Mtasa-blue: option to use executeBrowserJavascript at non-local webiste

Created on 25 Feb 2020 · 3Comments · Source: multitheftauto/mtasa-blue

Is your feature request related to a problem? Please describe.
You can't use executeBrowserJavascript if browser is not local. It could helps with cef guis.

Describe the solution you'd like
Make if webiste contain meta tag example:

<meta name="mtaserver" content="localhost;127.0.0.1:222003;123.123.123.123:12345">

localhost and server of ip and port 123.123.123.123:12345 can use function executeBrowserJavascript. it let you whitelist which pages has allowed javascript, which not
Describe alternatives you've considered
/

Additional context
No way to hack this, you have to be owner of website to set this tag.

enhancement

Source

CrosRoad95

👍1

Most helpful comment

This is by design. Servers cannot be allowed to execute javascript on remote pages, as otherwise a server could do things on the users behave. For example someone could steal your Github password if you logged into Github from a MTA client by reading the password input field and sending the password to the server.

And no meta tag would be able to help us here, as it'd still open up remote requests for JS injections in the users context.

sbx320 on 28 Feb 2020

👍4

All 3 comments

Should make sure to disallow the execution of JavaScript in iframes from the parent page then. Either that or use this same logic for that. This would be to prevent the website creator from loading in a 3rd-party website and getting around this restriction.