Reputation: 2935
WebBrowser Control: Disable Cross Site XSS Filtering or another way to process JS in full on HTML
I am trying to use my web browser control to get retrieve date from a specific page, including all sub-page content. Problem is some of the sub-pages are on a separate domain and thus I am getting a permission deigned error when i try to access the frame [through document.windows.frames(i).document].
Now I understand the reason this is happening as outlined at http://msdn.microsoft.com/en-us/library/ms533028.aspx. However, unlike a user browsing a site who does not want javascript sniffing their history / cookies, I am physically opening my program and running the application for the purpose of this.
Is there any work around to do this, even if I have to manually change security settings? I tried turning all my settings in IE to allow and still same error. I will only be running the app locally and no one will be browsing on IE so I can literally change anything needed to get this to work (even install older version of IE which may allow it but can still handle JS processing).
Note the reason I am using web browser is a great majority of data I will be accessing is JS generated, so I need to access the DOM after JS processed / generated the HTML. Because of this, simply using SOCKETS to get the HTML is really not an option. Even if I had the HTML, I still need some type of engine to process all of the DOM elements based off javascript. If you know of an alternative to this, that is completely acceptable too!
Thanks in advance!
Upvotes: 4
Views: 3324
Answers (3)
Reputation: 437
A HyperText Application may be an option in situations like this. HTA applications run inside their basic browser window, but with permissions of an executable. See this page for more information about HTAs. Note that HTAs do provide security for non-application frames and iframes.
Upvotes: 0
Reputation: 5912
You can create a dynamic proxy page like this:
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Web;
using System.Web.UI;
public partial class TestPage : Page
{
private WebRequest _request;
protected void Page_Load(object sender, EventArgs e)
{
string text;
string url = Request["UrlToGet"];
_request = (HttpWebRequest)
WebRequest.Create(url);
using (WebResponse response = _request.GetResponse())
{
using (StreamReader reader =
new StreamReader(response.GetResponseStream()))
{
text = reader.ReadToEnd();
}
}
}
}
all you need to do is put the requested url in your QueryString or in the post data and you will get the content of the page inside the string text
Upvotes: 0
Reputation: 5912
You can create a proxy on your server to fetch the data and you'll load it from your own domain into a hidden div and then you will be able to use JS to get the data you need from the HTML
Upvotes: 2
Related Questions
- How to prevent XSS (Cross Site Scripting) whilst allowing HTML input
- Cross Site Scripting (XSS) Prevention on C#
- How to prevent XSS in Asp.NET
- Prevent XSS in C# Winform WebBrowser
- .NET HTML whitelisting (anti-xss/Cross Site Scripting)
- VB.NET WebBrowser disable javascript
- C# WebBrowser Control Remove Script Tags (Stop javascript execution)
- How to avoid Cross site scripting in ASP.NET
- Any way to prevent .NET's WebBrowser's from executing javascript?
- Microsoft Anti-Cross Site Scripting Library