How to disable executing javascript from browser address bar

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

How to disable executing javascript from browser address bar

Postby zgshen » Mon Jan 15, 2018 10:20 pm

For some security reasons,I need to disable this behavior .
I have tried to override the OnBeforeNavigation method, but "javascript:" scheme seems not trigger this method.
Thanks!
zgshen
Techie
 
Posts: 25
Joined: Sun Jun 04, 2017 9:35 pm

Re: How to disable executing javascript from browser address

Postby HarmlessDave » Tue Jan 16, 2018 1:16 pm

You could use CEF in windowed mode and create a main frame with your own user interface, then you have complete control over the address bar, menus, tabs, etc.
HarmlessDave
Expert
 
Posts: 370
Joined: Fri Jul 11, 2014 2:02 pm

Re: How to disable executing javascript from browser address

Postby Czarek » Tue Jan 16, 2018 3:55 pm

Try OnBeforeBrowse in the Browser process.
Maintainer of the CEF Python, PHP Desktop and CEF C API projects. My LinkedIn.
User avatar
Czarek
Virtuoso
 
Posts: 1927
Joined: Sun Nov 06, 2011 2:12 am

Re: How to disable executing javascript from browser address

Postby zgshen » Tue Jan 16, 2018 11:10 pm

HarmlessDave wrote:You could use CEF in windowed mode and create a main frame with your own user interface, then you have complete control over the address bar, menus, tabs, etc.

Yes,I did. I use "mainFrame->LoadURL" to handle the request from address bar.
Do you mean that I should check the url before invoking LoadURL?
zgshen
Techie
 
Posts: 25
Joined: Sun Jun 04, 2017 9:35 pm

Re: How to disable executing javascript from browser address

Postby zgshen » Wed Jan 17, 2018 12:48 am

Czarek wrote:Try OnBeforeBrowse in the Browser process.


I tried
Code: Select all
mainFrame->LoadURL("javascript:alert(1)")
,and OnBeforeBrowse not been triggered.
zgshen
Techie
 
Posts: 25
Joined: Sun Jun 04, 2017 9:35 pm

Re: How to disable executing javascript from browser address

Postby HarmlessDave » Wed Jan 17, 2018 1:00 pm

zgshen wrote:
HarmlessDave wrote:You could use CEF in windowed mode and create a main frame with your own user interface, then you have complete control over the address bar, menus, tabs, etc.

Yes,I did. I use "mainFrame->LoadURL" to handle the request from address bar.
Do you mean that I should check the url before invoking LoadURL?


Yes, do a case-insensitive match of the start of the string. You just can block "javascript:", or other things like "file:" and "mailto:" if you want. You could even just allow http:, https:, bout:blank, and URLs with no ':' character before any '?' character. That last one is to allow typing just "google.com" or "www.google.com" without http://
HarmlessDave
Expert
 
Posts: 370
Joined: Fri Jul 11, 2014 2:02 pm

Re: How to disable executing javascript from browser address

Postby zgshen » Wed Jan 17, 2018 8:33 pm

HarmlessDave wrote:
zgshen wrote:
HarmlessDave wrote:You could use CEF in windowed mode and create a main frame with your own user interface, then you have complete control over the address bar, menus, tabs, etc.

Yes,I did. I use "mainFrame->LoadURL" to handle the request from address bar.
Do you mean that I should check the url before invoking LoadURL?


Yes, do a case-insensitive match of the start of the string. You just can block "javascript:", or other things like "file:" and "mailto:" if you want. You could even just allow http:, https:, bout:blank, and URLs with no ':' character before any '?' character. That last one is to allow typing just "google.com" or "www.google.com" without http://

Thanks a lot!
zgshen
Techie
 
Posts: 25
Joined: Sun Jun 04, 2017 9:35 pm


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 28 guests