How do you disable the Ctrl+N/File->New options from browser windows, specifically for IE.
How much control do you have over the clients?
If you're just serving a page publicly on the WWW, then there's no way.
If you're running a kiosk or a classroom of computers or something, then you could probably hack something together to watch for instances of IE, and disable the menus and trap the Ctrl+N key combination.
Based on the comments, it sounds like you are trying to fix the symptom and not the problem itself. The approach you are hinting at is likely to be of limited use (only works in certain browsers) anyway.
I suggest you post the details of your duplicate session problem and let us take a crack at that.
Related
I have a specific need which is giving me some hard time. The basic requirement is: We need to Uniquely Identify the Device(can be a PC, Mac, Tablet, Phone) via one ID, just like an IMEI... This is needed due to some Licensing restrictions of some applications.
The challenge: We are running a Angular and the browser makes it nearly impossible to uniquely identify the device. As we are on the Browser sandbox, I have no chance to get something like a Mac address or anything that would be a good start in defining a unique ID.
What we tried so far:
MediaDeviceInfo.deviceId: https://developer.mozilla.org/en-US/docs/Web/API/MediaDeviceInfo/deviceId
In one hand, on the first tests I made on my Chrome, it came empty and additionally it is not supported on Safari...
Valve´s FingerprintJS2: https://valve.github.io/fingerprintjs2/
At a first sight we think we hit the Jackpot as it properly generated the same ID, even if I called it from an Anonymous window! But, It still generates another ID for a different browser...
Basically It works by enumerating all browser capabilities(at least the ones accessible) and then by creating a hash of that... The Issue: If you have devices with exactly same configurations, they will have the same ID! I tried that on 2 iPhones that have the same config and were even bought on same day! :-)
Creating UID and saving on Localstorage: create a UID (How to generate UUID in angular 6) and store it on Local Storage. Some issues on our way:
If I open an Anonymous window, of course that the LocalStorage would be not there, meaning that I would get a new "UUID"
Besides that, we have some individual angular applications and they would need to share the local storage, which is not possible to do due to the SameOrigin security Limitation. We could overcome it using an iFrame and the PostMessage (https://levelup.gitconnected.com/share-localstorage-sessionstorage-between-different-domains-eb07581e9384). There are actuyll some NPM packages doing that as this one: https://github.com/ofirdagan/cross-domain-local-storage. Being honest, we do not like much the idea of create a "cross-domain-local-storage"...
I am aware that this problem has no easy solution, but I wanted to ask here if Someone faced a situation like this and how did they solve it. Of course if I would be able to run out of the browser sandbox having direct Access to device Information such as MAC address, IMEI or anything like that, it would be easy, but as mentioned, the browser sandbox is restrictive...
Ideas?
Thanks in advance!!!
Pedro
I'm going to refer you to an answer I wrote back in 2018 which is still pretty much the same now: how can I get a unique device ID in javascript?
The short answer is: you can't, really.
You won't be able to get anything that uniquely identifies a device across all browsers and incognito vs regular. As you've found, you can get close, but it isn't a sure thing.
The best you can do is combine a couple of techniques together (like the fingerprint + stored UID) and it'll probably get 99% of cases, but you won't be able to get them all for sure.
I need to do some changes in my HTML file based on whether it is opened in browser or Some Desktop Application.
Till now I've tried this in my script:
alert(navigator.appName);
alert(navigator.appCodeName);
alert(navigator.platform);
But the values are coming same whether the HTML file is opened in browser or some application Software.
How can i set a variable which toggle its value from 0 to 1 when opened in application Software and vice versa.
PS: Application Software like Matlab, MS Office , Britanica Encyclopedia etc.
Short answer, you can't.
Longer answer, to some extent. What you need to do is make a list of differences in each desktop apps implementation, based on known flaws, missing/existing properties, user agent flavours and so on (some of this called "browser spoofing"), to be able to sort them out. It will still be possible to trick this if one want to though.
