Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WatiN permissions problem when eval javascript code

Tags:

watin

My environment is: WindowXP, IE8, VS2008, WatiN-2.0.20

When i try to execute the follow code:

IE _browser = new IE();
_browser.GoTo(_url);
_browser.Eval("alert('hello!');");

I get the following error:

Message:

"Access denied. (Exception of HRESULT: 0x80070005 (E_ACCESSDENIED))"

Source:

"Microsoft.mshtml"

Partial StackTrace

   in WatiN.Core.Native.InternetExplorer.IEUtils.RunScript(String scriptCode, String language, IHTMLWindow2 window)
   in WatiN.Core.Native.InternetExplorer.IEDocument.RunScript(String scriptCode, String language)
   in WatiN.Core.Document.RunScript(String scriptCode, String language)
   in WatiN.Core.Document.RunScript(String javaScriptCode)
   in WatiN.Core.Document.Eval(String javaScriptCode)

I know is about a premissions problem but i don't know how solve it. Any ideas about this issue.

like image 598
kaptux Avatar asked Oct 21 '10 10:10

kaptux


People also ask

Why is it bad to use eval in JavaScript?

Malicious code : invoking eval can crash a computer. For example: if you use eval server-side and a mischievous user decides to use an infinite loop as their username. Terribly slow : the JavaScript language is designed to use the full gamut of JavaScript types (numbers, functions, objects, etc)… Not just strings!

Is eval () bad?

eval() is a dangerous function, which executes the code it's passed with the privileges of the caller. If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code on the user's machine with the permissions of your webpage / extension.

What can I use instead of eval in JavaScript?

An alternative to eval is Function() . Just like eval() , Function() takes some expression as a string for execution, except, rather than outputting the result directly, it returns an anonymous function to you that you can call. `Function() is a faster and more secure alternative to eval().

Is JavaScript eval safe?

If the data is comming from your server and its something that you, the developer has generated, there is no harm in using eval(). The real harm is beliving everything you read. You see lots of people saying eval() is evil and they have no idea why except that they read it somewhere.


1 Answers

Try turning off IE's protected mode or add your site to trusted zone.

like image 82
prostynick Avatar answered Jan 03 '23 07:01

prostynick