Disable Clipboard & Print Screen on webpage - javascript

i search online but can't get satisfactory result
i want to protect images on my website, i know i can disable save as, right click.
the real question is can we Disable Clipboard & Print Screen with JQUERY or java script.
so no image copy from print screen.
thanks

Not from a webpage.

Even if you were able to disable these from within a browser, it will only stop a casual user. If you make a resource available on a public server (as you must in order to let a casual user view it), there really is no way to stop someone from retrieving that resource. After all, you actually want the user to retrieve the resource.

No. I am pretty sure you can't do that. Print screen is a part of the OS, not the browser. I would hope that web sites weren't able to mess with my OS like that.
You can certainly throw roadblocks in front of people trying to download an image, but short of watermarking, there isn't a great way to prevent people from getting your image (that I know of) if you make it available online.

No you can´t. And you can´t disable right click in a bullet proof way either.
The only way to protect your images is by watermark them.

Print Screen is a function of the operating system, and as such, cannot be disable by a webpage.
Actually, you can't disable anything. I know you technically can, but most browsers have an option to not allow disabling of those things. And really, worst case scenario, anyone can view the source of your site and copy the image's url.
In short, don't worry about it so much. Some people will copy your images, but this is nothing new on the internet, so you'll just have to learn to live with it. The only thing that any of your work will do is annoy some people, and make other people have to try a little bit. So, it's really best to not do anything. Place a copyright notice on your site and most people won't try to blatantly steal from you.

The only way to do what you're requesting is to incorporate OS-embedded DRM into your content (think HDCP). This can prevent even screenshots from being done but will severely limit your audience and is an absolutely horrible idea - don't do it!
If you really want to protect your images, the best way to do it is with watermarks and providing very low-quality images on your website and the high-quality stuff in some other way. The watermarks aren't a perfect solution but many consider them good enough.

Well there is no direct way to do that, but I used javascript to hide the content whenever the user hovers outside the website. This forces the user to actually activate your page to be able to see its content. This will activate the javascript that prevents prnt scrn too.

Related

Webpage input element, not URL / Open Site Dialog

I am working on an application that asks individuals to paste links to their social media and other relevant sites as part of the setup process. These later get turned into links on a compiled HTML page.
We are seeing a user issue that is arduous to deal with. When setting up the account on mobile, individuals do not understand that they need the website link to these various places, they try and open the target sites app instead (Facebook as an example), or they stare blankly unsure of what to put in the box or how to proceed.
I'm looking for a solution to this conundrum to help people achieve their ultimate end goal of putting the link on the resultant page.
I tried an iframe approach, whereby the thought was to load the target site, allow the user to navigate to the desired page, and hit a done button. Obviously this approach ran into several road blocks due to security restrictions and frame busting implemented by the various sites.
What would be great would be something like the file input, but for websites instead. We have the "URL" input; however, that only checks the URL for validity, I'm more interested in an approach that would open something akin to the file dialog, that would allow a user to navigate to a site and hit "done"
I've not been able to find anything that comes close. I'm seeing if someone knows something I do not, or has an idea I haven't yet tried. Ultimately, I'm trying to make it easy for an average consumer to choose the target for a link. (I'm fully aware how easy it is to open a browser tab and copy the link, I am truly supporting consumers who find that somewhat difficult / confusing)
Thank you for your time and consideration

hide source of HTML page using javascript

I saw How to hide html source & disable right click and text copy? . One of the answers say use ctrl+u to view the source. But, using shortcut.js I can override ctrl+u as well. How do I view source in that case.
There is no way to prevent this. Someone could easily download the page using a non-browser tool like curl or wget, or log all HTTP traffic with Wireshark.
Use this. http://www.fiddler2.com/
Depends on the browser, but you can go to View -> Page Source in most to view the source. You cannot override that, however.
Furthermore, it's considered bad practice, and someone could also just as easily override the functionality through a tool like Firebug.
You can't stop people. It will be passed over the network, and sniffable through Fiddler, or someone can use a text based browser, or disable Javascript entirely, or look through their cache folder for the files they downloaded from your site.
You cannot stop people from seeing your source.
Well it's not possible to prevent users from seeing your script. But what you can do is to make it mire harder that user quits trying after few common methods.
I recommend you to load an initial page. Then load the whole page by using ajax. You can show a friendly loading gif too. This technique has following adanages,
browsers don't show generated HTML. Developers knw how to see this. But Normal user will not find it easily
if any user just press Ctrl+u it'll show the initial page.
wget, curl tool will not work at the first time.
additionally you can obfuscate the main page (which you are going to load by Ajax).
It's nearly impossible to stop people fetching the HTML from your website. I don't see any reason you'd want to hide it in the first place anyway. Hiding something?
Want to view the source no matter what javascript is being used to hide it? cURL the page.
Even if you disable right-click, you can still do a snapshot by pressing the prt scrn key on your keyboard then pasting it into an image editor.
You can't disable it. There are ways to encrypt it, but way more trouble than it's worth.
It's impossible to hide the source, HTML and Javascript are interpreted languages, that mean the browser will "compile" the code on the clients machine.

