Can you make the HTML input file typeable? Instead of requiring to hit browse?
I can't necessarily speak for every browser in existence, but for every one that I'm aware of you can not without a browser add-on (flash, silverlight, etc.). This is a security feature to prevent a malicious web-site from "stealing" files from your local system with clever scripts.
Not that I know of.
You can drag a file onto/into the input.
But if it was type-able you could technically get any file off their machine without them knowing.
This is a decision made by developers of browsers. Some make the fields manually editable, some only let you use the dialog. (It is worth noting that in Chrome/Mac (for instance), while the field itself isn't editable, you can type in the dialogue box).
You can't change this as a page author.
Related
I have a number of embedded devices with a web-based front end, each on a different randomly assigned ip address.
I often want to check between these devices but, when they're open in different tabs, it is hard to tell which is which.
I have attempted to embed these pages in iframes with a header labelling each one, but CORS prevented the pages from showing.
Is there a way I could get the opening page to label a tab or window to help me distinguish between similar looking pages? Failing that, and possibly in SuperUser territory, is there any way I could manually label the tabs in my browser once they're open?
Here's a partial answer. There are a number of third-party plugins for Chrome which allow the user to manually rename tabs. I have installed one called Simple Tab Renamer and it seems to be doing the job.
An automated system would be nicer, but I suspect security policies would prevent that.
https://chrome.google.com/webstore/detail/simple-tab-renamer/ailhpmlejogfdcpoflidmobgkgdemaog
I'm a Web Designer, and I have this client who runs a paid subscription blog site that has sensative content that he does not want copied and shared (hence the paid subscription).
I've recently been able to successfully disable all ability to copy the content from the actual webpages (using a wordpress plugin, and also targeting some elements using css -webkit-user-select set to none)
But more recently I've become aware that you are still able to copy and paste all of the content if the user views the webpage using Safari's Reader. Is there anyway at all to diable the user's ability to copy text from inside Reader?
I appreciate any feedback and help you can send my way!
Thanks!
You may try to implement various "tricks" to disabling copying. They have basically to do with preventing default actions when click-dragging to select text (google for jQuery preventDefault). You bind an action an then preventDefault on the event when the action is triggered.
You may also attemp to prevent-defaut some keystokes like cmd-c and cmd-a
But... as the page is delivered to the browser the text is on the user's machine. So all the techniques above can be circumvented.
In some browsers the tricks above may not work. Or, a smart user, may open the page source and extract the text.
You may go further, rendering the text to image server-side.
But a motivated user may rewrite by hand the text...
Conclusion: you can make more difficult for the average user to copy text. It's impossible to avoid it completely.
Hope this helps...
I am trying to make a Chrome extension for personal use that makes all the password fields type="text", so I can see the clear passwords. (I know that I can probably find something like this in the Chrome store, but it's something I want to do myself).
I am however having a hard time accessing the actual page content (the page I'm viewing in the tab). If I do
document.getElementById('text')
this selects the element from background.html not the page I'm viewing. How can I access the actual page?
Also, is there a way I can include an external javascript file so I can use functions from there?
You would need to use content script - javascript file injected into an actual page with access to DOM and events.
I want to know, how to make my html file code to encrypted?
So that if normal user see the code,
then they don't understand the code?
I don't remember how I did it, but I was just reading some of my own code recently and I couldn't even understand it. A normal user would not have a chance. I don't thing encryption was involved however.
You can't. If the user can't see it, the browser wouldn't be able to either!
This is called obfuscation, but it's pointless. People can still view your complete DOM tree in DOM Inspector or Firebug. As this Yahoo blog entry says, "If you don’t want people to see your programs, unplug your server." This applies equally to HTML.
Don't bother. All encryption will do for you is slow down your site. It's not worth 'hiding' it. Any moron can just open up Firebug and see everything without even having to decrypt the source code anyways.
This might be good: http://www.iwebtool.com/html_encrypter
it's free and online makes your code into unicode hope less to copy and edit!
You may try disable the mouse right click.
JS (jQuery):
$(document).bind('contextmenu',function(){return false;});
Again as shown in other posts this is actually meaningless because if someone want to view the source they can just press F12 to open the console and view all the codes.
Also, I don't think a normal user will want to see this kind of things. If they see that, they just think they're pressing the wrong button and close it.
You can use StatiCrypt to encrypt your HTML file using AES-256 encryption. You then get a simple HTML page with a password prompt, see example.
Two cautionary notes from the project's repository:
Disclaimer if you have extra sensitive banking data you should probably use something else!
