I would like to create a folder selector for my application which will only run on Internet Explorer Browsers (IE6+).
I would like to get the full folder path a user wishes to use via a HTML browse button or similar and then pass this to my server side application which is written in PHP! This can not be done via JavaScript for security reasons so I am looking for any other alternative that will work.
I had implemented a solution using a Java Applet but this did not work out as it didn't work on IE6, plus the browser security is locked down where I am deploying this app, meaning I am unlikely to get away with an applet.
The current solution is getting the user to paste in the folder location into a textfiel, this isn't acceptable any more.
Any implementation advice welcome!
Thanks all
If your app is IE only you can create a simple ActiveX Control with only one method:
HRESULT BrowseForFolder([out] BSTR folderName);
ATL Wizard will give you major portion of code.
But I would consider using flash for this:
It is more widely used then Java (I
think so).
ActiveX is strongly depends on
browser's security options and more annoying to install.
Your task is rather small, so it can
be implemented without deep skills, if you not familiar with flash
Related
So, how much trust do I need to have in a publisher before I run their applet in the web browser?
In other words, I understand that a java applet is run in a sandbox in the browser, but this article suggests that the applet can actually access files stored on the local computer.
Can you please clarify the security limits of a java applet run in a modern browser, such as Firefox 50?
I understand that a java applet is run in a sandbox in the browser, but this article suggests that the applet can actually access files stored on the local computer.
There are potentially three different levels of security available to a Java applet.
The first is as you described 'sandboxed'. They can only access resources from their own server, nothing on your local file system unless they are launched using Java Web Start & will thereby have access to the services of the JNLP API. You might note that two of the services are the FileOpenService / FileSaveService! If the applet goes to use these, the end user will be prompted to permit the action via a dialog that states what the applet is trying to do, and asking for permission to proceed (to show a file chooser & go from there). These services provide back a 'file like' object that is more limited than the normal File API would supply. For example, it will not provide the path to the resource, just it's name and access to the content.
The level up from that can be specified in the launch file - '(J2EE) application client permissions'. This level removes the prompts for use of the JNLP API services.
The highest level of access is obtained by requesting, and being granted, 'all permissions'. Then the applet should have full access to File objects, be able to communicate with servers other than the one that launched it, etc. One of the few things they would still not be permitted to do in this mode is to call System.exit(n) to effectively 'kill the JRE' - this is something that is commonly done in other desktop apps.
But then there are JRE bugs, that screw all that up. Sun, then Oracle, kept stuffing up security so poorly (& regularly) that many browser manufacturers are entirely removing the support for applets (and other embedded objects requiring plug-ins) in web pages.
See Java Plugin support deprecated and Moving to a Plugin-Free Web for more detail.
..how much trust do I need to have in a publisher before I run their applet in the web browser?
I cannot answer for you, but my take would be that I would need to know them personally, and trust completely both their integrity and competence before I'd run their code in any browser I controlled.
Having said that, I don't think I have a single browser installed that even supports applets, and my complete lack of motivation to set something up, is probably a good view on whether I'd allow applets to run on this PC at all.
I'm currently trying to write a little application (Which doesn't require internet access - So it really only is a local application.), which should be kept really simple. I thought about simply using HTML(+CSS) and a bit of JavaScript, since that would largely be sufficient, but I also need to have access to the filesystem in order to store my data in some file, which isn't really possible in javascript (Yes, I crawled through quite a few posts about JavaScript & FileSystem, but I didn't like any of the solutions.)
So I thought about another way to do it: There is some nice Library called HtmlUnit which would allow me to basically simulate my JavaScript, while having the Java FileAccess - But then I won't be able to render it.
So, two questions:
Is it possible to somewhat declare a JavaScript File as "local" and thus gaining file-system permissions?
Many applications (Games etc) internally use Internet Explorer. Is it possible to use IEs (Or even Chromes/Firefoxes/Whatevers) renderer in Java? I don't like any of the rendering-libraries I found until now - Or just simply be able to execute js+html code as a local application?
I tried out .HTAs, and I absolutly hate them. It's just so... old. Nothing is possible there. It would be awesome to get a simple html/js application looking like in chrome, but being a local application.
Q&A
Is it possible to somewhat declare a JavaScript File as "local" and thus gaining file-system permissions?
No, it is only possible through ActiveX / plugins (e.g. Java / browser addon).
Others may suggest that JavaScript has data storage or file system.
But they are not local file system access, and you cannot read or write real files with them.
Many applications (Games etc) internally use Internet Explorer. Is it possible to use IEs (Or even Chromes/Firefoxes/Whatevers) renderer in Java? I don't like any of the rendering-libraries I found until now - Or just simply be able to execute js+html code as a local application?
JavaFX's WebView use WebKit as renderer.
Webkit is not a full browser, so it has less feature, e.g. no localStorage, but you can replace most of them with Java code.
SWT Browser, as mentioned by another answer, also works as renderer but will make it difficult for you to package as single file, plus it depends on client to do install/update the browser.
I tried out .HTAs, and I absolutly hate them. It's just so... old. Nothing is possible there. It would be awesome to get a simple html/js application looking like in chrome, but being a local application.
It is possible to embed all resources into one HTML file using inline code and data uri.
Here is one of my projects that does it: [source files] [single file deployable].
