JavaScript Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
User Name:
Password:
Remember me
 



Go Back   Dev Articles Community ForumsProgrammingJavaScript Development

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Display Modes
 
Unread Dev Articles Community Forums Sponsor:
  #1  
Old August 4th, 2003, 02:25 PM
devnoronha devnoronha is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Aug 2003
Location: Bangalore
Posts: 6 devnoronha User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Disabling REFRESH in Javascript

Hey ppl ,
I've come up with a javascipt to disable right click, cntrl+R, and funtion keys . I tested it out on my end . Pls try it out and get back if there's any loophole (devnoronha@hotmail.com) or better still, reply to this thread .
Just copy and paste the code and create the following 2 files . Open test1.html in the browser (IE) .
Of course, Alt F4 will close test2.html .

Create test1.html :

* Please enclose your code within [ code ] tags *

Code:
<Script language='javaScript'> 
function openwindow() 
{ 
var scrWidth = screen.width; 
var scrHgt = screen.height; 
window.open('test2.html','wndTest','height='+ scrHgt +',width=' + scrWidth + ',top=0,left=0,screenX=0,screenY=0,menubar=no,tool  
bar=no,scrollbars=yes,resizable=yes,status=yes,ful  
lscreen=yes'); 
} 
</script> 
<input type='button' value='Click to Open' onclick ='openwindow()' > 


Create test2.html : 
<Script language='javaScript'> 
var isNS = (navigator.appName == "Netscape") ? 1 : 0; 
var EnableRightClick = 0; 
if(isNS) 
document.captureEvents(Event.MOUSEDOWN||Event.MOUS  EUP); 
function mischandler(){ 
if(EnableRightClick==1){ return true; } 
else {return false; } 
} 
function mousehandler(e){ 
if(EnableRightClick==1){ return true; } 
var myevent = (isNS) ? e : event; 
var eventbutton = (isNS) ? myevent.which : myevent.button; 
if((eventbutton==2)||(eventbutton==3)) return false; 
} 
function keyhandler(e) { 
var myevent = (isNS) ? e : window.event; 
if (myevent.keyCode==96) 
EnableRightClick = 1; 
return; 
} 
document.oncontextmenu = mischandler; 
document.onkeypress = keyhandler; 
document.onmousedown = mousehandler; 
document.onmouseup = mousehandler; 
document.onkeydown = showDown; 

//--> 
function showDown() 
{ 
if (document.all) 
{ 
if (event.keyCode==116 || event.keyCode==82) 
{ 
event.keyCode =0; 
return false; 
} 
} 
} 
</script> 


Cheers
Dev
Stylus Systems
www.stylusinc.com
www.stylusinc.net

Last edited by devnoronha : August 5th, 2003 at 12:14 PM.

Reply With Quote
  #2  
Old August 4th, 2003, 03:26 PM
iahmed iahmed is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: May 2003
Location: USA
Posts: 171 iahmed User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 42 m 58 sec
Reputation Power: 16
Please do not re-invent wheel.
Try to do something more important and more usefull.

Reply With Quote
  #3  
Old August 4th, 2003, 04:28 PM
devnoronha devnoronha is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Aug 2003
Location: Bangalore
Posts: 6 devnoronha User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Cool

I understand why you may be upset with something like this ... I used to frown at ppl trying to write such 'malicious' code .

But I soon came to realize that such code is very useful in certain cases .
To cite an example, We built an online testing site and we didn't want users taking the test to be able to refresh the page so that the timers get reset . Of course, closing the page altogether was allwoed . So, I don't think theres too much of a security concern with this , so whats the problem ? To each his own, buddy .

Peace
Dev

Last edited by devnoronha : August 4th, 2003 at 04:39 PM.

Reply With Quote
  #4  
Old August 4th, 2003, 07:33 PM
MadCowDzz's Avatar
MadCowDzz MadCowDzz is offline
I'm Internet Famous
Dev Articles Frequenter (2500 - 2999 posts)
 
Join Date: Jan 2003
Location: Toronto, Canada
Posts: 2,886 MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level)MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level)MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level) 
Time spent in forums: 1 Week 16 h 19 m 35 sec
Reputation Power: 18
couldn't anyone open the base page ('test1.html')... click "View" in the menu, click "Source"...

after which, reading your code, noticing the line:
window.open('test2.html' (etc...)

then just typing http://address/test2.html

then follow the same procedure to view the source of test2.html?

no html/javascript code is safe in regular browser windows...

Reply With Quote
  #5  
Old August 5th, 2003, 05:09 AM
stumpy's Avatar
stumpy stumpy is offline
May contain nuts.
Dev Articles Regular (2000 - 2499 posts)
 
Join Date: Aug 2002
Posts: 2,056 stumpy User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 5 h 44 m 22 sec
Reputation Power: 0
Um, yeah, I can get around it.

click View -> Source.

For your popup: open up windows explorer, goto your temp internet files directory, open the "popup" file using your fav text editor.

By design, you cannot "hide" your source code using "standard" methods.

