| Groups | Blog | Home |
dotnet jscript : Detect window type
Hi,
Is there a way in client side script so that a page can detect whether it is opened in a pop up window, a normal window or a tab window? -- Bishoy George bishoy@bishoy.com 0102550399
[quoted text, click to view]
"Bishoy George" <bishoy@bishoy.com> wrote in message news:eLtJJ0uXGHA.3840@TK2MSFTNGP02.phx.gbl... > Hi, > Is there a way in client side script so that a page can detect whether it > is opened in a pop up window, a normal window or a tab window? Hey, Usual response to questions like this is "Why do you want to do that?" :-) Not to be snarky, but because often the intent is something completely different (or something impossible...) Peter -- Peter Torr - http://blogs.msdn.com/ptorr HD DVD Program Manager
Hi Peter,
I want my page to detect that it is opened in a popup window or not, because I want this page not to be saved. I made all measures to prevent saving this secured page. One thing is still hindering me: In IE7 when you click on the link to this page while pressing CTRL button it opens in a tab window not in a pop up window. Is there any way then? -------------------- [quoted text, click to view] "Peter Torr (MS)" <ptorr@microsoft.com> wrote in message news:OSuO6Z0XGHA.4120@TK2MSFTNGP03.phx.gbl... > "Bishoy George" <bishoy@bishoy.com> wrote in message > news:eLtJJ0uXGHA.3840@TK2MSFTNGP02.phx.gbl... >> Hi, >> Is there a way in client side script so that a page can detect whether it >> is opened in a pop up window, a normal window or a tab window? > > Hey, > > Usual response to questions like this is "Why do you want to do that?" :-) > > Not to be snarky, but because often the intent is something completely > different (or something impossible...) > > Peter > > -- > Peter Torr - http://blogs.msdn.com/ptorr > HD DVD Program Manager >
[quoted text, click to view]
"Bishoy George" <bishoy@bishoy.com> wrote in message news:uDTjP28XGHA.3328@TK2MSFTNGP02.phx.gbl... > Hi Peter, > > I want my page to detect that it is opened in a popup window or not, > because I want this page not to be saved. > I made all measures to prevent saving this secured page. > One thing is still hindering me: In IE7 when you click on the link to this > page while pressing CTRL button it opens in a tab window not in a pop up > window. Hi, There is no fool-proof way to prevent a page from being saved. What's the scenario for not allowing it to be saved? You can definitely make it harder for people (at least naive users) to save what's on the screen through File-Save. But if you have some legal requirement or the like, you are out of luck. Also this isn't really a .NET question; adding some IE groups Peter -- Peter Torr - http://blogs.msdn.com/ptorr HD DVD Program Manager
Dear Peter,
I did it except from the CTRL button problem. The Scenario: 1- I prevented any browser from displaying the page except IE6 , IE7. 2- I disabled right-click and selection. 3- I disabled print-screen. 4- I prevented the browser from caching the page. 5- the name of the page is encrypted by a key and IV that is changed once the page is loaded so they are one use only. 6- The page comes with Server.Execute() not with Response.Redirect() so the previous page name is displayed instead of the real encrypted page name. 7- The page is opened in a pop up window to remove the menu bar to disable File-Save As The only drawback is in IE7 if the user hold the CTRL button while clicking the link to this page, it will opens in a tab window instead of opening in a pop up window. Help me regarding detecting window type if you can please. Thank You. -- Bishoy George bishoy@bishoy.com 20102550399 ------------------------- [quoted text, click to view] "Peter Torr (MS)" <ptorr@microsoft.com> wrote in message news:OXQBI6DYGHA.508@TK2MSFTNGP02.phx.gbl... > "Bishoy George" <bishoy@bishoy.com> wrote in message > news:uDTjP28XGHA.3328@TK2MSFTNGP02.phx.gbl... >> Hi Peter, >> >> I want my page to detect that it is opened in a popup window or not, >> because I want this page not to be saved. >> I made all measures to prevent saving this secured page. >> One thing is still hindering me: In IE7 when you click on the link to >> this page while pressing CTRL button it opens in a tab window not in a >> pop up window. > > Hi, > > There is no fool-proof way to prevent a page from being saved. What's the > scenario for not allowing it to be saved? You can definitely make it > harder for people (at least naive users) to save what's on the screen > through File-Save. > > But if you have some legal requirement or the like, you are out of luck. > > Also this isn't really a .NET question; adding some IE groups > > Peter > > -- > Peter Torr - http://blogs.msdn.com/ptorr > HD DVD Program Manager >
