[sfskseg]

Hello,

I have been tasked with moving some HTML utilities from a Windows system to Linux. Everything went well except for Javascript that makes use of ActiveXObjects. Specifically, one of the HTML pages had a form that, when the user hit submit, did some processing and saved a text file on the local file system where the html file was stored. Obviously, I don't have ActiveXObjects in Firefox. I attempted to use an XMLHttpRequest to send my data to a Perl or PHP script that could save a file like so:

var xhr = new XMLHttpRequest();
xhr.open("POST","myScript.[php/pl]",true);
xhr.send(myData);

But that did not work. In my Firefox error console, I got the error "not well-formed" with an arrow pointing at the first character of the first line of my perl or php script (I tried both). Obviously, Firefox was able to access my scripts because I could see them, but not execute them. I'm guessing this is a security issue. The html page and the script are stored at the same file:// location.

I need to get around the security or change how the save is implemented. It can be saved on the users machine or the file system, and mandatory user interaction is OK. Any suggestions?

A couple of notes:
- This must work with a Linux file System and Firefox
- I can't make use of any extra utilities or libraries
- The system in question is a closed network so "less than secure" fixes will work.

Thanks in advance!

[Dormilich]

sfskseg, on 16 July 2012 - 09:39 AM, said:

In my Firefox error console, I got the error "not well-formed" with an arrow pointing at the first character of the first line of my perl or php script (I tried both). Obviously, Firefox was able to access my scripts because I could see them, but not execute them.

actually, Firefox is not supposed to execute server-side code (PHP, Perl). and since you do not use the HTTP protocol (you have a relative path on the file:// protocol), neither script is processed as supposed returning the bare code, which is not what you want.

you need to call your server scripts through a server (via HTTP), to get them executed properly.

[sfskseg]

Thanks Dorm. Is there a way to get a file system to act like a server? Keep in mind that I can't download any additional software.

[Dormilich]

nope. the only thing you could do is somehow execute a shell command (that is what the server does anyways, calling the PHP/Perl interpreter and execute it on the script), but that is not allowed for Javascript. bear in mind that Javascript (in the browser) is intended for web sevices, i.e. client-server communication through HTTP.

you certainly could write a programme (e.g. in Java, though there needs the Java Runtime Engine to be installed) and let that listen to port 80 (or whatever port you use).