Normally there is another way of dealing with the differences, the question is what is the different behaviour you want between the 2?
As a sample, and if you still need/insists to detect this, there is device detection libraries which can help as a start, like https://51degrees.com/device-detection
I still recommend to find another way to solve it.
UPDATE
As it is easy to create a desktop app and return the values needed for your page to believe it is a normal browser, I think the best solution is to ask the user on first page hit if they are on a normal browser or not (the one who is not will normally know) and then store in a cookie/set a flag and act upon what the user selected.
I mean it is easy to cheat your page either way so better trust on user selection.
You can use 2 step verification for such cases as devices are getting quite varied. First you can detect devices by media queries strings using innerWidth property. And then you can apply second filter matched by protocol it supports.
Secondly, this SO question might help Frame Buster Buster ... buster code needed
Is there any way to consistently detect PhantomJS/CasperJS? I've been dealing with a spat of malicious spambots built with it and have been able to mostly block them based on certain behaviours, but I'm curious if there's a rock-solid way to know if CasperJS is in use, as dealing with constant adaptations gets slightly annoying.
I don't believe in using Captchas. They are a negative user experience and ReCaptcha has never worked to block spam on my MediaWiki installations. As our site has no user registrations (anonymous discussion board), we'd need to have a Captcha entry for every post. We get several thousand legitimate posts a day and a Captcha would see that number divebomb.
I very much share your take on CAPTCHA. I'll list what I have been able to detect so far, for my own detection script, with similar goals. It's only partial, as they are many more headless browsers.
Fairly safe to use exposed window properties to detect/assume those particular headless browser:
window._phantom (or window.callPhantom) //phantomjs
window.__phantomas //PhantomJS-based web perf metrics + monitoring tool
window.Buffer //nodejs
window.emit //couchjs
window.spawn //rhino
The above is gathered from jslint doc and testing with phantom js.
Browser automation drivers (used by BrowserStack or other web capture services for snapshot):
window.webdriver //selenium
window.domAutomation (or window.domAutomationController) //chromium based automation driver
The properties are not always exposed and I am looking into other more robust ways to detect such bots, which I'll probably release as full blown script when done. But that mainly answers your question.
Here is another fairly sound method to detect JS capable headless browsers more broadly:
if (window.outerWidth === 0 && window.outerHeight === 0){ //headless browser }
This should work well because the properties are 0 by default even if a virtual viewport size is set by headless browsers, and by default it can't report a size of a browser window that doesn't exist. In particular, Phantom JS doesn't support outerWith or outerHeight.
ADDENDUM: There is however a Chrome/Blink bug with outer/innerDimensions. Chromium does not report those dimensions when a page loads in a hidden tab, such as when restored from previous session. Safari doesn't seem to have that issue..
Update: Turns out iOS Safari 8+ has a bug with outerWidth & outerHeight at 0, and a Sailfish webview can too. So while it's a signal, it can't be used alone without being mindful of these bugs. Hence, warning: Please don't use this raw snippet unless you really know what you are doing.
PS: If you know of other headless browser properties not listed here, please share in comments.
There is no rock-solid way: PhantomJS, and Selenium, are just software being used to control browser software, instead of a user controlling it.
With PhantomJS 1.x, in particular, I believe there is some JavaScript you can use to crash the browser that exploits a bug in the version of WebKit being used (it is equivalent to Chrome 13, so very few genuine users should be affected). (I remember this being mentioned on the Phantom mailing list a few months back, but I don't know if the exact JS to use was described.) More generally you could use a combination of user-agent matching up with feature detection. E.g. if a browser claims to be "Chrome 23" but does not have a feature that Chrome 23 has (and that Chrome 13 did not have), then get suspicious.
As a user, I hate CAPTCHAs too. But they are quite effective in that they increase the cost for the spammer: he has to write more software or hire humans to read them. (That is why I think easy CAPTCHAs are good enough: the ones that annoy users are those where you have no idea what it says and have to keep pressing reload to get something you recognize.)
