Like you can go on http://whatsmyuseragent.com/ website and see what user agent you are coming from. I need the similar feature on my website. I tried to view source and didn't find nothing. I am basically looking forward for the html code to find the user agent of people that come on my website, I am just debugging at this point. I am looking to put the coding on my home page so that I can confirm what device the user is coming from. Can anyone help me with this?
HTML is not a programming language. It has no means to get this information.
The proper approach is to read the User-Agent HTTP header using a server side language (and optional web framework) of your preference (e.g. in Perl/Catalyst), and then output it to the page (after sanitizing it to make it HTML safe).
Similar data is also available to client side JavaScript via the navigator object.
The user agent can be whatever the user wants it to be - so don't rely on this for security.
From the client side, you could use some JavaScript in your HTML:
<script language="javascript">
document.write(navigator.userAgent);
</script>
I don't recommend using document.write though.
For the mentioned web site, they're likely checking server side with the HTTP header. To grab this in PHP, you can use:
$ua = $_SERVER['HTTP_USER_AGENT'];
But as Quentin said, sanitise this as it could output anything the user likes.
Related
I'm learning to use a payment method via SCI.
and for that I have to send a POST/GET request to The SCI.
everything is working fine. the payment goes well.
but when I open the page and inspect it, I can see The input fields of the form. (type-->hidden) then using the edit HTML I can change the amount as you can see in the image bellow
<input type="hidden" name="amount_USD" value="60" readonly>
the readonly does not do the job! how can I make HTML Code unchangeable.
or if there is any alternative way to code this in a more secure way.
You can never make client side code completely protected, because there are many tools one can use to manipulate the files. Anything from browser extensions to developer tools can do this. Code that can be modified includes HTML, CSS, and client-side JavaScript.
If your app/website relies on this type of security, it will never be completely secure.
Chrome Dev Tools is only one example of a way some could maliciously use your app. You should evaluate your security practices from the back end to front end.
There is nothing you can do to prevent the user from being able to edit the HTML on client (browser). You should implement server side validation to reject invalid data.
You can read more about it here: JavaScript: client-side vs. server-side validation
In this particular case, you could do something that rejects the amount received from client if it doesn't match on the server. Or, do not receive the amount from the client at all, if the client should not be able to change it.
Is there some secret and mystical way to change the value of my HTTP-request's referer, or at the very least, keep it from showing? Also, using a MitM page from another domain would not solve my issue, as you are now just submitting that other page's value.
This is not browser specific, I would need to do this on the HTML level.
The problem I am facing is a silent-login page where it sends an HTTP-Redirect to the http-Referrer, unless it is the same domain, or empty.
You can not control this on an html level. Your only option is to modify the login code to not issue the redirect or to direct it to the desired page.
It's an old question, but I know how you can do this. The first way is not guaranteed across all browsers, but you can use rel=noreferrer. AFAIK GC is the only UA to currently support this but it is in the standard. FX may also, IDK.
The second way is far more reliable, and it involves a cool little hack someone shared with me on IRC:
Basically, construct an iframe from a base64-encoded data: URI. The framed document is to have a script that listens for a window.postMessage() and when it gets fed the command with a URL to visit, it executes window.top.location = msg.data.URI or however it is that one reads the message. Sorry I can't recall, I haven't slept for a few days.
Enjoy if you still care.. :)
I have a website ( based on JSP/Servlets, using the MVC pattern), and I want to support Ajax-based website and basic HTML-based website. website visitors should be able to change the surfing mode from Ajax to basic HTML and vice versa, - as it applies in Google-mail.
The questions:
What is the best way to achieve this goal easily?
Should I design two views for each page?
I use jQuery and JSON as the result of this answer.
You need Unobtrusive JavaScript, which is part of progressive enhancement.
First, start creating a fully functional web application without any line of JavaScript. Once you got it to work, then start writing JavaScript code which "takes over" the raw HTML work without changing any line of HTML/CSS. In the server side code you need to add logic which recognizes whether the request has been fired by JavaScript or not and return response accordingly. You can test both cases by en/disabling JavaScript in the web browser. In Firefox it's easy with Web Developer Toolbar.