Bishoy George said the following on 4/15/2006 8:17 AM in
microsoft.public.scripting.jscript: [quoted text, click to view] > Dear Peter, This is Usenet, not email. [quoted text, click to view] > I did it except from the CTRL button problem. "How do I protect my Javascript Code" <URL: http://jibbering.com/faq/#FAQ4_1 > The same principle applies to protecting your HTML code. [quoted text, click to view] > The Scenario: > 1- I prevented any browser from displaying the page except IE6 , IE7. And how do you think you managed that? [quoted text, click to view] > 2- I disabled right-click and selection. Open page. Minimize Browser Open Second Browser window. Disable Scripting. Bring up browser window with webpage. Right Click> View Source Before anyone brings up "Fullscreen", even if you manage that, I have dual monitors and can do anything I want on the second monitor independent of the main monitor - you can't stop me. [quoted text, click to view] > 3- I disabled print-screen. Open page. Resize so that you have some desktop visible. Point the mouse at the desktop. Print Screen. [quoted text, click to view] > 4- I prevented the browser from caching the page. The page will still be in the cache as long as it is open. Open Page Minimize browser Open Cache [quoted text, click to view] > 5- the name of the page is encrypted by a key and IV that is changed once > the page is loaded so they are one use only. Irrelevant to stopping the page from being saved. [quoted text, click to view] > 6- The page comes with Server.Execute() not with Response.Redirect() so the > previous page name is displayed instead of the real encrypted page name. I don't need the "real encrypted page name", if I want the page itself, it's filename is irrelevant. [quoted text, click to view] > 7- The page is opened in a pop up window to remove the menu bar to disable > File-Save As Control-N If you manage to trap that, see above to disable scripting. Then Control-N and you have your toolbars back. [quoted text, click to view] > The only drawback is in IE7 if the user hold the CTRL button while clicking > the link to this page, it will opens in a tab window instead of opening in a > pop up window. The major drawback is that you are trying to force the way the browsers work when you can't. [quoted text, click to view] > Help me regarding detecting window type if you can please. You can't. If you don't want it saved, don't put it on the web. -- Randy comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
[quoted text, click to view]
Bishoy George wrote: > 1- I prevented any browser from displaying the page except IE6 , IE7. No, you didn't. It is a trivial matter to fool the server into thinking I have IE. Any of a dozen Firefox extensions will allow me to customize my UA string. Or I could use Netscape 8 and switch between IE and Gecko engines. Or for that matter, I could open your page in notepad and just get the source directly. [quoted text, click to view] > 2- I disabled right-click and selection. > 3- I disabled print-screen. Again, these are trivial to defeat. [quoted text, click to view] > 4- I prevented the browser from caching the page. You cannot PREVENT a browser from caching. You can suggest a cache-control behavior that most browsers will follow. But they are not required to do so. [quoted text, click to view] > 5- the name of the page is encrypted by a key and IV that > is changed once the page is loaded so they are one use only. If all of the aboved worked, this might actually help. [quoted text, click to view] > 6- The page comes with Server.Execute() not with > Response.Redirect() so the previous page name is displayed > instead of the real encrypted page name. This doesn't really matter. Once again, if everything above worked, #5 negates the need for this entirely. [quoted text, click to view] > 7- The page is opened in a pop up window to remove the menu > bar to disable File-Save As See my response to 1-3. [quoted text, click to view] > The only drawback is in IE7 if the user hold the CTRL > button while clicking the link to this page, it will > opens in a tab window instead of opening in a pop up > window. Consider that the opposite of a drawback. IE7 is helping you to see that (a) security belongs on the server, not on the client, and (b) the information you send to the client BELONGS TO the client. IE7 is opening your eyes to your design flaw before you waste any more time on it. What you have described so far sounds like THE OPPOSITE OF SECURITY to me -- something that gives comfort to the author while still being wide open to a dedicated attacker (even an armchair one). -- Dave Anderson Unsolicited commercial email will be read at a cost of $500 per message. Use of this email address implies consent to these terms.
