I want to use full screen mode in silverlight application but while using silverlight's own full screen feature, keyboard is disabled. So i can use browser's F11 functionality to make the application run in full screen mode.
Can anyone please suggest how to send keys in silverlight??
I suspect that you're in trouble. AFAIK, browsers do not allow programmatic access to window functionality; that is, they won't allow an untrusted application (like Silverlight, or on-page JavaScript) to invoke its "fullscreen" command.
There is also no way to "fake out" the browser as though the user sent the keystroke.
Both of these are serious security issues which is why it's not really possible.
Plausibly with Silverlight running as a trusted application in-browser, it may leverage some of the P/Invoke functionality to get around it, but I suspect that's going too far in your case.
EDIT: By the way, if you are able to host your Silverlight app as a trusted application, then keyboard events are still permitted. However, since you've tagged the question as Silverlight-4.0, I do believe you'll have to upgrade to Silverlight 5 to take advantage of the functionality.
Related
I've looked through several similar questions on SO but haven't found something quite like what I need, so my question is this:
I want to take a screenshot (thumbnail) of a URL after the user provides one. I was going to use Awesomium because they provide a fairly simple solution for screengrabs. Unfortunately, Awesomium won't compile in an x64 application, and since I'm building this with ASP.NET for Windows Azure, I can't switch to x86.
So I'm left with a less-elegant solution, using Windows.Forms WebBrowser to load the url and take the screenshot (as shown here: http://www.codeproject.com/Articles/95439/Get-ASP-NET-C-2-0-Website-Thumbnail-Screenshot ).
Ugly, I know, but it works with most pages (there is the occasional white screenshot), but now I'm concerned with security.
If the user inputs a malicious URL and the WebBrowser loads it, what is to stop it from running harmful code and downloading a virus to the server where the app is hosted?
There are several services and websites that offer similar functionality, albeit with different approaches, but the core idea is the same: the site must open up the URL and render the page in order to grab the screenshot. So what kind of measures would one expect them to take to thwart viruses and malicious URLs?
The biggest threat to your application would be client script executing in your browser control (i.e. JavaScript and client-side VBScript). It appears it is not possible to disable JavaScript programmatically in the WebBrowser object:
VB.NET WebBrowser disable javascript
Disable javascript in
WinForms WebBrowser control?
Stripping <script> tags in the first question's first answer is not the way to go for security, as there are so many other ways script can get inserted.
Changing window.alert in the second answer won't work as it needs the page to load fully first, and it is possible for script to execute before then. Also, this would only stop the alert function and not prevent script code in any other way.
Changing the registry settings as suggested in this answer may be the way to go, but this appears to be the same as changing Internet Explorer settings to high security for the internet zone (or selecting custom and disabling Active Scripting). If you are always in control of the machine where your app is loaded from, then manually disabling scripting in Internet Explorer options could be a viable solution.
Most client-side internet threats such as drive-by downloads involve script in some way, so this approach will go a long way in protecting your app.
However, there are other exploits such as the Windows Metafile vulnerability that can harm a client machine.
Viewing a website in a web browser that automatically opens WMF files, in which case any potential malicious code may be automatically downloaded and opened. Internet Explorer, the default Web browser for all versions of Microsoft Windows since 1996, does this.
However, making sure your machines are patched with the latest Windows Updates will secure you against threats like these. This will leave zero-day attacks against Internet Explorer or the WebBrowser object, which you will not be able to do much about. I would suggest running your app on an isolated machine (or VM) which would then upload the screenshot to another server (e.g. via the web) which would help mitigate threats in this scenario.
I was playing around with Microsoft Spy++ and noticed that not only does it find the open processes, but can find the individual components running in each process. For example there is this application that allows you to open a window in which there is a textbox for an IP address and textbox for a port. Spy++ can detect these components. Knowing that Spy++ can detect them, is there anyway possible to find them in a separate c# application and go on to MODIFY their contents and otherwise interact with the program? (such as firing a click event on a button)
This is feasible. Try use PInvoke (InterOp) or AutomationElement, or AutomationPeer (for WPF applications) to automate all you wish to do.
Also you might wish to try Inspect and UISpy application as well.
Automation elements/peer is a non-intrusive mechanism to control UI using accessibility framework. One of the weaknesses in windows is its lack of defence against code injection. Put simply:
As a privileged user,
- You can Open and Modify a running Process image
- Make it load your OWN DLL
- Make it run your OWN thread (that potentially listens to commands from your process) and
- allows you to read any bits of memory you want.
Look at detours (http://research.microsoft.com/en-us/projects/detours/) for how to do it with Managed Processes.. Unfortunately, Microsoft removed the inject at runtime features.
