34

I need to read the system time from the environment variables on the client's OS. I searched on Stackoverflow and found that this isn't possible. However, those answers were from 2010 and I want to ask if anything has changed since.

Is it possible with some kind of framework? or Javascript is still sandboxed and cut off from OS?

Max
  • 1,054
  • 1
  • 12
  • 20
szpic
  • 4,346
  • 15
  • 54
  • 85
  • 8
    If JavaScript could manipulate OS Environment Variables, we'd all be screwed. – Sterling Archer Jan 23 '14 at 17:51
  • 2
    I don't mean to write there. Just Read ;> – szpic Jan 23 '14 at 17:51
  • It's still insecure, so you're still not allowed to do it (why would it have changed?). What do you need to read them for? – Bergi Jan 23 '14 at 17:51
  • I guess you mean this answer: [Javascript environment variables](http://stackoverflow.com/questions/3770446/javascript-environment-variables)? Yes, it is still valid if you're looking for ways to read them from a website within a browser. – Bergi Jan 23 '14 at 17:55
  • I variables like : %TIME% %DATE% – szpic Jan 23 '14 at 18:22
  • @szpic: For datetimes, you can use the [`Date`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date) in every browser; this does not require any access rights. – Bergi Jan 23 '14 at 22:34
  • I know that but my boss asked me if it possible to use date from environment variables – szpic Jan 24 '14 at 06:59

6 Answers6

21

szpic, if Javascript were not sandboxed from the OS, any half-witted criminal could get onto your computer and take control. Allowing environmental variables is way too low level to ever be allowed.

Take a look at all of your environmental variables and ask yourself if everyone on the planet should have access to all that data about your computer.

If you want to do this with Javascript, you'll have to use a special web browser, such as node-webkit. It isn't going to run on any normal web browser, though, so don't expect more than 0.0001% of the population to expect to run your page.

I don't know your intended use, but one trick, to throw in an environmental variable, is to make a shortcut to your web application, and include it in there as a URL parameter (at least on Winblows).

http://myapp.com?computername=%COMPUTERNAME%
dthree
  • 19,847
  • 14
  • 77
  • 106
8

the javascript Date() Object provides the clients system time.

kidconcept
  • 509
  • 6
  • 13
6

FWIW.... Just playing around with an .HTA file (yes that uses the MSIE 'engine' so you can probably forget about other browsers) and the following JavaScript reads the %TEMP% path variable to set a filepath+name for safely writing a temporary file. This works OK for me :

var oTest = new ActiveXObject("wscript.shell");
pathTest = oTest.ExpandEnvironmentStrings("%TEMP%") + "\\test_it.txt";
oTest = null;
alert(pathTest);  // proves we can read %TEMP%

// and create the file, to complete the example
var oFSO = new ActiveXObject("Scripting.FileSystemObject");
var fil = oFSO.CreateTextFile(pathTest, true);
fil.WriteLine("Hello wonderful world!");
fil.Close();
AjV Jsy
  • 5,799
  • 4
  • 34
  • 30
  • Sorry to bump such an old post, but Is there any special reason for the `oTest = null;` at the end? Is it somehow "freeing" the object or something? Is it important? – rmobis Dec 23 '15 at 11:24
  • That's the idea. Try it with and without - I like to keep things tidy and clear up after myself :) – AjV Jsy Dec 23 '15 at 15:21
  • 1
    Found this answer on another question here on SO: http://stackoverflow.com/a/5835896/1661358. It might help someone that has the same doubts. – rmobis Dec 23 '15 at 15:48
5

All of the answers are today (at the time of writing) long outdated. :)

Of course, JS is still sandboxed, but that does not prevent anyone from using something like environment variables in client software. What you need to know and use wisely is the transfer of data of any kind from the operating system into a front-end application.

Several front-end frameworks may help here. E.g. an Angular application created with @angular/cli provides use cases for different environments out of the box. In an application configuration file (e.g. angular.json) you can configure the options, variables, values, whatever you need that you transport into your front end application via e.g. webpack. They may only be read once and can not change at runtime.

Following library nwjs.io tries something new: it lets you call all Node.js modules directly from DOM.

In docked/docker environments, there are other expectations for backend and frontend software, and these environments are configured differently and properly constrained from the OS's point of view.

4

There is only one way to do this - by using special web browser. Something like node-webkit. It integrates webkit engine with node.js, so you can use it together with DOM.

document.write(require('os').type());

But as everybody else said - there is no chance to do it with "normal" web browser.

Are
  • 2,160
  • 1
  • 21
  • 31
1

This was possible using VBScript but support is removed in IE11. If you are in an IE environment (such as an internal Intranet) then you can convert your VB Code (CreateObject("wscript.shell")) to use ActiveX instead. This will get you around the issue that VB Script is depreciated in IE11 Edge mode and allow your page to access your environment variables and be used in Edge mode. Obviously this is IE only but if you were using VBScript before it was also IE only.

var ax = new ActiveXObject("wscript.shell");
uname = ax.ExpandEnvironmentStrings("%USERNAME%");
av = null;
alert(uname);
Mike
  • 19
  • 1