Dear Randy,
You are a little bit furious even on the Dear word, keep calm my dear. Most of your answers take each point aside not as a whole. 1- Preventing specific browser is easy by the .net Page.Request.Browser.Type 2-, 3- your answers didn't work with my page OR may be I did't know how to make it OR may be IE requires you to close all its windows and reopen them again. 4- You are right. 5- You are wrong. Because it prevented the page from reopen by CTRL-N 6- It is only a masking way 7- return to 5-. Go to http://testarea.nagyresearch.com and make an account for you and I will show you my secured claimed to be unsavable(except with IE7) page. -- Bishoy George bishoy@bishoy.com 20102550399 --------------------------- [quoted text, click to view] "Randy Webb" <HikksNotAtHome@aol.com> wrote in message news:4aadnaGXwJXnptzZnZ2dnUVZ_vmdnZ2d@comcast.com... > Bishoy George said the following on 4/15/2006 8:17 AM in > microsoft.public.scripting.jscript: >> Dear Peter, > > This is Usenet, not email. > >> I did it except from the CTRL button problem. > > "How do I protect my Javascript Code" > <URL: http://jibbering.com/faq/#FAQ4_1 > > > The same principle applies to protecting your HTML code. > >> The Scenario: >> 1- I prevented any browser from displaying the page except IE6 , IE7. > > And how do you think you managed that? > >> 2- I disabled right-click and selection. > > Open page. > Minimize Browser > Open Second Browser window. > Disable Scripting. > Bring up browser window with webpage. > Right Click> View Source > > Before anyone brings up "Fullscreen", even if you manage that, I have dual > monitors and can do anything I want on the second monitor independent of > the main monitor - you can't stop me. > >> 3- I disabled print-screen. > > Open page. > Resize so that you have some desktop visible. > Point the mouse at the desktop. > Print Screen. > >> 4- I prevented the browser from caching the page. > > The page will still be in the cache as long as it is open. > > Open Page > Minimize browser > Open Cache > >> 5- the name of the page is encrypted by a key and IV that is changed once >> the page is loaded so they are one use only. > > Irrelevant to stopping the page from being saved. > >> 6- The page comes with Server.Execute() not with Response.Redirect() so >> the previous page name is displayed instead of the real encrypted page >> name. > > I don't need the "real encrypted page name", if I want the page itself, > it's filename is irrelevant. > >> 7- The page is opened in a pop up window to remove the menu bar to >> disable File-Save As > > Control-N > > If you manage to trap that, see above to disable scripting. Then Control-N > and you have your toolbars back. > >> The only drawback is in IE7 if the user hold the CTRL button while >> clicking the link to this page, it will opens in a tab window instead of >> opening in a pop up window. > > The major drawback is that you are trying to force the way the browsers > work when you can't. > >> Help me regarding detecting window type if you can please. > > You can't. > > If you don't want it saved, don't put it on the web. > > -- > Randy > comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly > Javascript Best Practices - > http://www.JavascriptToolbox.com/bestpractices/
Bishoy George said:
[quoted text, click to view] > >Dear Randy, > >You are a little bit furious even on the Dear word, keep calm my dear. >Most of your answers take each point aside not as a whole. > >1- Preventing specific browser is easy by the .net >Page.Request.Browser.Type How can you possibly know what browser type I'm using? I can send whatever data I like to your server to mislead it. Isn't that enough right there to break your system? --
Bishoy George said the following on 4/16/2006 at 8:38 AM in
