Low security web browser?

Re: Low security web browser?

Neil <n.danson@lbs-ltd.com> wrote:[color=blue]
> I found some code on a web site regarding accessing the html dom using
> javascript, where the html resides in a frame. So I wrote a html
> document with a frame which points to a real website, and tried to
> access its html dom. Using IE6 (most up to date service packs, etc) or
> Netscape (7.2 I believe, but I only used it for testing, so I cant be
> sure), I got security errors - looking around, it appears that what I
> want to do is not possible as most web browsers are too security
> conscious. Is there any way to do what I want, or (worst case
> scenario) a low security web browser that will allow me to do this?[/color]

Some browsers will let you turn down the security settings per website.
What do you want to do?

Re: Low security web browser?

I basically have a frame on a local html page, which points at a web
site with some login information. Using Javascript I want the html
page to log in my use into the webpage. I have written an application
in c# which does this using the html dom, but in Javascript (while
code-wise it is much easier), it is seemingly impossible to access the
html of the frame (ie to populate the username/password fields)
without a security error.

Has anyone ever tried this? Loweing the security settings (in IE at
least) had no effect on the error.

Regards

Neil Danson

Ian Stirling <root@mauve.dem on.co.uk> wrote in message news:<4144ad91$ 0$63921$ed2619e c@ptn-nntp-reader02.plus.n et>...[color=blue]
> Neil <n.danson@lbs-ltd.com> wrote:[color=green]
> > I found some code on a web site regarding accessing the html dom using
> > javascript, where the html resides in a frame. So I wrote a html
> > document with a frame which points to a real website, and tried to
> > access its html dom. Using IE6 (most up to date service packs, etc) or
> > Netscape (7.2 I believe, but I only used it for testing, so I cant be
> > sure), I got security errors - looking around, it appears that what I
> > want to do is not possible as most web browsers are too security
> > conscious. Is there any way to do what I want, or (worst case
> > scenario) a low security web browser that will allow me to do this?[/color]
>
> Some browsers will let you turn down the security settings per website.
> What do you want to do?[/color]

Re: Low security web browser?



Neil wrote:
[color=blue]
> I found some code on a web site regarding accessing the html dom using
> javascript, where the html resides in a frame. So I wrote a html
> document with a frame which points to a real website, and tried to
> access its html dom. Using IE6 (most up to date service packs, etc) or
> Netscape (7.2 I believe, but I only used it for testing, so I cant be
> sure), I got security errors - looking around, it appears that what I
> want to do is not possible as most web browsers are too security
> conscious. Is there any way to do what I want, or (worst case
> scenario) a low security web browser that will allow me to do this?[/color]

MS on Windows knows HTML applications, there your HTML is not rendered
by IE with its same origin policy but as a normal application. To start
save your .html file as a .hta file, then check the documentation on


Such a HTML application is a way to have one frame loading an external
web site and scripting it with your locally loaded code.

If you want to use Netscape 7 to do such stuff then as long as the page
with your script is loaded locally (via file: URL) you/your script can
request permission to access the DOM of the external page e.g.

function setInnerText (element, text) {
if (element.childN odes.length == 1 && element.firstCh ild.nodeType == 3) {
element.firstCh ild.nodeValue = text;
}
else {
while (element.hasChi ldNodes()) {
element.removeC hild(element.la stChild);
}
element.appendC hild(element.ow nerDocument.cre ateTextNode(tex t));
}
}

function changeLinks (winOrFrame) {

netscape.securi ty.PrivilegeMan ager.enablePriv ilege('Universa lBrowserRead
UniversalBrowse rWrite');
var links = winOrFrame.docu ment.links;
for (var i = 0; i < links.length; i++) {
links[i].href = 'http://JavaScript.FAQt s.com/';
setInnerText(li nks[i], 'JavaScript.FAQ ts');
}
}

changeLinks(par ent.frames[1])


Then the enablePrivilege call will popup a dialog asking the browser
user to grant the script the privilege. With standard security settings
for Netscape/Mozilla the enablePrivilege call will only popup the dialog
when called in a signed script or in a locally loaded script (file: URL)

--

Martin Honnen

Re: Low security web browser?

Neil <n.danson@lbs-ltd.com> wrote:[color=blue]
> I basically have a frame on a local html page, which points at a web
> site with some login information. Using Javascript I want the html
> page to log in my use into the webpage. I have written an application
> in c# which does this using the html dom, but in Javascript (while
> code-wise it is much easier), it is seemingly impossible to access the
> html of the frame (ie to populate the username/password fields)
> without a security error.
>
> Has anyone ever tried this? Loweing the security settings (in IE at
> least) had no effect on the error.[/color]

The problem is that you're trying to defeat a security mechanism that
most of the world thinks is a good idea.
Do you not have control over the website, to maybe use a cookie instead?

Re: Low security web browser?

Superb. That worked a treat. Thankyou.

On a (kind of) related note, Now my app can fill in the details, once
it submits the data (on a click of a button) it launches a new page in
a new window. Is there any way of stoppping that loading int IE, and
load it into a new frame? In C# I would have used the NewWindow2 event
of the IE object. Any ideas on how to do this in Javascript?

Regards

Neil

Re: Low security web browser?



Neil wrote:
[color=blue]
> Superb. That worked a treat.[/color]

What exactly, HTAs, signed script, requesting privileges?
[color=blue]
> Now my app can fill in the details, once
> it submits the data (on a click of a button) it launches a new page in
> a new window. Is there any way of stoppping that loading int IE, and
> load it into a new frame?[/color]

You will need to post the relevant markup and script you have so that we
know what exactly you are doing.


--

Martin Honnen

Re: Low security web browser?

Sorry - HTAs. Didnt try the other ones as this seemed to work OK.

As for the HTML:

<HTML>
<HEAD>
<TITLE>Binary Bet Trader</TITLE>
<HTA:APPLICATIO N ID="oHTA"
APPLICATIONNAME ="Binary Bet Trader"
BORDER="thin"
BORDERSTYLE="no rmal"
CAPTION="yes"
ICON=""
MAXIMIZEBUTTON= "yes"
MINIMIZEBUTTON= "yes"
SHOWINTASKBAR=" no"
SINGLEINSTANCE= "no"
SYSMENU="yes"
VERSION="1.0"
WINDOWSTATE="ma ximize"/>

<SCRIPT>
function onLoad()
{
parent.left_fra me.document.frm Login.account_i d.value='****';
parent.left_fra me.document.frm Login.password. value='****';
parent.left_fra me.submitLoginF orm(parent.left _frame.document .forms['frmLogin']);
}

</SCRIPT>
</HEAD>
<FRAMESET cols="100%" rows="100%" onload="onLoad( );">
<FRAME SRC="http://www.binarybet.c om" name="left_fram e"
APPLICATION="ye s">
</FRAMESET>
</HTML>

On the submitform call it launches a new window. I'd like to cpatue
that window and load it into another frame. ATM, because the 1st page
is not loaded by IE, the page which opens next does not load correctly
( i had this in my c# version too). As I said, in C# I would use the
NewWindow2 event - is there anything equivalent I can do here?

Regards

Neil