For example, you have a list of mails with all HTML links which should show the mail body:
Message title
Without JavaScript, this would fire a HTTP request to the servlet which loads the mail identified by 1, forwards the request to a JSP which hides the message list in the view and shows the mail in the view.
With JavaScript/jQuery, you need to write code which does exactly the same with help of Ajax, e.g.:
$('a.show').click(function() {
$.getJSON(this.href, callbackFunctionWhichHidesListAndShowsMail);
return false;
});
In the server side you have to distinguish between normal requests and ajax requests so that you can return response accordingly.
boolean ajax = "XMLHttpRequest".equals(request.getHeader("x-requested-with"));
// ...
if (ajax) {
writeJson(response, mail);
} else {
request.setAttribute("mail", mail);
request.getRequestDispatcher("/WEB-INF/mail.jsp").forward(request, response);
}
Finally, to give the user an option to switch between the modes manually, you have to set a cookie or preferably (since cookies are disableable) pass some information in URL (pathinfo or request parameter) which forces the server to disable emitting the <script> lines.
Think of the HTML version as the foundation. Build this first.
Then overlay the additional Ajax functionality as an optional layer on top of this, intercepting the default HTML behaviours as necessary. There isn't any need for two views, just a single view that gradually adds enhanced functionality depending on available technology and/or user preference.
You are quite sensibly attempting progressive enhancement. There is an excellent article, A List Apart: Understanding Progressive Enhancement, which I must give credit to this Stack Overflow answer for; Graceful degradation - when to consider.
I consider graceful degradation to be the more negative way of looking at the problem of supporting different browser capabilities; What is the difference between progressive enhancement and graceful degradation?
I just want to know whether there is a way to answer this question with "Yes" without using JavaScript.
What I want to do is have a search form that automatically generates URLs like http://example.com/search/my+search+term or something similar when I enter my search term into a search text field.
EDIT: Due to some mis-understanding (and not being clear on my part), a clarification: I want the browser to generate that URL based on the value of the text field when the form is submitted.
No, it's not possible without using JavaScript.
The best you can do is using a GET action and have an url like http://example.com/search/?q=my+search+term, where q is the name of the input search box.
Using html only, no.
You could have something server side that might work. You could have the server respond with a 302 response code. If you are using Apache, you could probably use mod_rewrite to take the GET request and generate a new url.
For example, the browser might ask for http://example.com/search/?q=blah+foo+bar, the server could then take that and send the browser a 302 redirect for http://example.com/search/blah+foo+bar.
See more information at the Apache url rewriting guide, or by using your favorite search engine.
You could still use javascript to generate the correct url, but if someone has javascript disabled, this would work as a fallback.
The answer is No
No if you want it to be client side, if you can do it server side (by submitting the form) you can use something like PHP
Yes you could perform something like this server-side pretty easily as long as you don't mind submitting a form.
EDIT: Upon further clarification from the author in comments below: It is not possible in a pure client-side manner without JavaScript or some other client-side tool like Flash/Silverlight (which is admittedly overkill).
the site addres: http://www.ynet.co.il/YediothPortal/Ext/TalkBack/CdaTalkBack/1,2497,L-3650194-0-68-544-0--,00.html
fill the form with rubbish.
Hit 'Send'
the form post the data to another HTML without any parsing of the data i've just added
How do they do it?
A likely option is that they are using a content management system where "html" on the URL doesn't actually mean it's a static html file.
This may be out of left field, but I've certainly used the occasional JS function to grab everything in the header and either parse it or pass it to another script using AJAX.
I'll sometimes use this method in a 404.html page to grab the headers of the previous page, parse them out to see where someone was trying to go and redirect them.
That is, as annakata said, one of the numerous options available.
Edit based on clarified question:
Numerous frameworks can be configured to intercept an html request - for instance asp.net can be set to handle any given extension and an HTTPModule could do anything with that. It's really up to web server configuration what it decides to do with any request.
also: you don't really want to be saying "hijack"