news:microsoft.public.scripting.jscript or somewhere close to there: [quoted text, click to view] > Dear Randy, > > You are a little bit furious even on the Dear word, keep calm my dear. Me, furious about Usenet? Surely you jest. There is nothing in Usenet worth getting furious about. [quoted text, click to view] > Most of your answers take each point aside not as a whole. > > 1- Preventing specific browser is easy by the .net > Page.Request.Browser.Type Is that why you page says this: Your browser is IE6! Be very very careful before you answer that. [quoted text, click to view] > 2-, 3- your answers didn't work with my page OR may be I did't know how to > make it OR may be IE requires you to close all its windows and reopen them > again. Perhaps if you quoted what you are replying to it would be easier to know what 2 and 3 were. Even OE has the ability to quote what you are replying to. Ahh, here they are: <quote> [quoted text, click to view] > 2- I disabled right-click and selection. Open page. Minimize Browser Open Second Browser window. Disable Scripting. Bring up browser window with webpage. Right Click> View Source [quoted text, click to view] > 3- I disabled print-screen. <quote> If 2 doesn't work for you, then something is set different in your IE6 from mine. I know that 3 works on *any* browser because the print-screen is a Windows function and not the browser itself. Move your browser window over so you can see an icon on your desktop. Then, click an icon on your desktop and hit print-screen. Or, use any popular screen printing utility - they are a dime a dozen on the web. [quoted text, click to view] > 4- You are right. Being right on #4 alone means you haven't stopped the page from being saved, only made it minimally more difficult is all. [quoted text, click to view] > 5- You are wrong. Because it prevented the page from reopen by CTRL-N OK, irrelevant to me because you can't open a window on my PC without tool bars so I very seldom ever have to do a control-N [quoted text, click to view] > 6- It is only a masking way Fair enough. [quoted text, click to view] > 7- return to 5-. See 5 above. [quoted text, click to view] > Go to http://testarea.nagyresearch.com and make an account for you and I > will show you my secured claimed to be unsavable(except with IE7) page. I applied, it let me have a username but I don't think I will get the email at humptydumpty@google.com so I won't be able to log in. But, to be totally fair, I don't think a lot of your visitors will be savvy enough to get around what little bit of security you have considering most of them would be medical researchers and not scripters. Be aware though that a proxy server that is decent will stop you from removing my toolbars...... -- Randy comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Hi Randy,
I activated the account you made. As you said, I quoted your answers. My answers will start with >>>. [quoted text, click to view] "Randy Webb" <HikksNotAtHome@aol.com> wrote in message news:R-OdncgNZNCKdt_ZRVn-vA@comcast.com... > Bishoy George said the following on 4/16/2006 at 8:38 AM in > news:microsoft.public.scripting.jscript or somewhere close to there: > >> Dear Randy, >> >> You are a little bit furious even on the Dear word, keep calm my dear. > > Me, furious about Usenet? Surely you jest. There is nothing in Usenet > worth getting furious about. > >> Most of your answers take each point aside not as a whole. >> >> 1- Preventing specific browser is easy by the .net >> Page.Request.Browser.Type > > Is that why you page says this: > > Your browser is IE6! > > Be very very careful before you answer that. > [quoted text, click to view] >>> I know that there may be misleading to the server. They say that FireFox ----------------------------------------------------->>> may appear to the server as IE6 or IE7. >>> But yes, I use Page.Request.Browser.Type for knowing your browser type. [quoted text, click to view] >> 2-, 3- your answers didn't work with my page OR may be I did't know how >> to make it OR may be IE requires you to close all its windows and reopen >> them again. > > Perhaps if you quoted what you are replying to it would be easier to know > what 2 and 3 were. Even OE has the ability to quote what you are replying > to. > > Ahh, here they are: > > <quote> > > 2- I disabled right-click and selection. > > Open page. > Minimize Browser > Open Second Browser window. > Disable Scripting. > Bring up browser window with webpage. > Right Click> View Source > > > > 3- I disabled print-screen. > > <quote> > > If 2 doesn't work for you, then something is set different in your IE6 > from