...
AES-256 is state of the art but brute-force/dictionary attacks would be trivial to do at a really fast pace: use a long, unusual passphrase.
A similar tool is clientside-html-password. There might be others as well, but the bottom line is that you can make an HTML file encrypted.
I've written a tool to encrypt HTML files called PageCrypt. The tool asks for a password at the time of encryption, then spits out an encrypted HTML file. Then, when a user views the encrypted file, they need to input the set password to be able to unscramble and view it.
The tool is hosted here:
https://www.maxlaumeister.com/pagecrypt/
with source code available here:
https://github.com/MaxLaumeister/pagecrypt
Description of the project, from the project page:
PageCrypt - Password Protect HTML
This tool lets you securely password-protect an HTML file. Unlike other password-protection tools, this tool:
Has no server-side components (this tool and its password-protected pages run entirely in javascript).
Uses strong encryption, so the password-protection cannot be bypassed.
All you need to do is choose an HTML file and a password, and your page will be password-protected.
You can try DRM-X 4.0, it supports protect HTML JS CSS and Images. it also supports protect Dynamic Website.
https://www.haihaisoft.com/HTML-Encryption.aspx
https://www.haihaisoft.com/Dynamic-Website-DRM-Protection.aspx
I have a web application with a simple file upload requirement (max 1 mb).
The web application is an externally exposed web site that must be (as much as possible) compatible with all browsers and versions.
We are using C# .net 3.5 ASP .Net (IIS 7) technology.
We are having trouble implementing the file upload control:
<input type="file" ... />
The buttons are not clicking correctly and different input methods (eg clicking on the text box in some browsers will open the input field).
We need to avoid 3rd party file upload tools.
What is the best way to make this compatible with all browsers?
Can we use frameworks (eg we could use JQuery) to do this?
Any help is really appreciated.
Edit:
Here are some more specific behaviour details:
Intended/Expected:
Consistent use of textbox field (for filename):
displays filename of selected file
no events fire launch of browse dialog
Consistent use of browse button:
same css standards as standard HTML button for look and feel
opens browse dialog
dialog cancel - clears textbox field
dialog ok - (re)populates textbox field
We would like to have the look and feel of the textbox and button to use the same css as the rest of our web site.
Current:
textbox click events opens dialog
generic display of textbox and button field
browse button not working with some browsers (not firing browse dialog event, but being displayed)
As much as possible the behaviour (events/actions as above) should be consistent between all browser types.
What is the best way to make this compatible with all browsers?
It's already compatible with all browsers. Just don't try too hard to script it or overhaul the style. You have minimal customisation possibilities with the file upload field, partly for obvious security reasons and partly because the multiple-part rendering of the text+button arrangement in many browsers is simply not amenable to styling primitives that operate on single boxes.
(eg clicking on the text box in some browsers will open the input field).
Luckily people whose browsers do that will already be used to file upload fields doing that; indeed, they will expect the browser to do that, and be confused if you manage to stop it.
(And it's a sensible measure: allowing typing in the filename field is seldom useful, but it has caused security holes in the past.)
Consistent use of browse button:
Nothing about the file upload field even mandates a browse button or file-finder dialogue box. You might have eg. drap and drop instead. The browser decides this; as the site author you don't get a look in.
We would like to have the look and feel of the textbox and button to use the same css as the rest of our web site.
This isn't really possible within the realms of HTML. Hence the “third party uploaders”, typically Flash with HTML fallback.
There is one approach that you can sort-of use to make a file upload look like you want, but it's not very nice. You style a text field and button however you like, listen for changes to the file upload field and copy the value to the text field to display. The text field must be read-only because it won't be possible to allow the user to pick a file from there.
You then put the real file upload control on top of the fake one with CSS positioning, and give it CSS opacity (alpha filter in IE) so it's so faint you can't see it. You then have to hope that the browser decides to put a clickable part of the file upload field over the top of where you have rendered your button. Though you can fiddle and check it to work in many popular browsers, it's really very brittle and almost certainly a complete waste of time.
You will not get a consistent UI. Each browser does it's own implementation. A Safari user will expect the Safari method, same for IE and so on.
You might have some success with CSS control of the box but be aware that modern browsers have a lot of security on this field. You will have limited control of this field compared to fields
If you follow instruction here: http://www.15seconds.com/issue/010504.htm
you should be able to have consistent behaviour. Having just
As for styling - this is a task for you. Make sure your HTML and CSS are compatible (work as expected) in all browsers that you support.