[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 527
  • Last Modified:

Bypassing Local File Security allowing javascript to read in a file

Hello All,

      I have an html file using javascript to read in a file: this does not work when I browse locally to the file because of security Issues.   The error that I get is as follows:  


--------
Error: WeekLunchStart is not defined
Source File: file:///C:/lcd/testSchedule.html
Line: 85
--------

Now, this WeekLunchStart variable is defined in a text file that is read in with the javascript:

getFile('testValues.txt');          where this function is defined earlier as:

-------------------------
function getFile(pURL) {
   if (window.XMLHttpRequest) { // code for Mozilla, Safari, etc
      xmlhttp=new XMLHttpRequest();
      xmlhttp.onreadystatechange=postFileReady;
      xmlhttp.open("GET", pURL, true);
      xmlhttp.send(null);
   } else if (window.ActiveXObject) { //IE
      xmlhttp=new ActiveXObject('Microsoft.XMLHTTP');
      if (xmlhttp) {
         xmlhttp.onreadystatechange=postFileReady;
         xmlhttp.open('GET', pURL, true);
         xmlhttp.send();
      }
   }
   
}

// function to handle asynchronous call
function postFileReady() {
   if (xmlhttp.readyState==4) {
      if (xmlhttp.status==200) {
            eval(xmlhttp.responseText);
             document.getElementById('theExample').innerHTML=xmlhttp.responseText;
             
      }
   }
}

------------------

I tried overriding the security issue with:  https://addons.mozilla.org/en-US/firefox/addon/281  

as well as modifying the user.js firefox preference file to try to allow it:  

in my profiles folder at:  C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7yd3r6e.default     I created a text file called user.js     with the information:

user_pref("capability.policy.policynames", "localfilelinks");
user_pref("capability.policy.localfilelinks.sites", "file:///C:/lcd/testSchedule.html");
user_pref("capability.policy.localfilelinks.checkloaduri.enabled", "allAccess");


It still doesn't work; did I do something incorrect?   I need to have this working by the end of the day or its my head.  Please help; and thank you!

0
andrewaiello
Asked:
andrewaiello
  • 8
  • 6
1 Solution
 
ZvonkoSystems architectCommented:
What do you try? Do you want to read local file file:///C:/lcd/testSchedule.html
Is your page also local, then it will work. From web server page it will never work.


0
 
andrewaielloAuthor Commented:
no:  the file:  file:///C:/lcd/testSchedule.html is reading in the file  testValues.txt    which resides in the same location (file:///C:/lcd/testValues.txt)     If i am accessing this via a web server  (as in  http://localhost/lcd/testSchedule.html)  it will read in testValues.txt no problem; but browsing locally (which i need) doesn't work.   It works in IE but it throws a security flag; i hear that firefox blocks this behavior, but there are ways to get around it: thats what i am trying desperately to do.
0
 
ZvonkoSystems architectCommented:
This works for me:



<html>
<head>
<title>Zvonko &#42;</title>
<script>
window.onload = function(){
  getFile('testValues.txt');          
}

function getFile(fileName){
  window.frames.textFrame.location = fileName;
}

function postFileReady(){
  if(window.frames.textFrame.document.body.innerHTML){
    var responseText = window.frames.textFrame.document.body.innerHTML;
    responseText = responseText.replace(/<[^>]+>/g,"");
    document.getElementById('theExample').innerHTML=responseText;
    eval(responseText);
    alert(WeekLunchStart);
  }
}
</script>
</head>
<body>
<iframe name="textFrame" onLoad="postFileReady()" height="0" width="0" ></iframe>
<div id="theExample"></div>
</body>
</html>



0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
andrewaielloAuthor Commented:
Hmm;  this seems to work around the security issues... but I think I am having a problem integrating it into my file because it needs to keep being called on a timer.