mine. I know that 3 works on *any* browser because the print-screen > is a Windows function and not the browser itself. Move your browser window > over so you can see an icon on your desktop. Then, click an icon on your > desktop and hit print-screen. Or, use any popular screen printing > utility - they are a dime a dozen on the web. > [quoted text, click to view] >>> I'd like to ask you how to disable scripting??? ---------------------------------------------------[quoted text, click to view] >> 4- You are right. > > Being right on #4 alone means you haven't stopped the page from being > saved, only made it minimally more difficult is all. > >> 5- You are wrong. Because it prevented the page from reopen by CTRL-N > > OK, irrelevant to me because you can't open a window on my PC without tool > bars so I very seldom ever have to do a control-N > >> 6- It is only a masking way > > Fair enough. > >> 7- return to 5-. > > See 5 above. > >> Go to http://testarea.nagyresearch.com and make an account for you and I >> will show you my secured claimed to be unsavable(except with IE7) page. > > I applied, it let me have a username but I don't think I will get the > email at humptydumpty@google.com so I won't be able to log in. > > But, to be totally fair, I don't think a lot of your visitors will be > savvy enough to get around what little bit of security you have > considering most of them would be medical researchers and not scripters. > > Be aware though that a proxy server that is decent will stop you from > removing my toolbars...... > > -- > Randy > comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly > Javascript Best Practices - > http://www.JavascriptToolbox.com/bestpractices/
Bishoy George said the following on 4/17/2006 4:13 AM:
[quoted text, click to view] > Hi Randy, > I activated the account you made. > As you said, I quoted your answers. My answers will start with >>>. > > "Randy Webb" <HikksNotAtHome@aol.com> wrote in message > news:R-OdncgNZNCKdt_ZRVn-vA@comcast.com... >> Bishoy George said the following on 4/16/2006 at 8:38 AM in >> news:microsoft.public.scripting.jscript or somewhere close to there: >> >>> Dear Randy, >>> >>> You are a little bit furious even on the Dear word, keep calm my dear. >> Me, furious about Usenet? Surely you jest. There is nothing in Usenet >> worth getting furious about. >> >>> Most of your answers take each point aside not as a whole. >>> >>> 1- Preventing specific browser is easy by the .net >>> Page.Request.Browser.Type >> Is that why you page says this: >> >> Your browser is IE6! >> >> Be very very careful before you answer that. >> > > >>>> I know that there may be misleading to the server. They say that FireFox >>>> may appear to the server as IE6 or IE7. >>>> But yes, I use Page.Request.Browser.Type for knowing your browser type. It wasn't Firefox but if you want, I can give you the exact UA string it is using. Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) It is an exact copy of a UA string from IE6 but unless you get into some really really serious object detection you won't be able to tell the difference - especially not from the UA string. I can just as easily make it say "My F**king browser"(I did that for a while just for kicks but my toolbar in IE does say "Randys Browser"). Editing the Registry is fun sometimes :) But as I said before, what you are doing is probably safe enough for your visitors. <snip> [quoted text, click to view] >>>> I'd like to ask you how to disable scripting??? I have a simple add on button I click that enables/disables scripting but in IE6 it is Tools>Internet Options>Security Tab>Advanced and scroll to the bottom. There are 3 or 4 of them to enable/disable. <snip> [quoted text, click to view] >> But, to be totally fair, I don't think a lot of your visitors will be >> savvy enough to get around what little bit of security you have >> considering most of them would be medical researchers and not scripters. I said the above and am leaving that part of what I said intact because the methods you use probably are secure enough for medical researchers. -- Randy comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Still you didn't answer my original question...
