Difference between revisions of "Browser"

From MgmtWiki
Jump to: navigation, search
(User Control)
(User Control)
Line 39: Line 39:
 
==User Control==
 
==User Control==
 
There are some elements that are under the control of the user configuration settings.
 
There are some elements that are under the control of the user configuration settings.
* [https://developer.mozilla.org/en-US/docs/Glossary/Request_header Request Headers]
+
* [https://developer.mozilla.org/en-US/docs/Glossary/Request_header Request Headers] <blockquote>A request header is an HTTP header that can be used in an HTTP request to provide information about the request context, so that the server can tailor the response. For example, the Accept-* headers indicate the allowed and preferred formats of the response. Other headers can be used to supply authentication credentials (e.g. Authorization), to control caching, or to get information about the user agent or referrer, etc. Not all headers that can appear in a request are referred to as request headers by the specification. For example, the Content-Type header is referred to as a representation header. In addition, CORS defines a subset of request headers as simple headers, request headers that are always considered authorized and are not explicitly listed in responses to preflight requests. </blockquote>
  
 
==References==
 
==References==

Revision as of 20:28, 26 August 2022

Full Title or Meme

A fully integrated computer application that not only browses the World Wide Web, but also acts a user agent establishing session with user credentials.

Context

  • Users are accustomed to the display and searching capabilities of the browser and typically start there in spite of numerous efforts to create some other primary start page for user interactions or user experience application.
  • With the advent of the Progressive Web App, there is an effort by the browser programmers to provide the user with an experience equal to that

Problems

The Application Program Interface (API) in the browser is limited to HTML, CSS and JavaScript, standardized as ECMA Script to satisfy Microsoft's pique.

User Sessions

Website Control

All of the content in the HTTP packet is (nearly) completely controlled by the website and interpreted by the DOM in the Browser. That include access to all APIs in the browser accessible by JavaScript.

WebControl

The website can bring up a browser control inside the browser window like this description:

 public partial class Form1 : Form
 {
    public Form1()
    {
        InitializeComponent();
        this.Load += Form1_Load;
    }
    private void Form1_Load(object sender, EventArgs e)
    {
        this.webBrowser1.Navigate("http://www.google.com");
        this.webBrowser1.DocumentCompleted += webBrowser1_DocumentCompleted;
    }
    void webBrowser1_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e)
    {
        string content = "<div style=\"background:#f00;\"><h1>HACKED</h1></div>";
        this.webBrowser1.Document.GetElementById("gb").InnerHtml = content;
    }
 }

User Control

There are some elements that are under the control of the user configuration settings.

  • Request Headers
    A request header is an HTTP header that can be used in an HTTP request to provide information about the request context, so that the server can tailor the response. For example, the Accept-* headers indicate the allowed and preferred formats of the response. Other headers can be used to supply authentication credentials (e.g. Authorization), to control caching, or to get information about the user agent or referrer, etc. Not all headers that can appear in a request are referred to as request headers by the specification. For example, the Content-Type header is referred to as a representation header. In addition, CORS defines a subset of request headers as simple headers, request headers that are always considered authorized and are not explicitly listed in responses to preflight requests.

References

See Trusted Browser for all user expectation of security from their Browser.