I am trying to get it working myself; but if you can could you take a look at the source of this page:  https://ssl117.alentus.com/jkingsweb/gbt/PaxTest/TestLocal/testSchedule.html

And see if you can help me integrate your code into mine (i tried just swaping the two functions but that didn't work).   I'll work on it myself too; but if you could help I'd be super in your debt;  I need this working in an hour or I am dead!!   Thanks!!!
0
 
andrewaielloAuthor Commented:
Also note that in my file i dont need to display the values that are read in; they are used for further javascript calculations.
0
 
andrewaielloAuthor Commented:
I think the thing that is messing me up with trying to integrate it is the Asynchronous calling of the postFileReady Function that needs to happen in my code.
0
 
ZvonkoSystems architectCommented:
This worked for me:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Expires" CONTENT="Tue, 01 Jan 1980 1:00:00 GMT">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">

<script type="text/javascript">


searchString = document.location.search;

//<cfset lastTabVisted = url.lastTab>
//var lastTabVisted = getURLVar('lastTab');


function initArray() {
      this.length = initArray.arguments.length;
      for (var i = 0; i < this.length; i++)
      this[i+1] = initArray.arguments[i];
}

//allows the reading in of a file
function getFile(fileName){
  window.frames.textFrame.location = fileName;
}

function postFileReady(){
  if(window.frames.textFrame.document.body.innerHTML){
    var responseText = window.frames.textFrame.document.body.innerHTML;
    responseText = responseText.replace(/<[^>]+>/g,"");
alert(responseText)
    document.getElementById('theExample').innerHTML=responseText;
    eval(responseText);
    startTime();
  }
}


function startTime(){
      var DOWArray = new
      initArray("Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday");
      var today=new Date()
      var h=today.getHours()
      var m=today.getMinutes()
      var s=today.getSeconds()
      var day = DOWArray[today.getDay()+1];
      
      //document.getElementById('txt').innerHTML=h+":"+m+":"+s
      
      //t=setTimeout('startTime()',1000)  
      //t=setTimeout('startTime()', 1000*60)
      
      
      if (searchString == "") {
      
            t=setTimeout('startTime()',1000)  
      
            if (day == "Saturday" || day == "Sunday") {
            
                  if  (h < WeekendLunchStart) {
                        window.location = WeekendBreakfast;
                  } else if (h >= WeekendLunchStart && h < WeekendDinnerStart)  {
                        window.location = WeekendLunch;
                  } else if (h >= WeekendDinnerStart) {
                        window.location = WeekendDinner;
                  }
            }
            
            else {
            
                  if  (h < WeekLunchStart) {
                      window.location = WeekBreakfast;
                  } else if (h >= WeekLunchStart && h < WeekDinnerStart)  {
                        window.location = WeekLunch;
                  } else if (h >= WeekDinnerStart) {
                        window.location = WeekDinner;
                  }
      
            }
      
      } else {

            t=setTimeout('startTime()', 1000*60)

            if (day == "Saturday" || day == "Sunday") {
            
                  if  (h == WeekendBreakfastStart  && m == 0) {
                         window.location = WeekendBreakfast;
                  } else if (h == WeekendLunchStart && m == 0)  {
                         window.location = WeekendLunch;
                  } else if (h == WeekendDinnerStart && m == 0) {
                         window.location = WeekendDinner;
                  }
            }
            
            else {
            
                  if  (h == WeekBreakfastStart && m == 0) {
                        window.location = WeekBreakfast;
                  } else if (h == WeekLunchStart && m == 0)  {
                        //afternoon stuff
                        window.location = WeekLunch;
                  } else if (h == WeekDinner && m == 0) {
                        window.location = WeekDinner;
                  }
      
            }
      }      
      
}

</script>
</head>

<body onload="getFile('testValues.txt'); ">
<iframe name="textFrame" onLoad="postFileReady()" height="0" width="0" ></iframe>
<div id="txt"></div>
 <div id="theExample">Loading...</div>

You have commented out  by <!-- the theExample div.

0
 
ZvonkoSystems architectCommented:
Can you send me your phone number to the email address in my profile?
0
 
andrewaielloAuthor Commented:
Hmm, its weird;  that worked the first few times I tried it; but now its not redirecting anymore.    

0
 
andrewaielloAuthor Commented:
Want my phone #?   Gonna call me and tell me what a bad programmer I am, lol  ?
0
 
ZvonkoSystems architectCommented:
I do not see what you are doing. On your site I see still the same old errors.
0
 
andrewaielloAuthor Commented:
Oh weird:  it only works if this is not commented out:

<div id="txt"></div>
 <div id="theExample">Loading...</div>

 
I guess i'll just have to make that invisible or something if I dont want the text to show up for that brief second.
0
 
andrewaielloAuthor Commented:
Its okay; it works.  All i needed was to make the page redirect to another page based on what time it was and the values in that text file.  It now does this.  Thank you so much; you really saved my hide!!!
0
 
ZvonkoSystems architectCommented:
:-)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now