Actionscript/ Wikipedia API - actionscript

I'm working on Actionscript project , I need to call Wikipedia API's , but Wikipedia doesn't contain CrossDomain.xml file to enable flash access.
any suggestion !
Thanks you

If your project is a web page and you have control over the html source, you could simply proxy the calls via ExternalInterface to JavaScript. If you also have control over your server, you can write a very simple php script to relay your commands to wikipedia.
However, if you are on a web page but don't have control over the JS part, don't fret: Turns out you DO have full control by injecting whatever JS you like:
// initially: call anonymous function writing a named function into global JS space
// you could more or less inject a complete framework here. Or a simple JS http proxy.
ExternalInterface.call('function(){hello = function(foo){alert(foo);};}()');
// somewhere else in your code
ExternalInterface.call('hello("world")');
Isn't it fun how you can work around a completely useless security measure (cossdomain.xml) by abusing a critical security problem (javascript injection)?
:)

Related

Serving a webpage with Redstone

I am developing a web application with Dart using redstone and polymer
Because Dart allows for server and client side development, I wonder what a good pattern for a web application is (specifically to Dart)
Option 1:
Have a server, say, /bin/server.dart
1.1. get a request there and respond with json
#app.Route("/user/:id", methods: const [app.GET])
getUser(int id) { ... }
have a client, i.e. web/user.html and web/user.dart
2.1 in user.dart make a request to server
2.2 receive json and form a proper user.html
Option 2:
Have a server /bin/server
1.1 get a request there and respond with an html page, similar to
#app.Route("/")
helloWorld() => "Hello, World!";
If in the first case I more or less know (and understand) how to make things work, while i find it really frustrating that I do not take advantage of Dart's server-client code-sharing: I need to encode to and decode back json to get the same data. Is there a way to avoid it?
The second option is much less clear for me: how would I serve a web page in this way? How would I make Polymer do its work?
Answers on the questions in the text and a general explanation of a darty way to develop web apps are very much appreciated.
You can see a Redstone + Polymer application example here: https://github.com/luizmineo/io_2014_contacts_demo
Basically, it works as Option 1: The client and server communicates through a service API, and the data is encoded as JSON. Although, Redstone uses the shelf_static package to serve the client code to the browser as well.
If you prefer, it's also possible to use a server side template engine, such as mustache, to build html pages in the server, although, I think it would be really difficult to integrate that with Polymer.
And finally, you always have to encode the data someway when transferring data between client and server, but this doesn't means they can't share code. They can use the same domain classes, for example. Check out the sample application linked above for more details.
I don't think the option 2 is possible. Polymer depends on dart:html which is not allowed on server side.

Can we manage the silent print always by PHP or Jquery

print.print_always_silent use to print the page without print dialog box. My question is, can we do this my PHP / JQUERY code?. Please Help me how know well abt this.
I hope not. That would mean any website could print any document from my printer when they want. Would be a huge security hole imho
This is certainly not possible through the browser with PHP, which runs on the server. It's also not possible with javascript: browser security ensures that. Imagine what might happen if any web site could print whenever it wanted to.
There are (or were) ActiveX controls available for IE that enabled this. It might be possible with a browser extension for Chrome or Firefox if you want to explore that.
One other possibility is setting up a printer on Google Cloud Print and having your PHP server print directly to that, bypassing the browser altogether. Handling the authentication behind such a scheme could be tricky, but the API is documented on Google's site.

