is it possible to save entire document loaded in Webbrowser (in Delphi) as a ordinary HTML file with new values (I mean values entered by user in html's forms this document)? I need this for reading this HTML document with all values next time when application will be used.
Asked
Active
Viewed 6,304 times
6
-
1If this was possible, the Delphi app could retrieve the form field values even before the user submits the HTML form. Including sensitive data such as passwords. – mjn Dec 20 '12 at 09:33
-
1@mjn, well, but it is possible. You can pretty easily get original values that user entered even from masked input fields (like passwords). Don't know about saving to document, but I think you'll have to modify it by yourself when saving. – TLama Dec 20 '12 at 09:50
-
1If this works with password type input fields, I would not trust any app which uses an embedded web browser to communicate with Internet sites,for example doing an OAuth login. – mjn Dec 20 '12 at 10:58
1 Answers
7
Sure this is possible!
Small demo App, make a new vcl forms application, drop a TWebBrowser, a TButton and a TMemo on your form and use this code (don't forget to bind OnCreate for the Form and OnClick for the Button)
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, OleCtrls, SHDocVw, StdCtrls,mshtml, ActiveX;
type
TForm1 = class(TForm)
WebBrowser1: TWebBrowser;
Button1: TButton;
Memo1: TMemo;
procedure FormCreate(Sender: TObject);
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
//code snagged from about.com
procedure WBLoadHTML(WebBrowser: TWebBrowser; HTMLCode: string) ;
var
sl: TStringList;
ms: TMemoryStream;
begin
WebBrowser.Navigate('about:blank') ;
while WebBrowser.ReadyState < READYSTATE_INTERACTIVE do
Application.ProcessMessages;
if Assigned(WebBrowser.Document) then
begin
sl := TStringList.Create;
try
ms := TMemoryStream.Create;
try
sl.Text := HTMLCode;
sl.SaveToStream(ms) ;
ms.Seek(0, 0) ;
(WebBrowser.Document as IPersistStreamInit).Load(TStreamAdapter.Create(ms)) ;
finally
ms.Free;
end;
finally
sl.Free;
end;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
Doc : IHtmlDocument2;
begin
Doc := WebBrowser1.Document as IHtmlDocument2;
Memo1.Lines.Text := Doc.body.innerHTML;
end;
procedure TForm1.FormCreate(Sender: TObject);
var
Html : String;
begin
Html := 'change value of input and press Button1 to changed DOM<br/><input id="myinput" type="text" value="orgval"></input>';
WBLoadHTML(WebBrowser1, Html);
end;
end.
Output:
EDIT
As mjn pointed out, the values of password type inputs will not be shown. You can still can get their value though:
add these 2 lines to Button1.Click and change html
OnCreate:
Html := 'change value of input and press Button1 to changed DOM<br/><input id="myinput" type="password" value="orgval"></input>';
OnClick:
El := (Doc as IHtmlDocument3).getElementById('myinput') as IHtmlInputElement;
Memo1.Lines.Add(Format('value of password field = %s', [El.value]))
whosrdaddy
- 11,720
- 4
- 50
- 99
-
-
@mjn: see my edit, it is possible but it requires knowledge of the Html document, no generic solution in that case... – whosrdaddy Dec 20 '12 at 11:11
-
@mjn Why? Rather than IE consider an application that has a password field. That application needs to be able to get hold of the password. – David Heffernan Dec 20 '12 at 11:12
-
1@DavidHeffernan, It is bad because my external application can read passwords from other IE application... not tested though. but I can defenetlly access foreign IE DOM from my own application, by the window handle, so mjn has a point here. – kobik Dec 20 '12 at 13:33
-
1@kobik Once you install malware on your machine you are hosed. If your process can read the password, then the malware can just inject into your process and read it. – David Heffernan Dec 20 '12 at 13:45