Also look at http://msdn.microsoft.com/en-us/magazine/cc163617.aspx for doing things in the managed world (Apps like Snoop utilise that)
There's an application written in C# that doesn't have any means of remote controlling. The only use scenario possible is to click the buttons with the mouse to get some result.
I'd like to create a server that would expose some common usage scenario with pre-defined clicking logic. So for example the application has a button "do thing" and I'm willing to make an HTTP (or other) server that would click it when a certain URL is loaded.
The application is intended to be used on Windows, though it should work fine with wine - my primary OS is Ubuntu, but I think that running the app in a VM is a better option. To program the rest of of the logic I can use java, python, ruby, php or node.js (I don't know C#).
What is the best approach to handle this? I would prefer not relying on click at the predefined X*Y position on the screen. Ideally the solution would also allow reading the data back.
You can easily automate the gui using the ui automation api. Check for example the White framework on codeplex
http://white.codeplex.com/
I am not sure however if yiu will be able to easily expose such automated application from an application server. The automation is not possible without explicit user session with visible desktop interface thus limiting your server processing to one active session at a time.
Background:
I am creating a Windows Form App that automates order entry on a intranet Web Application. We have a large amount of order entry that needs to be done that will cost us a lot of money so I volenteered to automate the task.
Problem:
I am using the webbrowser class to navigate the web app. I have gotten very far but reached a road block. There is a part in the app that opens a web dialog page. How do I interact with the web dialog. My instance of the webbrowser class is still with the parent page. I am hoping someone can point me in the right direction.
You've got a number of options. To expand on the answers from others and add a new idea...
Do it using the webbrowser control: This is technically possible by either injecting javascript into the target page as demonstrated here or creating a JavaScript object and using it as a bridge via the webbrowser.objectforscripting property. This is very fragile - something as simple as the website changing an element's Id could break it. You also need to make sure your code doesn't interfere with the functioning of the form (clashing function names, etc...)
Do it using a postback: Monitor the communications between the web browser and the server (I personally prefer Firfox/Firebug but ie/Fiddler or Chrome/F12 are both good too). As long as you can replicate the actions of the browser exactly, the server can't know the difference. The problem here is that browsers are complex and the more secure a form is, the more demanding servers are. This means you may have to fake a login, get cookies, send them back on subsequnt requests, Handle Viewstate data and xss prevention variables. It's possible and it's far more robust than the first option but can be a pain to get working. If it's not a highly secure form,, this is your best bet. More information here
Do it by browser automation: Selenium is probably the best option here (as mentioned by others) but suffers from a similar flaw to the webbrowser control in that it's sensitive to changes on the form itself (But not as mcuh so as the webbrowser control).
Incidentally, if you have Visual Studio Ultimate/Test edition (and some others, not sure which), it includes a suite of testing tools including an excellent engine to automate load testing a website. This is also superb for tracking down what exactly a form does as you can see every step of the emulation.
Hope this helps
You have two choices depending of the level of complexity you need:
Use a HTTP Debugger like Fiddler to find out the POST data you
need to send to each page and mimic it via a HttpWebRequest.
Use a Browser Automation Tool like Selenium and do the job.
NOTE: Your action may be considered as spamming by the website so be ready for IP blocking, CAPTCHA...
You could give Selenium a go: http://seleniumhq.org/
UI automation is a far more intuitive approach to these types of tasks.
I am creating a website application which requires keyboard input, specifically without browser focus.
Without giving too much away about my great application idea (=P), I want to respond (even to just a single) keyboard key press, with the understanding that the browser will not have focus.
I have been doing a great deal of studying on this front, and I have found much help with keyboard 'hooks', so that no matter which application has focus, I can react to key inputs (the ones I have been playing with are in vc#). And these work, for executables, but I am not sure how to get them into the browser with my web application.
What my question is: Can I use ActiveX (or anything of that ilk - wpf?) to get access to keyboard input regardless of the browser having focus or not.
Thanks so very much for your time, I would love to learn if this type of thing is even possible, before wasting my time learning how to create and use ActiveX (just to learn that it is not).
The best (possibly only) way to do this would probably be to launch a seperate, medium integrity process (you have to register that properly when you install the control or it won't let you launch it) and have the process run when you need your access. Then you can use interprocess communication to report to the control when something happens that it should know about, possibly firing an event to javascript.
Be very careful how you use this, of course, because if done improperly it could cause a major security hole which would tend to make everyone hate you (most developers consider this a bad thing). For the interprocess communication you could use boost IPC stuff or named pipes.