I have a webpage which has a iframe, textbox and button but nothing else... user types a URL to the textbox then clicks on the button. after that, URL is assined as the source of the iframe.
what happenes after is a java applet takes the screenshot of the webpage etc. etc.
What I discovered today, in Google Chrome, there is this option in the right click menu named "inspect element". With the help of this feature, user are likely to change whats inside of an iframe and manipulates the original data. Does anyone know how can I encrypt the source of iframe.
P.S. source of iframe is authenticated data.
This is what it look like before manupilation
This is after manupilation
The short answer to your question is "no". Html is a client-side SCRIPT language; while you may find ways to make things increasingly difficult to "manipulate", you ultimately have no ability to entirely prevent a user from seeing every single detail of what you are trying to do with 1 significant exception and that is the use of an applet or plugin (ie: flash, java, activex).
To help with your problem, if you are already using an applet, why not leverage that over using an iframe? You could also consider using the applet to generate a jpeg for delivery rather than HTML.
Related
There is one website named "www.localbanya.com", i wanted to grab the HTML information from that site, they list products, the structure of their display is:
First they display some around 8-10 products on page-load, and
later when user scrolls down it generates more products.
Now as this is happening based on javascript, i am not able to get the whole page source using WebClient.
I wanted to know is there any way i can update the page-source while using WebClient class in .net to retrieve whole page information or any other alternative i can use to get the whole page HTML information, at once.
You can refer this for reference localbanya product page
Any help will be a appreciated.
WebClient obviously doesn't run the javascript.
so you gonna need some sort of a headless browser to do it.
There are many options for it, though I don't know any C# or .NET implementation..
You may look into Phantom JS and other headless browsers which replicate what a normal browser does and you can write scripts for it.
Also refer to this question
Headless browser for C# (.NET)?
You can also run something like Fiddler to see what requests were made from the page when scrolling down, to reverse engineer how the data is retrieved, and replicate that with a WebClient if possible.
Hope this Helps.
I have a page with a lot of dynamically generated check boxes on it. As the users click these check boxes a lot of content on the page changes dynamically via ajax. The end users are complaining that after hitting submit and then hitting the back button to change something, their selections are blown away and they have to do it all over again.
I have seen a few sites (gmail, facebook, etc...) use the hash symbol in the URL to hack the back button so that it performs AJAX calls instead of going back to the previous full page request. I would like to do this to modify the URL before the page submits so that hitting the back button will load their previously selected fields.
For instance:
In Gmail if I am viewing my inbox then my URL looks like this: https://mail.google.com/mail/?shva=1#inbox
Then if I click "Sent Mail" an AJAX call is performed and my URL is modified to look like this: https://mail.google.com/mail/?shva=1#sent
I really like this behavior and want to duplicate it. How is this accomplished?
Do your links actually trigger any javascript or do they just link to the URL with the appropriate hash symbol information?
How do you read in the hash symbol info in javascript?
How does this type of navigation affect search engines? Would a search engine know that two URLS that are the same except for the information after the hash are actually different URLs and index them as such?
What are some other pros and cons of this technique that I should take into consideration?
NOTE: I am using C# with ASP.NET Web Forms and ASP.NET MVC 3.0 in case that matters at all.
To manipulate hashtags, look at location.hash (javascript).
You'll also be interested in the new push/pop state stuff in HTML 5. https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history.
github has done some pretty cool things with this. Check out their blog entry on their tree slider feature at https://github.com/blog/760-the-tree-slider.
There's also the jQuery history plugin at http://tkyk.github.com/jquery-history-plugin/. (EDIT: I see Joe beat me to this one).
take a look at the jquery history plugin http://tkyk.github.com/jquery-history-plugin/ I have used it in the past, and it just might do what you want.
JQuery plugin:
http://tkyk.github.com/jquery-history-plugin/
Another jQuery library that I have used in the past:
jQuery BBQ: Back Button & Query Library
Also, a more scaled down version of the previous if you don't need all it's features and just gives you the hashchange event for all browsers:
jQuery hashchange event
NOTE: Just as a brief intro to the above libraries. The hashchange event is supported natively by newer(HTML5 supported) browsers in which case the scripts will just bind to that event. For older browsers that don't support that event, the script creates a polling loop to simulate the event. In either case you can bind to the event and handle appropriately.
