Can JS run an external program?, not an .exe, for example if i have a .zip file execute it like if i doubleclick on it, something like:

run("c:\myfile.zip")

Just use a regular link. The user chooses the option of opening it rather than saving it to the disk.

Hope that helps!

Happy coding! :)

Thanks i tried that, but i was looking for a way to do it without prompting any dialog.

Maybe the WScript.Shell ActiveX object will help?

if(typeof(window.ActiveXObject)!="undefined") {
var wshell=new ActiveXObject("WScript.Shell");
wshell.run("c:/myfile.zip");
}

Hope that helps!

Happy coding! :)

yeah, but that only works on Windows 98+, and only on an intranet. that won't open files or programs from the internet, because the default security settings in IE keep those sorts of ActiveX controls from running. without using some sort of malicious exploit, there's no way to make files run from the internet, and as far as i know, there's no way to do it at all in Netscape or other Gecko based browsers.

generally speaking, this is one of those things that's just not possible.

Originally posted by joh6nn
and as far as i know, there's no way to do it at all in Netscape or other Gecko based browsers.

LiveConnect is nice. :)

In theory you should be able to go:


function RunProggy(prog) {
try {
netscape.security.PrivilegeManager.enablePrivilege("UniversalExecAccess");
}
catch (e) {
return false;
}
java.lang.Runtime.getRuntime().exec(prog);
return true;
}


You'll get a nice big security prompt too :).

using some sort of malicious exploit,

I know a IE exploit.. but i can´t post it because, i'm shure, the moderators would delete this thread and kick me out of this forum :D

Originally posted by caldasgsm
I know a IE exploit..

Which one of the 19 unpatched security holes in IE might this one be?

http://pivx.com/larholm/unpatched/

This is (one reason among many) why I don't use IE.


Just realized it may seem weird for a super moderator to be posting a link to a site containing some major IE security flaws.
I feel that it is a very legitamate site with an excellent purpose - pressure MS into fixing these gaping flaws in an already inferior product by releasing their knowledge to the general public. Anyone reading BugTraq could find them on there just as easily too.
Public knowledge, public forum, do the math. Talk to George if you disagree.

This is (one reason among many) why I don't use IE.

like other browsers don't have bugs:rolleyes:

there's a difference between a bug and a security issue. it's not rare that a program has bugs, but it is rare that other browsers have security issues. IE has both. and bunches of both.

Nor has Microsoft shown much enthusiasm about fixing either.

The last major Gecko security hole (as rare as they come) was fixed and added into the trunk within 24 hours of reporting it at BugZilla. Most of 19 unpatched holes for IE have been reported for months....

Who needs security after all? :rolleyes:

Or why should we make developer's lives easier, when we can restrict ourselves to one platform, browser, and company? A free, open, Internet is a bad idea!

Ok, done ranting about why IE sucks, and on an official note, let's try to get back on topic. I believe it started with someone saying an exploit could help, and then I posted *the* IE exploit page (also contains exploits for older Opera's and Moz's), and started a tangent on IE's lack of security... etc etc

On topic:

Executing a file? Not without a big bad security warning, if you are lucky enough to have the client enabling such requests.

Even if productively using an exploit was a possibility, keep in mind that as long as MS takes, whatever exploit you used will probably be patched. Not good practice either, to rely on "incorrect" behavior. This extends beyond security holes too... (*cough* such as reliance on IE's quirks *cough*)