0

Hi I am new to angular and i am trying to develop a web app. As a part of my requirement, i need to capture the screenshot of the entire desktop, which i figured i will not be able to do with the web based angular app since javascript does not have the privilege to do so.

Later, i found that the desktop app, which is the Electron allows the user to capture the screen entirely since it is a desktop app. My question is that , is there a way to switch between these two platforms?

Say, a user is working in the browser and he is trying to take a screenshot, he does with the webapp that is developed with angular. Piece of cake. Now, say, if he wants to test some other app which is in desktop, he needs to open the desktop app (Electron). My doubt here is there any way i can switch between these platforms ? Ideally, my question is can the desktop app be opened with a button click or event from the web app?

Dhirish
  • 321
  • 5
  • 14

1 Answers1

3

This is going to be very difficult, mainly because of security reasons. A website normally cannot access the filesystem of the client, nor can it run commands. This is done to prevent random websites messing with your computer.

There are however a few ways you can do this:

Option 1: Javascript (hacky, do not use it)

As mentioned in this question, there is a way of executing files on the client if you know exactly where it is. It is done by using the file:// protocol like so:

window.open('file://C:/path/to/your/file.exe');

To use this method, you could try to install the Electron program in a folder on the C drive. That way, you always know where it is.

I do not recommend using this option though, I'm just including it because it's a possibility and so you know it's a bad one.

Option 2: Reverse the flow

A good second option would be to change the flow of your application. Instead of starting with your web app, a better approach might be to start in the desktop app and from there open the web app. This can be done using standard practices and is also more durable.

This question details how to use NodeJS (which is part of Electron) to open a website in the client browser.

Option 3: Using a custom URI scheme

The third, and most difficult, option would be to register your own URI scheme in the operating system of the client. Just as http:// makes your computer go on the internet and file:// makes it go to the hard disk, you can make your own scheme/protocol to do what you want. You could register myapp:// in the OS, and have it execute your app once somebody clicks on such a link. This is however far more complicated, and works differently on all operating systems. You will have to create system specific installers for this. More information on how to do this on Windows can be found here.

Conclusion

This is highly situation dependant, but based on what you told me, your focus lies on security. The best approach seems to be option 2 if possible. This way, you start with the desktop app and open a regular URL to your website once needed. This URL is already public, so no other vulnerabilities would get introduced. The custom URI solution is very neat, but introduces two possibilities:

  1. Other websites could launch your app as well.
  2. If you allow passing data in the URL, like myapp://data, other websites could try to pass malformed data to your application to try to compromise it.

Option 2 also has this problem because it's a public facing website, but that's your only concern. Choosing option 3, you would have 2 attack vectors instead of one. But, in the end, it's a matter of preference really. Using a custom URI scheme can be done safely, so it's perfectly fine to use that solution. It will however be more work.

NocNit
  • 280
  • 1
  • 7
  • Thanks @NocNit , ok is that safe other way around? I mean start of with the desktop app and then opening the website app from there on ? – Dhirish May 23 '18 at 19:32
  • Actually, that is alot safer. You can easily open a website from a desktop app without any hacky code. If starting in the desktop app and continuing in the web app is an option, then yes. I will update my answer – NocNit May 23 '18 at 19:36
  • Updated answer and added a link to more info on opening a webpage from NodeJS (Electron). – NocNit May 23 '18 at 19:43
  • You don't need to know where the app it's, you just need to related an app with an extension/protocol, that's how magnet links works for example. – Chris Gomez May 23 '18 at 19:49
  • You're correct, I know these systems exist, but they aren't the same on every OS. It seemed too complicated, but I can update the answer for clarity – NocNit May 23 '18 at 19:58
  • But, is running that kind of app a safer approach? – Dhirish May 23 '18 at 20:04
  • Well, using a custom URI like myapp:// introduces the possibility of other websites starting your app as well. You can even pass values to your program like so: myapp://data. The data at the end will be passed to your program too and you can use it. But, this means that other websites can too, and could try to put malformed data in which could be a security problem. It really depends on how you use it. Still, the safest and easiest approach still seems to start with the application on client side and then open the browser. – NocNit May 23 '18 at 20:14
  • couldn't they do the same with the solution you propose and the static route? – Chris Gomez May 23 '18 at 20:26
  • They can, because the public website is always a vulnerability. But the website is also present when you use a custom URI, which results in 2 attack vectors (app & website) instead of just the website. Moreover, the app runs on the user's system, which directly impacts them. The server can be hardened and monitored. That's why I think starting from desktop is the best approach. – NocNit May 23 '18 at 20:31
  • If that were true wouldn't apps like Slack and github desktop suffer from that problem? If he doesn't really mess up and parse anything and run it as safe it could happen, but give him some credit... – Chris Gomez May 23 '18 at 20:33
  • You're correct, and surely it can be done safely. I'm just saying that you don't have that problem to worry about if you just use the website. It's a matter of preference really – NocNit May 23 '18 at 20:36