EDIT: To answer your questions:
The links do not trigger javascript, links simply change the url with the hash. The hashchange event monitors this action, and when the hash changes(which is logged in browser history stack) the event fires.
location.hash is used to read the hash value, and any appropriate parsing you would need from that point.
Probably not SEO savvy enough to give you a complete answer on that, but fairly sure search engines DO NOT index hashes.
Pros for this technique is usability as your users will be able to properly use their back buttons. Also any history.back(0) javascript calls will also work properly(i don't like them but people use them). Cons are that as you're initially developing, you can get some quirky bugs depending on how your code is written. All in all though, I think with the use of the plugins much of the legwork has been taken out of the process and it is a great method for usability purposes.
I use:
window.print();
to print documents.
Problem:
As you guys know that browsers automatically adds page's title, path on top of the print page and page number and date on footer of the page.
But the client has asked me to remove all those things from the page or change their color to white so that they are not visible.
Question:
Is it possible to remove those things from page generated by the browser?
(I suspect answer might be no but no sure; possibly this can be controlled :))
This is a setting on the browser and can be turned on and off.
http://www.mintprintables.com/print-tips/header-footer.php
Only way to do this is via ActiveX for IE.
If you can do something server side, you could create a PDF file which the user can then print. I've not seen how to this on the browser itself, although I'd be interested to see if anyone else has.
The project I am currently working on has, in the checkout, an option to attach an embedded YouTube video to an advert.
This is causing a headache:
My original plan was to take the embed html that the user provides from YouTube and split out the videoID, and store only that, rejecting anything that does not fit a certain pattern, to ensure there's no dodgy business.
Unfortunately, the ASP.net validation is catching the html before it gets sent back to me for processing, is there any way other than turning off validation to get around this?
I can deal with the unsecure html myself, and there are too many other controls on the page to justify turning off validation.
Turning off the ValidateRequest flag is the only way to allow for .net to accept the data.
One alternative may be to use javascript to encode the input and have the page post the encoded data instead of the raw html.
Another alternative is to have a blank page with your control and a "submit" button within an iframe on the main page. That way you only need to turn off validation for that page and therefore that control. Styling can be an issue here though.
If you are only interested in the video ID from YouTube, could you not just get the user to enter the YouTube URL then extract the video ID from the querystring? Then you wouldn't have to worry about the page validation issues at all.
The user needs to click on browse button to browse his system .He then selects a text file & clicks ok.Once he clicks ok all the data in the text file should be displayed in a text area.How do I do that? I am using JavaScript & c# designing aspx pages.It would be preferable if i avoid round trip to the server.
You can't do it without a trip to the server, the only way for you to get the content of the file is by submitting it as part of a form. You can make the trip to the server happen in an iframe via XHR and then update the text area with the result from the XHR call, so it sort of seems like one wasn't involved, but you can't directly access the content of files of the user's machine, for obvious reasons.
I know you said you would prefer a round trip, but its the only way you are going to be able to accomplish what you want.
You could put the file upload in an iframe, and do the upload behind the scenes (No page refresh, gmail does this :) ) then use AJAX to download the data and insert it into the textarea.
It can't in general be done, as answers here outline.
However, it can be done in Firefox 3+ only, using the uploadfield.files array. Other browsers would have to fall back to the server round-trip.
For security reasons, JavaScript cannot access the local filesystem like that.
Javascript cannot do that without putting a severe security risk on the user. That said, the file will need to be posted to your server.
As other posters here have indicated, you're not allowed to access the local filesystem from Javascript directly. But you can set up an action on your server to take the file form POST input, and simply echo the data right back out to the response. If you hide an iframe inside your page as the form POST target, that response data can appear in the hidden iframe, and then the page won't have to reload. Then once the iframe has loaded with the text, you can use JS to pull the text out of the iframe, and put it into the text area that you're interested in.
Alternately, if you're inclined to restrict usage to Firefox users with an extension, you should be able to accomplish this without a roundtrip using a Greasemonkey user script (see www.greasespot.com) or something like it, that uses the custom Mozilla extensions.