|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
|
|
#1
August 4th, 2003, 02:25 PM
|
|||
|
|||
|
Disabling REFRESH in Javascript
Hey ppl ,
I've come up with a javascipt to disable right click, cntrl+R, and funtion keys . I tested it out on my end . Pls try it out and get back if there's any loophole (devnoronha@hotmail.com) or better still, reply to this thread . Just copy and paste the code and create the following 2 files . Open test1.html in the browser (IE) . Of course, Alt F4 will close test2.html . Create test1.html : * Please enclose your code within [ code ] tags * Code:
<Script language='javaScript'>
function openwindow()
{
var scrWidth = screen.width;
var scrHgt = screen.height;
window.open('test2.html','wndTest','height='+ scrHgt +',width=' + scrWidth + ',top=0,left=0,screenX=0,screenY=0,menubar=no,tool
bar=no,scrollbars=yes,resizable=yes,status=yes,ful
lscreen=yes');
}
</script>
<input type='button' value='Click to Open' onclick ='openwindow()' >
Create test2.html :
<Script language='javaScript'>
var isNS = (navigator.appName == "Netscape") ? 1 : 0;
var EnableRightClick = 0;
if(isNS)
document.captureEvents(Event.MOUSEDOWN||Event.MOUS EUP);
function mischandler(){
if(EnableRightClick==1){ return true; }
else {return false; }
}
function mousehandler(e){
if(EnableRightClick==1){ return true; }
var myevent = (isNS) ? e : event;
var eventbutton = (isNS) ? myevent.which : myevent.button;
if((eventbutton==2)||(eventbutton==3)) return false;
}
function keyhandler(e) {
var myevent = (isNS) ? e : window.event;
if (myevent.keyCode==96)
EnableRightClick = 1;
return;
}
document.oncontextmenu = mischandler;
document.onkeypress = keyhandler;
document.onmousedown = mousehandler;
document.onmouseup = mousehandler;
document.onkeydown = showDown;
//-->
function showDown()
{
if (document.all)
{
if (event.keyCode==116 || event.keyCode==82)
{
event.keyCode =0;
return false;
}
}
}
</script>
Cheers Dev Stylus Systems www.stylusinc.com www.stylusinc.net Last edited by devnoronha : August 5th, 2003 at 12:14 PM.
|
|
#3
August 4th, 2003, 04:28 PM
|
|||
|
|||
I understand why you may be upset with something like this ... I used to frown at ppl trying to write such 'malicious' code .
But I soon came to realize that such code is very useful in certain cases . To cite an example, We built an online testing site and we didn't want users taking the test to be able to refresh the page so that the timers get reset . Of course, closing the page altogether was allwoed . So, I don't think theres too much of a security concern with this , so whats the problem ? To each his own, buddy . Peace Dev Last edited by devnoronha : August 4th, 2003 at 04:39 PM.
|
|
#4
August 4th, 2003, 07:33 PM
|
||||
|
||||
|
couldn't anyone open the base page ('test1.html')... click "View" in the menu, click "Source"...
after which, reading your code, noticing the line: window.open('test2.html' (etc...) then just typing http://address/test2.html then follow the same procedure to view the source of test2.html? no html/javascript code is safe in regular browser windows...
|
|
#5
August 5th, 2003, 05:09 AM
|
||||
|
||||
|
Um, yeah, I can get around it.
click View -> Source. For your popup: open up windows explorer, goto your temp internet files directory, open the "popup" file using your fav text editor. By design, you cannot "hide" your source code using "standard" methods. EDIT: i just read madcowz response... just as good :P
|
|
#6
August 5th, 2003, 06:49 AM
|
||||
|
||||
|
Devnoronha, I think iahmed's comment probably was meant to point out that had you done a quick web search, you could have found lots of code already out there to disable right clicks and could have focused your programming efforts elsewhere. I've seen similar code for years. Doubling your effort is your prerogative, of course.
Everybody else is noting that you overestimate the strength of these security measures. Anybody who particularly cares to view your source can manage to. Somebody could wget the pages in question and open them in an editor, for example. If security really matters to you, you shouldn't use methods that hinge on protecting HTML code, but should work on server-side solutions that validate data, check timers, etc., to prevent exploits.
|
|
#7
August 5th, 2003, 12:11 PM
|
|||
|
|||
ok ... my intention was NOT to disallow viewing the source code .
The purpose of this was to disallow a user REFRESHING the page . The User can CLOSE the window whenevr he wishes but shouldnt be able to REFRESH the page . I just re-read my post . Sorry !  forgot to mention the above . If anyone is able to REFRESH the page by whatever means pls get back .... F5, Cntrl+ R , View-Refresh or Right click referesh (i think thts the whole nine yards) ..or is there more ? My code takes care of all 4 possibilities . i wanna know if i've missed out on any ..... Hey iahmed , sorry ...didn't fully undersatnd your post . Thnks dhouston for clarifying. peace to all Dev
|
|
#8
August 5th, 2003, 01:46 PM
|
||||
|
||||
|
Do you have the code posted anywhere that we can test it out? It seems like I was able some time back to do some trick like holding down my left button, then clicking my right button while the left was held down. That may have worked because of poorly-written code.
Have you tested this on several browsers? How about Lynx/Links? Does your code do something like sign a session or at least do a referer check to prevent people, for example, from downloading your forms and submitting them in their own sweet time from their local machines? What about people who try to circumvent your security measures by disabling javascript?
|
|
#9
August 6th, 2003, 12:39 PM
|
|||
|
|||
|
Hi ,
check out my first post and follow the instructions . it's plain html and jabvascript so u can run it locally . You're right . just disabling javascript will make the whole exercise futile *blush*. but, other than that , what do you think ? thanks
|
|
#10
January 31st, 2004, 02:19 PM
|
|||
|
|||
|
I THINK IT IS NOT ALL RE-INVENTING ALSO ... IT WAS CHILDISH COPYING ...;-} THIS WHEELS FROM OTHER SITE
I SUGGEST Try to do something more important and more usefull.
|
|
#11
January 31st, 2004, 04:21 PM
|
||||
|
||||
|
I suggest not so many capital letters in a post =)
After reading this thread again, it occured to me... This is somewhat relying on the operating system and browser being windows-based and IE... its also assuming Javascript is enabled.
|
|
#12
June 8th, 2005, 04:41 PM
|
|||
|
|||
Quote:
Hmm wouldn't that apply to all JavaScript? You guys didn't give this guy any credit... I mean what type of stuff is that? His code is useless because if somebody disables JavaScript it won't work? Well duh! Also I *HAVE* found TONS of scripts for disabling right click menus (in fact too many) but this is the 1st I've ran accross that disables refresh and CNTRL+R n all that crap... Sure (like any other code) it's already probably been created by someone else but it would be very hard to find if we just left it at that. Props to the person who created the post and thanks!
|
|
| Viewing: Dev Articles Community Forums > Programming > JavaScript Development > Disabling Right Click in Javascript |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