Regardless, most browsers does not allow file write, as you no doubt already know, and Chrome is especially hostile against file access.
Advise
From my experience, the only feasible solutions are:
ActiveX HTML app
Native program, such as Java jar or .Net exe. (Or a jar packaged as exe)
Full blown web app with customised browser and tailor made launcher, e.g. in a usb stick / dvd / installer
I have done all of them, and I personally think Jar/Exe is the most balanced solution given your requirement.
Which is sad. If metro app were easily deployable like exe I'd advise that instead.
Is it possible to somewhat declare a JavaScript File as "local" and thus gaining file-system permissions?
Firefox extensions would have the necessary permissions to access the file system.
Is it possible to use IEs (Or even Chromes/Firefoxes/Whatevers) renderer in Java?
Yes, e.g. with the SWT Browser Widget or JavaFX WebView
I wonder if this will be enough for you (using HTML5 storage features):
function saveFile(localstorage) {
localstorage.root.getFile("info.txt", {create: true}, function(theFile) {
theFile.createWriter(function(theContent) {
var blob = new Blob(["Lorem Ipsum"], {type: "text/plain"});
theContent.write(blob);
});
});
}
Browsers will ask users for permissions to store files in local system.
Credit where credit is due
I am developing a web application using HTML5, AngularJS, REST Webservices, Java etc. I will be hosting it over company's intranet. I have a peculiar requirement where I need to run exes which are already copied to client machine. The 'run' should be triggered from backend java code and user need not click on any UI link.
I am exploring Java Web Start, but I guess some user interaction in mandatory in it. If some signed content, certificates are required I can do that.
Is this feasible?
What you want is exactly what any virus builder dreams of. Therefor, it has been made VERY difficult. There are only 2 ways in which I think you could do this:
Use a java applet. It needs to be signed perfectly and the security settings in the users browsers need to be lowered. Even then I'm not entirely sure they don't have to click 'accept' somewhere.
Create a browser plugin. You could write a browser plugin, which would allow you to do basically anything you want. You would need to install it everywhere though.
If there is any way of getting around the requirement of running an exe from a web browser, I suggest you take it.
I want to read the web address of all open windows. As soon as the window closes, I should know it too.
One way to do this is by asking the user to download a firefox plugin. This plugin should monitor the user web address.
But is this possible? How to go about executing it. I am pretty decent in Java and PHP.
EDIT:
What if the user wants to give permission to access all the websites he or she visits?
I want to display in a visual manner the statistics of the sites being visited by users who grant permission.
As noted, this cannot be done with standard JavaScript/DOM methods that run inside a page, for security and privacy reasons.
You could definitely do it with a Firefox add on, plugin or extension.
I suggest reading the Firefox addons developer guide and the Developer Hub in general. The language used to develop for Firefox is JavaScript.
nsIWindowMediator can be used to enumerate open windows, and properties can be obtained through the nsIDOMWindow objects. As explained here,
"While you can use JavaScript to get child windows opened from the parent window, you cannot get dialogs or windows that have no relation to that window. To overcome this limitation, nsIWindowMediator makes it possible to access all of Firefox's windows."
this likely violates the same origin policy, which rules this out
it basically controls the code so that it does not read anything it did not create
so no spying can be done
No, this would be a major security and privacy issue.
This is definitely a security violation similar to sniffing; and would require certain privileges to run on each platform (such as an activeX or plugin or a privileged applet).
However, this can be done using javascript only the page containing the script it self is responsible for opening windows (meaning not all windows such as window opened by user) - if that is what you are looking for, let me know.
I've been thinking a lot lately about how cool it would be to have a website that allows a user to insert a disc into their drive and click a button to begin a ripping process. After the rip is complete, it would upload to a server and be hosted there. Ideally, the process would be seamless for both DVDs and CDs and work cross platform.
My question is for the developers here - what recommendations do you have on approaching this situation? Does it seem feasible? Is it something that would require a flex app, java? Can the user get away with doing this in their browser only, without having to download any software? I'd also like to make sure that if the upload disconnects during the uploading process, the user can log back in and resume the upload where it failed.
I found some software that kind of achieves what I'm looking to do, but it is downloaded and is windows only as it relies on some .dll files to complete the process. I can show you this software if it would help?
For the record, the DVDs and CDs uploaded would need to be legally owned and the uploader must have the copyright, so don't think I'm getting into any infringement or illegality issues.
Thanks for the insight!
Browsers are not the best way to upload ISOs of CD/DVD. Basically, it's like asking a user to rip the CD with UltraISO and "manually" upload the file in a Web Form.
The only way to achieve your result is definitely to create an executable application, and/or a Java/.NET applet (I don't remember if/how Mono supports .NET controls on Firefox). But the executable is the basic way. You must then use a portable framework like Java or .NET/Mono which work on Windows, Mac and Linux.
In order to avoid dependencies, you must also ship the package with all the ISO-ripping libraries needed. I don't think there is a single managed-code library to rip CDs, so you need some OS help. You program should differentiate between OSes: in Linux and Mac, use dd (lots of tutorials), in Windows use NeroAPI or an open source ripper.
Once the ISO is created on a temp folder, just open it as a stream and upload via socket. I suggest not to use HTTP but FTP instead, then!
A 1-click solution is feasible, but forget the browser