HTTP domain..um...question, or something

Discussion:

(too old to reply)

b***@hotmail.com

2016-11-05 10:01:58 UTC

OK, so I came across a website which censors posts, like, it won't let you post the word "fuck", but the checking is - *Javascript* (don't yet know whether there's a server side check as well),....so I was thinking, I'll just go to that page and save it, and remove the Javascript that's checking for "fuck", so that I can post (assuming there's no server side shit). HOWEVER, you need to be logged in to post. So...my question is, if I open x.html locally, and ASSUME that I've gone to the site, ie. whatever "logged in" cookies are set, can I actually post to that domain from a local page? Or will weird things happen...? The cookie(s) need to be sent, obviously....

Is there some browser to pull this off? Or some type of trickery?

Thanks.

Barry Margolin

2016-11-05 14:35:38 UTC

Permalink

Post by b***@hotmail.com
OK, so I came across a website which censors posts, like, it won't let you
post the word "fuck", but the checking is - *Javascript* (don't yet know
whether there's a server side check as well),....so I was thinking, I'll just
go to that page and save it, and remove the Javascript that's checking for
"fuck", so that I can post (assuming there's no server side shit). HOWEVER,
you need to be logged in to post. So...my question is, if I open x.html
locally, and ASSUME that I've gone to the site, ie. whatever "logged in"
cookies are set, can I actually post to that domain from a local page? Or
will weird things happen...? The cookie(s) need to be sent, obviously....
Is there some browser to pull this off? Or some type of trickery?

Cookies are tied to a particular domain. If you load a page from a local
server, it won't have the cookies that are associated with the domain
you're posting to.

--
Barry Margolin
Arlington, MA

Char Jackson

2016-11-07 00:05:35 UTC

Permalink

Post by b***@hotmail.com
OK, so I came across a website which censors posts, like, it won't let you post the word "fuck", but the checking is - *Javascript* (don't yet know whether there's a server side check as well),....so I was thinking, I'll just go to that page and save it, and remove the Javascript that's checking for "fuck", so that I can post (assuming there's no server side shit). HOWEVER, you need to be logged in to post. So...my question is, if I open x.html locally, and ASSUME that I've gone to the site, ie. whatever "logged in" cookies are set, can I actually post to that domain from a local page? Or will weird things happen...? The cookie(s) need to be sent, obviously....
Is there some browser to pull this off? Or some type of trickery?

I had a completely different problem some years ago, with the common
thread being javascript, although that's not a requirement. I simply
wanted a web page to behave differently. Greasemonkey (Firefox add-on)
completely did the trick.

https://en.wikipedia.org/wiki/Greasemonkey
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

h***@gmail.com

2016-11-08 23:54:59 UTC

Permalink

On Saturday, November 5, 2016 at 3:01:59 AM UTC-7, bit-***@hotmail.com wrote:

(snip)

Post by b***@hotmail.com
...so I was thinking, I'll just go to that page and save it, and remove the
Javascript that's checking for "fuck", so that I can post (assuming
there's no server side shit). HOWEVER, you need to be logged in to post.
So...my question is, if I open x.html locally, and ASSUME that I've gone to
the site, ie. whatever "logged in" cookies are set, can I actually post to that

Last time this happened to me, Javascript hadn't been invented yet.
(Well, maybe close.)

Once you download the page, you can edit it all you want. With the appropriate
editing, it might work.

You would probably do better asking on an HTML newsgroup, though.

Barry Margolin

2016-11-09 16:39:01 UTC

Permalink

Post by h***@gmail.com
(snip)

Last time this happened to me, Javascript hadn't been invented yet.
(Well, maybe close.)
Once you download the page, you can edit it all you want. With the appropriate
editing, it might work.
You would probably do better asking on an HTML newsgroup, though.

Cookies have nothing to do with HTML, they're part of the HTTP protocol
between the client and server.

--
Barry Margolin
Arlington, MA

h***@gmail.com

2016-11-09 18:10:19 UTC

Permalink

(snip, I wrote)

Post by Barry Margolin

Post by h***@gmail.com
You would probably do better asking on an HTML newsgroup, though.

Cookies have nothing to do with HTML, they're part of the HTTP protocol
between the client and server.

That is true, but I thought that people in HTML related groups
would have a better idea how to do what the OP wants.

In the case of HTML pull-down menus, it is possible to copy the
HTML, edit it to add new items, and run it. It will then make the
appropriate requests to the servers. Servers should sanity check
requests.

There is a Java rule that applets are only allowed to make
TCP connections to the server that they were downloaded
from. I don't know if that applies to Javascript. However, that
restriction is handled by the browser, so the user can, theoretically,
change it.

Otherwise, the question regards interaction between HTTP
and Javascript, which I don't know about, and isn't usually a
topic here.

Barry Margolin

2016-11-10 16:07:46 UTC

Permalink

Post by h***@gmail.com
There is a Java rule that applets are only allowed to make
TCP connections to the server that they were downloaded
from. I don't know if that applies to Javascript. However, that
restriction is handled by the browser, so the user can, theoretically,
change it.

Indeed, any truly reliable input validation must be done by the server.
Client-side validation is just for improving the user experience.

If the site the OP referred to only does its bad word filtering on the
client, he can probably defeat it simply by going into the browser's
Development Tools.

--
Barry Margolin
Arlington, MA