EDIT: i just read madcowz response... just as good :P

Reply With Quote
  #6  
Old August 5th, 2003, 06:49 AM
dhouston's Avatar
dhouston dhouston is offline
Contributing User
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: May 2003
Location: Tennessee
Posts: 1,355 dhouston User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Send a message via ICQ to dhouston
Devnoronha, I think iahmed's comment probably was meant to point out that had you done a quick web search, you could have found lots of code already out there to disable right clicks and could have focused your programming efforts elsewhere. I've seen similar code for years. Doubling your effort is your prerogative, of course.

Everybody else is noting that you overestimate the strength of these security measures. Anybody who particularly cares to view your source can manage to. Somebody could wget the pages in question and open them in an editor, for example. If security really matters to you, you shouldn't use methods that hinge on protecting HTML code, but should work on server-side solutions that validate data, check timers, etc., to prevent exploits.

Reply With Quote
  #7  
Old August 5th, 2003, 12:11 PM
devnoronha devnoronha is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Aug 2003
Location: Bangalore
Posts: 6 devnoronha User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Talking

ok ... my intention was NOT to disallow viewing the source code .
The purpose of this was to disallow a user REFRESHING the page . The User can CLOSE the window whenevr he wishes but shouldnt be able to REFRESH the page .

I just re-read my post . Sorry ! forgot to mention the above .

If anyone is able to REFRESH the page by whatever means pls get back .... F5, Cntrl+ R , View-Refresh or Right click referesh (i think thts the whole nine yards) ..or is there more ?
My code takes care of all 4 possibilities . i wanna know if i've missed out on any .....
Hey iahmed , sorry ...didn't fully undersatnd your post . Thnks dhouston for clarifying.

peace to all
Dev

Reply With Quote
  #8  
Old August 5th, 2003, 01:46 PM
dhouston's Avatar
dhouston dhouston is offline
Contributing User
Dev Articles Beginner (1000 - 1499 posts)
 
Join Date: May 2003
Location: Tennessee
Posts: 1,355 dhouston User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Send a message via ICQ to dhouston
Do you have the code posted anywhere that we can test it out? It seems like I was able some time back to do some trick like holding down my left button, then clicking my right button while the left was held down. That may have worked because of poorly-written code.

Have you tested this on several browsers? How about Lynx/Links? Does your code do something like sign a session or at least do a referer check to prevent people, for example, from downloading your forms and submitting them in their own sweet time from their local machines? What about people who try to circumvent your security measures by disabling javascript?

Reply With Quote
  #9  
Old August 6th, 2003, 12:39 PM
devnoronha devnoronha is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Aug 2003
Location: Bangalore
Posts: 6 devnoronha User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Hi ,
check out my first post and follow the instructions . it's plain html and jabvascript so u can run it locally .
You're right . just disabling javascript will make the whole exercise futile *blush*. but, other than that , what do you think ?

thanks

Reply With Quote
  #10  
Old January 31st, 2004, 02:19 PM
strongdevppl strongdevppl is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jan 2004
Posts: 1 strongdevppl User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
I THINK IT IS NOT ALL RE-INVENTING ALSO ... IT WAS CHILDISH COPYING ...;-} THIS WHEELS FROM OTHER SITE

I SUGGEST Try to do something more important and more usefull.

Reply With Quote
  #11  
Old January 31st, 2004, 04:21 PM
MadCowDzz's Avatar
MadCowDzz MadCowDzz is offline
I'm Internet Famous
Dev Articles Frequenter (2500 - 2999 posts)
 
Join Date: Jan 2003
Location: Toronto, Canada
Posts: 2,886 MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level)MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level)MadCowDzz User rank is Lance Corporal (50 - 100 Reputation Level) 
Time spent in forums: 1 Week 16 h 19 m 35 sec
Reputation Power: 18
I suggest not so many capital letters in a post =)

After reading this thread again, it occured to me...
This is somewhat relying on the operating system and browser being windows-based and IE... its also assuming Javascript is enabled.

Reply With Quote
  #12  
Old June 8th, 2005, 04:41 PM
spitrhyma spitrhyma is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2005
Posts: 1 spitrhyma User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 6 m 4 sec
Reputation Power: 0
Thumbs up

Quote:
Originally Posted by MadCowDzz
...its also assuming Javascript is enabled.


Hmm wouldn't that apply to all JavaScript?

You guys didn't give this guy any credit... I mean what type of stuff is that? His code is useless because if somebody disables JavaScript it won't work? Well duh!

Also I *HAVE* found TONS of scripts for disabling right click menus (in fact too many) but this is the 1st I've ran accross that disables refresh and CNTRL+R n all that crap...

Sure (like any other code) it's already probably been created by someone else but it would be very hard to find if we just left it at that.

Props to the person who created the post and thanks!

Reply With Quote
Reply

Viewing: Dev Articles Community ForumsProgrammingJavaScript Development > Disabling Right Click in Javascript


Developer Shed Advertisers and Affiliates


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap