it to work. Should also be possible on other platforms.
Of course, this assumes that your user has firefox installed and that you can register on their machine. If this application is meant for a the general public, you'll need to perform those by some other means (installer?)
Yet another way to go is (as mentioned above) to run some native code via the extension. Not a simple choice: once again you need to somehow install the native code on the host machine (and you cannot do that via Chrome extensions, for security reasons).
You can use Native Messaging, paired with a native program which will launch the browser. I would write the native application in something like Python.

Is it possible to check if an extension is installed on the browser (JS)?

I am trying to check what extensions are installed on the client side (extensions like Adblock, User Agent Switcher). Tried navigator.plugins but that does not display all extensions. Is it possible to see what extensions are installed (maybe with Javascript) ?
Thankfully, you can't.
Unless an addon/plugin/extension specifically auths himself (usually via the User-Agent header), this is informatino the browser will not give you.
Flosi is correct, however some of these plugins change specific behaviors. Ad-block for instance blocks some images from known ads sites and google analytics for the most part so you might trying to test for these different behaviors.

Is accessing USB from a web application for cross browser cross OS possible at all?

I am wondering if there is a way we can achieve this. I heard different things about Silverlight 4, JavaScript or ActiveX control, but I have not seen any demo of code for any of them.
Is there a web component that is available or how can I write one?
We really like to capture a client's USB drive via the Web and read/write data on it. This has to work for any operating system in any web browser.
What about WPF in browser mode? I read that I can host my WPF applications inside browser and sort of like smart client.
Here is a great example of doing this via Silverlight 4, but the author mentions about possibility of accessing USB on Mac via:
Enable executing AppleScript scripts.
This option will let us have the same amount of control on a Mac machine as we do on a Windows machine.
Add an overload to ComAutomationFactory.CreateObject() that calls the “Tell Application” command under the scenes and gets a AppleScript object.
This option would work extremely well for Microsoft Office automation. For any other operating system feature, you’ll have to code the OS access twice.
I did not quite understand it. Has any tried this?
Web browsers are deliberately isolated from the filesystem for security reasons. Only Java (not "Java Script"), Flash or browser plug-ins can accomplish this.
JavaScript cannot directly access your local disk (including a flash drive) for security reasons (would you really want any web site you look at to access, change, or even delete your files?), and ActiveX controls are IE-specific, so you should probably use a Java applet (not JavaScript). While Java's security policy normally does not allow access to local disks, signed applets can with the user's permission.
If you're willing to introduce a dependency on Flash (10), you can use the FileReference class to get access to one file at a time, first for reading using the browse method, then for writing using the save method.
Note that for security reasons, each call to these methods must be triggered as a result of user input (e.g. clicking a button), and each time they are called an OS-specific File Open/Save As dialog box is displayed.
There's a video tutorial which gives some sample code for editing a text file (load + save) directly in Flash, without needing any server-side help. It should be enough to get you started in the right direction.
What about WPF in browser mode...I read that I can host my wpf apps inside browser and sort of like smart client.

Categories

Resources