Mvc 4 Proxy Server/Controller

I am trying to implement the Jonathon Kresner
"Asp .net Mvc 4 Proxy Server/Controller (For help with Cross Domain Request)" https://gist.github.com/jkresner/3982746 .
Could anyone indicate how to call it from jquery please?
the coffescript call with the article gist.github.com/jkresner, leaves me perplexed.
The coffeescript basicaly says that for clients who can't connect to the remote url by themselves, swap out the specified remote URL reference (i.e. http://api.othersite.com/Widget/7 ) with a reference to http://myoriginalpagehost.com/proxy and let the server side proxy the content from the http://myoriginalpagehost.com/proxy URI over to the http://api.othersite.com/Widget/7 URL.
One thing to note on that proxy is that it appears that cache control mechanisms will likely be subverted causing a potentially significant system load. Something to think about before boilerplate copy / paste of someones code. :-/
This article discusses another solution to the proxy issue that makes use of IIS's URL rewriting mechanisms. No coding, just configuring.

How can I detect when user browses certain url?

I'm writing an application, which becomes "useful" once user is browsing certain url.
I want to add feature to my application, that it will be automatically launched once user browses this url, I was thinking of writing some sort of watchdog to trigger it.
My question is, whether there is a generic way to get notified when user browses to urls, I want to support at least IE and FireFox, chrome and safari is nice to have.
I read about DDE and WWW_RegisterURLEcho, but from what I understand it's not supported by FireFox, and also little sample I wrote didn't work with IE as well.
Thank you in advance
some more questions **
Do Url Monikers and Asynchronous Pluggable Protocols help me here ? Is it supported by FireFox ?
If you have control over the website, you could have it write a cookie to the computer. Then have your application monitor for that cookie.
You can implement this in many ways and at many different layers.
At the highest level, you could implement a browser plugin. There is no cross-browser solution at this layer that will let you write the code once and work for every browser. On the easy end of the spectrum, Firefox, you could implement it entirely as a Javascript + XUL plugin and use built-in XPCom interfaces (nsIProcess) for launching your helper process. For IE you would need to write a COM, C++ and win32 BHO that handles DWebBrowserEvents2::BeforeNavigate2. This is the hardest thing to do. There are mechanisms for Safari, Chrome and other webbrowsers that you could use to achieve this same behavior, with varying degrees of difficulty.
At the next level you could implement an HTTP proxy, similar to Fiddler2, that redirects all HTTP traffic through your local proxy first. Each browser has a different way of configuring its proxy settings, but they're all basically registry settings or config files.
At the most basic level you could just snif all IP traffic going out of the machine, similar to the way Wireshark does it, and just look for http requests to your URL. This is probably more difficult to code, but would work for all browsers without any special per-browser configuration stuff going on. You may need to write a driver. I dunno, I've never done work at this level in the stack.

How to properly load HTML data from third party website using MVC+AJAX?

I'm building ASP.NET MVC2 website that lets users store and analyze data about goods found on various online trade sites. When user is filling a form to create or edit an item, he should have a button "Import data" that automatically fills some fields based on data from third party website.
The question is: what should this button do under the hood?
I see at least 2 possible solutions.
First. Do the import on client side using AJAX+jQuery load method.
I tried it in IE8 and received browser warning popup about insecure script actions. Of course, it is completely unacceptable.
Second. Add method ImportData(string URL) to ItemController class. It is called via AJAX, does the import + data processing server-side and returns JSON-d result to client.
I tried it and received server exception (503) Server unavailable when loading HTML data into XMLDocument. Also I have a feeling that dealing with not well-formed HTML (missing closing tags, etc.) will be a huge pain. Any ideas how to parse such HTML documents?
Unfortunately you can't do cross-site loading usting JavaScript without using JSONP. This is a security issue. Your best bet would be to AJAX a request to one of your controller's actions and have it do the web request and return the result to the client.
As far as the 503 Server Unavailable goes, does this happen on every request? It sounds like you're parsing information from WoW Armory. They throttle web requests and will ban you after a certain about of time.
Use http://htmlagilitypack.codeplex.com/ to process HTML on server. Or regexps. Or string.IndexOf. Or import MSHTML via Interop library and use it. Do not load HTML into XML documents unless you're absolutely sure it's pure XHTML.
Also, try to see if 3rd party websites provide more direct access to data - XML, REST, web services.

Resources