Skip navigation.

web:config

tips and tricks for the interwebs

the interwebs accesses your system !

Monday, 12. January 2009, 18:38:25

, ,

Ever wonder how you could have system access, file IO or other capabilities from a html page hosted elsewhere?
Well, in Opera and Mozilla, you can do it with Java, like...
<script type="text/javascript">
java.lang.Runtime.getRuntime().exec("command arg1 arg2");
</script>
and that command should execute just fine. But first you need to give Java permissions to execute that, so go to Opera's installation folder and locate the classes\opera.policy file.
Open it and add the following rule:
grant codeBase "http://mytrustedserver/-" {
    permission java.security.AllPermission;
};
where mytrustedserver is the name of your server. "file://-" is also allowed.
That way java will have permission to do system call, File IO, etc. However, you're enabling permissions with a sledge hammer this way, but it's just for the sake of testing. Still, you should have a good read of java security policies, if you want to make this widely available.
http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html

You have the entire java API available.
This should work
var file = navigator.platform.indexOf("Win")>=0 ? "c:\\file.html" : "~/file.html";
var output = new java.io.PrintStream(new java.io.FileOutputStream(new java.io.File(file)));
output.print("<h1>hello world</h1>");
output.close();
java.lang.Runtime.getRuntime().exec("opera "+file);

If you're having problems, analyse what is displayed on the Java console (Tools>Advanced>Java console).

Beware, others can eavesdrop scripts on your browser, but if you're coding for yourself, then you're fairly safe.
Note: don't try to fool users into changing their policy file for bad reasons. It's not worth it.

Happy development :smile:

http phones fileMy Opera Community Enhancements

Comments

Eam0n 16. September 2009, 18:48

What do you mean by "Beware, others can eavesdrop scripts on your browser"? Thanks you for this post. It sounds very interesting I have been looking for something like this for a long time. I use a system called Moodle for teaching in a University. We have to download Word files that students upload as assigments correct them and then reupload. I would love to come up with a script that would do a batch download. Then do a batch reupload of the corrected assignments. I though something like opera or greasemonkey would be ideal but they are too security conscious.

xErath 16. September 2009, 21:01

Originally posted by Eam0n:

What do you mean by "Beware, others can eavesdrop scripts on your browser"?


The permissions are given to all code at http://mytrustedserver/* meaning that that server can send some javascript to your browser that can use java benefiting from those permissions. So if you enable the permission "java.security.AllPermission", the webpage can have full system access.

Originally posted by Eam0n:

I would love to come up with a script that would do a batch download. Then do a batch reupload of the corrected assignments. I though something like opera or greasemonkey would be ideal but they are too security conscious.

That's quite complex, but I think your best option would be a unite service, considering it can do file io and cross domain xhr.

Write a comment

You must be logged in to write a comment. If you're not a registered member, please sign up.

Download Opera, the fastest and most secure browser

Photos

16092007170.jpg23092007180.jpg08082007028.jpg16092007173.jpg01092008497.jpg01092008498.jpg23092007184.jpg23092007179.jpg31082007138.jpg16092007167.jpg