mini javascript browser

I was wondering if there was anyway I could make another browser within my webpage. Basically I want this browser to be an interactive area on my webpage (about half the page).
The main page should be able to detect where every click was made within the mini browser.
Is there some apis that would help me out? Or would my best bet be to stream a remote desktop?
Programming your own browser engine in Javascript will take you years, and it will inevitably be slow, cumbersome, and prone to errors. Furthermore, your Javascript cannot really have direct access to other website's HTML code, it will have to go through your own server anyway.
You can use an
<iframe>
tag. To detect clicks and mouseovers, you could transform the HTML on your server first, potentially adding "onclick" events. This would let you have XSS access too, and cookie control.
You can embed another page within yours using an <iframe>. Once you do, however, you can't control much of what happens within it, or detect where clicks are made, unless the page within the iframe is from the same domain, for security reasons.
You could try the <iframe> tag.
No, it really can't work that way. My suggestion would be to embed an iframe and then control it using JavaScript. However, you won't be able to control it very well (like, for example, limiting where the user can browse with it).

Good JS lib to take screenshot of the screen

I want my users to be able to take a screenshot of the webpage (or me defining the size of the screenshot) and then allowing them to save it to their computer.
Does anyone know of a good JS lib that allows you to do this?
I know there are addons for the browser, but i wanted something pure JS so that the user can just click in a button and a "save as" link apears with a screenshot of what they are looking at.
Thanks for the help.
/fmsf
Browsers don't expose APIs that allow this to web pages, so there is no way to achieve this using plain JavaScript running in a page.
The only way to achieve this would be to have screen grabs prepared on the server, and a normal download link pointing to the appropriate one.
This can't be done in JavaScript. Taking screen shots outside the current document/domain is a potential security problem and is not possible. See my question about getting the pixel colour from the current mouse position for more background.
If you need to transmit the screen shots onto your server, look into external applications that interact with your web site. Open-source bug tracker Mantis for example has a screenshot application for Windows.
If the screenshot and the saving of the file are both to take place on the client computer, check out Fireshot for Firefox. It doesn't seem to offer any interaction capabilities with a pre-defined web site but may be the right tool for your users.
HTML2Canvas (http://html2canvas.hertzen.com/) recreates the rendered HTML into a canvas. And you can save the canvas as an image. That could do the trick, although it's not 100% accurate (and for good reasons - that would open security holes in browsers if that was possible, see https://stackoverflow.com/a/1936084/1333479).

Gracefully closing a frame (toolbar) around an iframe

I've created a tool that is used with a fairly popular music retailer.
The tool provides an enhanced search feature (transparent last.fm results, no ads, no lameness, nothing creepy) and I've found the most useful and unobtrusive way to display the search is as a toolbar using the much maligned iframe. This allows users to load search without stealing the users focus.
Not being a particularly big fan of iframes I thought it would be trivial to add a “close this frame” (ala Google image search) link allowing users to quickly and easily regain control of their browser.
However unlike google, I doen't know what the location of the content in the iframe is (only where it started, via src).
So now I find myself in world of XSS and all the security related concerns.
Using Javascript I've added 'back' and 'forward' buttons with the history object called from links in the parent (when a user does a search the results load into the iframe, so the back button allows them to go back to the primary site after their done using/perusing the search results).
Is there any way to call the current location within the iframe and reload the page (now sans frames) to that location?
I've checked PHP $GLOBAL/$_SERVER variables to see I might get lucky. I understand that there are security concerns, but I don't see how this particular function would be any different then history.back() where the browser makes the call itself without 'notifying' my parent frame.
I know I can retrieve the src location from the iframe itself, but of course that presumes the user doesn't navigate beyond this page, and if they do they don't mind losing their current location and being redirected back to page called initially by the frame (...ah...).
It almost seems like frames are designed to steal windows with no means for gracefully 'breaking out' and preserving integrity of the users session.
No wonder people hate them. :)
On Google image search when you remove the frame it functions as you currently propose, by returning to the original frame source. For XSS reasons, finding the current location shouldn't be possible, and if it was it would be considered a bug and fixed in subsequent browser patches, so it might not be best to rely on such a quirk if one existed. A way to elegantly break out without revealing location would be nice, though. This might be something you can propose to the HTML5 group.
Not that it would really be all too helpful, but the closest you can come is detecting if someone actually left the original frame source page. When you navigate a frame the history object maintains entries, and if your original history length when the page loads is greater than the history length when someone clicks "Break out of this frame...", then you know they were browsing in the frame.
I appreciate both you (hal10001) and Zach taking the time to answer. It appears I'm suck (as I suspected) because of the xss security concerns.
I suppose I could simply wrap all the content within a php based proxy, but that would clearly entering the creepy zone, not to mention the added latency and what-not.
I'll keep spinning the idea incase I do come across something sane and usable, but until then I guess I'll just use the slightly less freindly approach of promoting the original frame and wiping out their current location (and if they don't like I can revisit the iframe/toolbar situation.
Thanks again!

Categories

Resources