One approach (which I believe Google uses) is to show the CAPTCHA conditionally. E.g. users who are logged-in never get shown it. Users who have already done one post this session are not shown it again. Users from IP addresses in a whitelist (which could be built from previous legitimate posts) are not shown them. Or conversely just show them to users from a blacklist of IP ranges.
I know none of those approaches are perfect, sorry.
You could detect phantom on the client-side by checking window.callPhantom property. The minimal script is on the client side is:
var isPhantom = !!window.callPhantom;
Here is a gist with proof of concept that this works.
A spammer could try to delete this property with page.evaluate and then it depends on who is faster. After you tried the detection you do a reload with the post form and a CAPTCHA or not depending on your detection result.
The problem is that you incur a redirect that might annoy your users. This will be necessary with every detection technique on the client. Which can be subverted and changed with onResourceRequested.
Generally, I don't think that this is possible, because you can only detect on the client and send the result to the server. Adding the CAPTCHA combined with the detection step with only one page load does not really add anything as it could be removed just as easily with phantomjs/casperjs. Defense based on user agent also doesn't make sense since it can be easily changed in phantomjs/casperjs.
Is there any possibility to set the Internet Explorer settings by running Javascript file..?
I want to set the following settings in IE through javascript/Jquery
Go to, ‘Tools’ -> ’Internet options’.
Under ‘General’ tab, click the ‘Settings’ button in the ‘Browsing History’ section.
Choose the radio button "Every time I visit the webpage".
Click ‘OK’ and restart the IE.
This is not possible - it'd be a bit of a security hole if sites were able to do this...
Firstly, the short answer is no: You can't do what you're asking for.
Javascript within the browser is heavily restricted to only being able to access resources for the actual page being viewed. This is an important security feature.
You cannot access other pages or other tabs. You cannot access parts of the browser UI outside of the page itself. You cannot run external programs.
Even if you could, the way you've described it wouldn't work anyway: The settings page you've described is specific to one particular version of IE. So your hypothetical program wouldn't work in any other browser or even any other version of IE.
However, more importantly, you need to ask yourself why you're asking for this.
The thing is that you're trying to solve a problem with your site. You've found something that resolves it, and you've asked a question about how to automate that. But you need to work backward a bit -- stop trying to work out how to automate this particular solution: you need to ask yourself whether there might be a different way of solving the original problem, which could be automated.
The fact is this: the config setting you're trying to change is for handling how the browser deals with caching of files. There are ways of changing the behaviour of caching that can be scripted by your site. You might want to look at questions like this one for example.
The lesson here is this: Don't simply ask how to do something; explain why you're trying to do it as well. There might be an alternative solution that's better than the one you've thought of.
No, it's not possible to do using JavaScript.
This is not what Javascript designed to do. There is only a way to read browser setting from JS - using signed scripts.
Does anyone know how to open multiple URL's in a single browser.
Instead of opening multiple windows, I want the urls to open in tabs in IE.
I am trying to approach this using JavaScript.
This strictly is a user preference in the browser and never try to override that.
For actual browser tabs, the only thing you can do is add the target="_blank" attribute to links. This may open tabs, but it may open windows instead. It's a user preference, like phoenix said. (By the way, Firefox, Chrome and Opera all opens "blank" targets in tabs by default.)
The other solution is to use Javascript tabs within the page itself. If you use jQuery, there are some plugins mentioned on this article I just read. Otherwise, do a bit of Googling for pure JS solutions.
What about if it's Internet Explorer only?
Also, Greg's original question was about JavaScript but would it be possible to make a simple ActiveX/.NET object that could do this and you could call from JavaScript and pass URL as a parameter?
You can say "never try to override that" but if the user is in a closed environment in which the browser us under control of the administrator, then the user has no choice. Browsers are used for much more than the web. A browser on a corporate site does not belong to the user, it belongs to the corporation.