Controlling windows across domains with JavaScript

Discussion in 'Javascript' started by unacoder@gmail.com, Feb 15, 2006.

  1. Guest

    Is it possible to request the user's permission to be able to control
    IE or FireFox windows that are pointed to domains other than the base
    domain the script is running from? For example, if my page launches a
    new window pointing to a web site originating from a different domain,
    is it possible for my script to request and gain access to the content
    of that window, and be able to control the window?
    , Feb 15, 2006
    #1
    1. Advertising

  2. wrote:

    > Is it possible to request the user's permission to be able to control
    > IE or FireFox windows that are pointed to domains other than the base
    > domain the script is running from? For example, if my page launches a
    > new window pointing to a web site originating from a different domain,
    > is it possible for my script to request and gain access to the content
    > of that window, and be able to control the window?


    If your own document is loaded locally (from a file: URL) in Firefox
    then it is possible to try to request privileges from the user e.g.

    var iframe = document.createElement('iframe');
    iframe.addEventListener(
    'load',
    function (evt) {
    try {

    netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');
    var p = iframe.contentDocument.createElement('p');
    p.appendChild(iframe.contentDocument.createTextNode(
    'Kibology for all.'));
    iframe.contentDocument.body.appendChild(p);
    }
    catch (e) {
    // deal with not getting privilege here
    }
    },
    false
    );
    iframe.src = 'http://www.mozilla.org/';
    iframe.width = '100%';
    iframe.height = '300';
    document.body.appendChild(iframe);


    If your own document is loaded via HTTP then with normal security
    settings your script can't request privileges in Mozilla. You would need
    signed script in that case.

    IE does not allow script to request privileges but you can use HTAs
    (HTML applications) where you create a .hta instead of a .html file and
    install that .hta locally. Script in the HTA is not run in the normal
    browser sandbox but has all access normal applications have.


    With Mozilla you can also write extensions with script, if a user
    installs you extension then it also has access to every API Mozilla
    exposes to script.


    --

    Martin Honnen
    http://JavaScript.FAQTs.com/
    Martin Honnen, Feb 15, 2006
    #2
    1. Advertising

  3. Guest

    Thanks, thats exactly what I was looking for. Is there a cross-browser
    solution that would work for this? I want to design a web site that
    acts as a front end to another popular web site that alot of my friends
    use. I want to be able to manipulate what is shown on the other web
    site from my page. I figured I would have to write my own browser
    plugin to get it to work, but I'd rather do it with javascript if I can
    get user permission to have the access...
    , Feb 15, 2006
    #3
  4. wrote:

    > I want to design a web site that
    > acts as a front end to another popular web site that alot of my friends
    > use. I want to be able to manipulate what is shown on the other web
    > site from my page. I figured I would have to write my own browser
    > plugin to get it to work, but I'd rather do it with javascript



    As for Mozilla, a Firefox _extension_ is usually implemented using
    JavaScript and XUL and/or HTML. A _plugin_ is different, that has to be
    implemented in C++ usually.
    Developing Firefox extensions is described here:
    <http://developer.mozilla.org/en/docs/Building_an_Extension>

    Cross-browser stuff is difficult, there is a Greasemonkey-Extension for
    Mozilla that browser users could install, then they could install your
    Greasemonkey script (JavaScript) that would be triggered each time
    designted URLs are loaded:
    <http://greasemonkey.mozdev.org/>
    <http://greasemonkey.mozdev.org/authoring.html>

    Opera since version 8 supports a similar concept, so called user scripts
    that the browser user can install and which are then again triggered
    when designated URLs are loaded:
    <http://www.opera.com/support/tutorials/userjs/index.dml>
    They claim they support Greasemonkey scripts too, not sure how good the
    compatibiliy is.

    I realize that Greasemonkey or user scripts are not what you originally
    had in mind (your own web site accessing other web sites) but those user
    scripts can be written by you and installed by your users of the other
    web sites and that way you can have your scripts manipulate those web
    sites as needed.

    --

    Martin Honnen
    http://JavaScript.FAQTs.com/
    Martin Honnen, Feb 16, 2006
    #4
  5. Csaba Gabor Guest

    Martin Honnen wrote:
    > wrote:
    >
    > If your own document is loaded locally (from a file: URL) in Firefox
    > then it is possible to try to request privileges from the user e.g.
    >
    > var iframe = document.createElement('iframe');
    > iframe.addEventListener(
    > 'load',
    > function (evt) {
    > try {
    >
    > netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead');
    > var p = iframe.contentDocument.createElement('p');
    > p.appendChild(iframe.contentDocument.createTextNode(
    > 'Kibology for all.'));
    > iframe.contentDocument.body.appendChild(p);
    > }
    > catch (e) {
    > // deal with not getting privilege here
    > }
    > },
    > false
    > );
    > iframe.src = 'http://www.mozilla.org/';
    > iframe.width = '100%';
    > iframe.height = '300';
    > document.body.appendChild(iframe);
    >
    >
    > If your own document is loaded via HTTP then with normal security
    > settings your script can't request privileges in Mozilla. You would need
    > signed script in that case.


    Hey Martin, thanks for that fantastic post, along with your followup.
    I have a related question that's been on my mind. I've been using
    GreaseMonkey, and what I've got is a local file (on my Win XP Pro hard
    drive) such that when I double click it, Firefox comes up with it.
    GreaseMonkey has been set to act on that file and so it does its thing
    (the file on the hard drive is a dummy file. Its only point is that GM
    keys on it to start the relevant GM script).

