ID:1756114
 
Keywords: browser, text, winget
Applies to:DM Language
Status: Open

Issue hasn't been assigned a status value.
I would like to be able to use "text" on winget for browsers to be able to either receive the html of the current website, or the contents within it. I can't really substitute the process with Export() because of websites that require a login.
I believe this may be partially possible for winget--both in DS the webclient--but not easy. I say partially possible, because getting the innerHTML of the document wouldn't include certain things like the doctype or html tags. I have a vague idea of how I would do this in DS.

What I'm not sure of is if there's any potential for abuse here. It seems like the kind of feature that would risk loosening security and be a lot of work for no real payout. I don't really see a use case for this feature.
I remember wanting this feature a while ago, just to check what is displayed to the client, to determine what I should switch the browser to, when using more.. dynamic(?) text displays to the browser. Unless there's a way to check using the url, if the text is created at run-time and displayed to the client.
In response to Lummox JR
Lummox JR wrote:
What I'm not sure of is if there's any potential for abuse here.

Oh there is, heres the work flow for such a thing:

* open a browser control.

* point it to gmail.com

* convince user to log in. (maybe with some claim of it being a single sign in provider for accounts.)

* read users email address from page

* simulate password reset request to x site for that email.

* read password reset email.

* change users password and spam/scam away.


Now, in all web browsers, this won't work, as there will be no way for the byond code on the webclient to know the contents of the browser control if the web address doesn't match in certain ways.

DS on the other hand is a different ball game.


That being said! Any browser control that is still at a internal url and contains no embedded outside content would be safe to do this with as the game server provided the content, so it has a trusted status for that content.
This wouldn't be possible outside of the webclient anyway. The embedded IE that DS uses doesn't allow cookies.
Yeah using cookies via webclient seemed to do the trick.