Difference between revisions of "Browser"
From MgmtWiki
(→User Control) |
(→User Control) |
||
| Line 40: | Line 40: | ||
There are some elements that are under the control of the user configuration settings. | There are some elements that are under the control of the user configuration settings. | ||
* [https://developer.mozilla.org/en-US/docs/Glossary/Request_header Request Headers] <blockquote>A request header is an HTTP header that can be used in an HTTP request to provide information about the request context, so that the server can tailor the response. For example, the Accept-* headers indicate the allowed and preferred formats of the response. Other headers can be used to supply authentication credentials (e.g. Authorization), to control caching, or to get information about the user agent or referrer, etc. Not all headers that can appear in a request are referred to as request headers by the specification. For example, the Content-Type header is referred to as a representation header. In addition, CORS defines a subset of request headers as simple headers, request headers that are always considered authorized and are not explicitly listed in responses to preflight requests. </blockquote> | * [https://developer.mozilla.org/en-US/docs/Glossary/Request_header Request Headers] <blockquote>A request header is an HTTP header that can be used in an HTTP request to provide information about the request context, so that the server can tailor the response. For example, the Accept-* headers indicate the allowed and preferred formats of the response. Other headers can be used to supply authentication credentials (e.g. Authorization), to control caching, or to get information about the user agent or referrer, etc. Not all headers that can appear in a request are referred to as request headers by the specification. For example, the Content-Type header is referred to as a representation header. In addition, CORS defines a subset of request headers as simple headers, request headers that are always considered authorized and are not explicitly listed in responses to preflight requests. </blockquote> | ||
| − | Information about the type and capabilities of a client device such as a cell phone can be found in the [https://www.developershome.com/wap/detection/detection.asp?page=httpHeaders headers of HTTP requests] received at the server-side. Here are some of the headers that are useful for detecting user agent types, features and capabilities of client devices: | + | Information about the type and capabilities of a client device such as a cell phone can be found in the [https://www.developershome.com/wap/detection/detection.asp?page=httpHeaders headers of HTTP requests] received at the server-side. (That like also includes a Common MIME Types List.) Here are some of the headers that are useful for detecting user agent types, features and capabilities of client devices: |
*The Accept header | *The Accept header | ||
*The User-Agent header | *The User-Agent header | ||
Revision as of 11:34, 27 August 2022
Contents
Full Title or Meme
A fully integrated computer application that not only browses the World Wide Web, but also acts a user agent establishing session with user credentials.
Context
- Users are accustomed to the display and searching capabilities of the browser and typically start there in spite of numerous efforts to create some other primary start page for user interactions or user experience application.
- With the advent of the Progressive Web App, there is an effort by the browser programmers to provide the user with an experience equal to that
Problems
The Application Program Interface (API) in the browser is limited to HTML, CSS and JavaScript, standardized as ECMA Script to satisfy Microsoft's pique.
User Sessions
- See wiki page Browser Identity Interactions for information specific to creating identity using your Browser.
Website Control
All of the content in the HTTP packet is (nearly) completely controlled by the website and interpreted by the DOM in the Browser. That include access to all APIs in the browser accessible by JavaScript.
WebControl
The website can bring up a browser control inside the browser window like this description:
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
this.Load += Form1_Load;
}
private void Form1_Load(object sender, EventArgs e)
{
this.webBrowser1.Navigate("http://www.google.com");
this.webBrowser1.DocumentCompleted += webBrowser1_DocumentCompleted;
}
void webBrowser1_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e)
{
string content = "<div style=\"background:#f00;\"><h1>HACKED</h1></div>";
this.webBrowser1.Document.GetElementById("gb").InnerHtml = content;
}
}
User Control
There are some elements that are under the control of the user configuration settings.
- Request Headers
A request header is an HTTP header that can be used in an HTTP request to provide information about the request context, so that the server can tailor the response. For example, the Accept-* headers indicate the allowed and preferred formats of the response. Other headers can be used to supply authentication credentials (e.g. Authorization), to control caching, or to get information about the user agent or referrer, etc. Not all headers that can appear in a request are referred to as request headers by the specification. For example, the Content-Type header is referred to as a representation header. In addition, CORS defines a subset of request headers as simple headers, request headers that are always considered authorized and are not explicitly listed in responses to preflight requests.
Information about the type and capabilities of a client device such as a cell phone can be found in the headers of HTTP requests received at the server-side. (That like also includes a Common MIME Types List.) Here are some of the headers that are useful for detecting user agent types, features and capabilities of client devices:
- The Accept header
- The User-Agent header
- The Accept-Charset header
- The Accept-Language header
- The x-wap-profile header and the Profile header. They contain the URL to a UAProf document.
References
See Trusted Browser for all user expectation of security from their Browser.