How to detect window type (-normal -tab -popup) with the page code. -- Bishoy George bishoy@bishoy.com 20102550399 ---------------------------------- [quoted text, click to view] "Randy Webb" <HikksNotAtHome@aol.com> wrote in message news:HOGdnScBwq_LBd7ZnZ2dneKdnZydnZ2d@comcast.com... > Bishoy George said the following on 4/17/2006 4:13 AM: >> Hi Randy, >> I activated the account you made. >> As you said, I quoted your answers. My answers will start with >>>. >> >> "Randy Webb" <HikksNotAtHome@aol.com> wrote in message >> news:R-OdncgNZNCKdt_ZRVn-vA@comcast.com... >>> Bishoy George said the following on 4/16/2006 at 8:38 AM in >>> news:microsoft.public.scripting.jscript or somewhere close to there: >>> >>>> Dear Randy, >>>> >>>> You are a little bit furious even on the Dear word, keep calm my dear. >>> Me, furious about Usenet? Surely you jest. There is nothing in Usenet >>> worth getting furious about. >>> >>>> Most of your answers take each point aside not as a whole. >>>> >>>> 1- Preventing specific browser is easy by the .net >>>> Page.Request.Browser.Type >>> Is that why you page says this: >>> >>> Your browser is IE6! >>> >>> Be very very careful before you answer that. >>> >> >> >>>>> I know that there may be misleading to the server. They say that >>>>> FireFox may appear to the server as IE6 or IE7. >>>>> But yes, I use Page.Request.Browser.Type for knowing your browser >>>>> type. > > It wasn't Firefox but if you want, I can give you the exact UA string it > is using. > > Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; > .NET CLR 2.0.50727) > > It is an exact copy of a UA string from IE6 but unless you get into some > really really serious object detection you won't be able to tell the > difference - especially not from the UA string. I can just as easily make > it say "My F**king browser"(I did that for a while just for kicks but my > toolbar in IE does say "Randys Browser"). Editing the Registry is fun > sometimes :) > > But as I said before, what you are doing is probably safe enough for your > visitors. > > <snip> > >>>>> I'd like to ask you how to disable scripting??? > > I have a simple add on button I click that enables/disables scripting but > in IE6 it is Tools>Internet Options>Security Tab>Advanced and scroll to > the bottom. There are 3 or 4 of them to enable/disable. > > <snip> > >>> But, to be totally fair, I don't think a lot of your visitors will be >>> savvy enough to get around what little bit of security you have >>> considering most of them would be medical researchers and not scripters. > > I said the above and am leaving that part of what I said intact because > the methods you use probably are secure enough for medical researchers. > > -- > Randy > comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly > Javascript Best Practices - > http://www.JavascriptToolbox.com/bestpractices/
Bishoy George said the following on 4/17/2006 10:39 AM:
[quoted text, click to view] > Still you didn't answer my original question... > How to detect window type (-normal -tab -popup) with the page code. Nobody has answered you because you can't determine - with script - whether it's in a new window or a popup. -- Randy comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
[quoted text, click to view]
"Bishoy George" <bishoy@bishoy.com> wrote in message news:e$vHAaIYGHA.3704@TK2MSFTNGP03.phx.gbl... > Help me regarding detecting window type if you can please. Bishoy, In order to answer your question, we need to understand what it is you are *really* trying to do. Someone who buys a drill is not really buying a drill; they are buying holes. See? :-) As you can see from the other replies, explaining what you have done so far doesn't help. We need to know why you want to stop people saving info (is it top secret military data?) and who the users are (NSA super-spies?). Seems you are trying to stop some kind of medical professionals. Assuming they are not well-versed in web hacking, and assuming they are non-malicious, an easy way would be to have all the content hidden and simply ping the server on document.onload to see if the page view is allowed. If not, keep the content hidden. If so, set the content to display=auto. There are lots of other things you could do using AJAX (<shudder>) but they are more complicated. Peter -- Peter Torr - http://blogs.msdn.com/ptorr HD DVD Program Manager
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
October 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
March 2008
April 2008
| home · blog · groups | Questions? Comments? Contact the dn |