    So here is my (two part) question. First: is there some kind of
    privilege that I could set so that I can do a window.close() to close
    down the page that I thusly brought up (I should add that the GM script
    will cause other pages to be loaded in the original page's place, and
    each subsequent page will also be subject to the same GM script - in
    this fashion I am sequencing through pages)? I haven't worked with
    privileges before. If there is some privilege that I can set, could
    that privilege be set on an automated basis before Firefox is invoked
    (I am effectively asking where this privilege lives) using (for
    example) PHP (perhaps by editing some configuration file)? Perhaps an
    extension could accomplish my goal if privilege mucking can't?

    Second: assuming that the first question has a Yes answer, I would
    really like the instance of FF started off by means of the double click
    on my initial local file to stay hidden. This is because I want to
    schedule FF to act upon that file (and hence invoke a GM script) so
    that I shouldn't be distracted as this is going on.

    Essentially, I want to be able to automate sequencing through web pages
    on an automated basis using FF instead of IE. With IE I use VBScript
    to create a hidden instance of IE, and then the VBScript gets notified
    when the requested page has loaded. At that point, the script can muck
    about with the loaded page using VBScript. The FF approach would allow
    me to muck about with the page using the more natural javascript. And
    my only remaining issues are cleanup and page visibility.

    Thanks,
    Csaba Gabor from Vienna
    Csaba Gabor, Feb 16, 2006
    #5
  6. Csaba Gabor Guest

    Martin Honnen wrote:
    > Csaba Gabor wrote:
    > > With IE I use VBScript
    > > to create a hidden instance of IE, and then the VBScript gets notified
    > > when the requested page has loaded. At that point, the script can muck
    > > about with the loaded page using VBScript. The FF approach would allow
    > > me to muck about with the page using the more natural javascript.

    >
    > You can automate MS IE with JScript much the same as with VBScript, thus
    > if you prefer using JScript for that automation task then Windows Script
    > Host certainly allows that.


    Excellent point. Here is an example script, complete with event
    capturing. If I put the script into a test.js file and press enter on
    it, then up pops an instance of IE that I can sequence through. The
    reason for using DownloadComplete is that it captures document
    reloading when you press the F5 key.

    However, if I uncomment either of the indicated lines, then the script
    sometimes gives a WScript error. This is most common when pressing
    Enter twice upon the script file in rapid succession (launching two
    instances at about the same time). I'm guessing it's a timing related
    out of scope issue, but a more definitive statement would be great.

    var objIE = WScript.CreateObject("InternetExplorer.Application",
    "IEevt_");
    //objIE.Navigate("http://google.com", "", "_new", "", "");
    objIE.Navigate2("http://z6.com");
    objIE.visible = true;
    var wsh = WScript.CreateObject("WScript.Shell");

    while (objIE.readyState<4) WScript.sleep (100);

    var window=objIE.document.parentWindow
    // window.alert("Hi mom"); // can lead to timing / out of scope? error
    wsh.popup ("Hi mom", 4, "WScript popup", 131120);

    function IEevt_DownloadComplete() {
    if (objIE.readyState>=2) {
    // next line would show alert, but can lead to WScript errors
    // objIE.document.parentWindow.alert (
    // "Proper download complete: " + objIE.readyState);
    objIE.document.parentWindow.setTimeout (
    "alert('Proper download complete: "+objIE.readyState+"');", 100);
    }
    }

    Csaba
    Csaba Gabor, Feb 20, 2006
    #6
  7. Csaba Gabor Guest

    Martin Honnen wrote:
    > That privilege stuff stems from Netscape 4, there you (with local files)
    > can do e.g.
    >
    > netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserWrite');
    > window.close()


    Martin, thanks for your response. It works as indicated, when the
    script is in the original file. However, it does not work with
    GreaseMonkey because GM does not know 'netscape'. That is beside the
    point, however, because for the (daily) automation I have in mind, the
    appropriate privileges must already be in the prefs.js file (don't want
    human interaction during automation).

    Therefore, I can either preset into prefs.js the three 'capability'
    lines that get written via the above PrivilegeManager (I think. I
    didn't do rigorous testing), or I can ensure use
    dom.allow_scripts_to_close_windows is set in prefs.js

    With the latter, the process works well on specific invocation, but I
    run into a problem when I try to automate the whole thing.
    Specifically, if I schedule the base file to be run by FF (via AT
    without the /INTERACTIVE flag) as User Name SYSTEM (so that I get a
    fresh, hidden instance of FF), then if there is any instance of FF
    already active, the SYSTEM instance will hang and not even read the
    indicated file. This is not a GM issue as far as I can tell, and I've
    reported it, with demo, at
    https://bugzilla.mozilla.org/show_bug.cgi?id=327849

    Csaba
    Csaba Gabor, Feb 20, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Weng Tianxiang

    Signals across two clock domains

    Weng Tianxiang, Dec 17, 2003, in forum: VHDL
    Replies:
    9
    Views:
    4,924
    Mike Treseler
    Dec 22, 2003
  2. =?Utf-8?B?U2hhd24gTWVsdG9u?=

    Can Impersonation occur across domains?

    =?Utf-8?B?U2hhd24gTWVsdG9u?=, Feb 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    370
    =?Utf-8?B?U2hhd24gTWVsdG9u?=
    Feb 17, 2004
  3. Dica
    Replies:
    0
    Views:
    412
  4. Iris

    Windows Authentication across domains

    Iris, Oct 31, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    105
  5. Craig
    Replies:
    13
    Views:
    143
    Reply Via Newsgroup Thanks
    Feb 6, 2004
Loading...

Share This Page