6

How can I run a batch file on the client side? An exe file? Just to open pre-installed program in client side?

[Edit]

Regarding ActiveX, I tried

    var activeXObj = new ActiveXObject("Shell.Application");
    activeXObj.ShellExecute("C:\\WINDOWS\\NOTEPAD.EXE", "", "", "open", "1");

but this doesn't work. Any suggestions?

T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875
Ahmed Atia
  • 17,848
  • 25
  • 91
  • 133
  • 4
    This is not possible - javascript is specifically designed to NOT allow this, because it would be a HUGE security hole. Required or not, you can't do it. – Joel Coehoorn May 18 '09 at 13:56
  • Never say never :) A preinstalled program could install an ActiveX control that allows it to be started from JavaScript. (Disclaimer: this would be icky and incredibly high maintenance, I'm not advocating you actually try this) – Andomar May 18 '09 at 13:59
  • You mean, you are actually asking the SO for a browser hole? That's what this question amounts to. I'm not sure it matters whether it's your pre-installed application or not. There are some things which we shouldn't be willing to help out with on SO. I don't think you really understand that's what you are asking for. – cgp May 18 '09 at 14:04
  • Flash player is an application, and it can be started from JavaScript. No youtube without it! – Andomar May 18 '09 at 14:58
  • 1
    I think perhaps we need to ask at this point - what is it you actually want to do? What are you trying to accomplish on the client, that you want to do from the browser? In other words, why? – Michael Kohne May 18 '09 at 18:05
  • Simply, I need to run a batch file to perform certain actions on the client side, that batch should be run ckint side, simply customer requirement. – Ahmed Atia May 19 '09 at 05:53
  • possible duplicate of [EXE from JavaScript](http://stackoverflow.com/questions/3155231/exe-from-javascript) – Sarfraz Aug 10 '10 at 20:50
  • For Internet Explorer, you should add the Web Server to the list of trusted sites, and in "Customize" you should set ActiveX control permissions to "Ask". – KikoV Mar 01 '13 at 17:01
  • 2
    why don't you tell the user to download the batch file and execute it? You can do that with html, without javascript. – Trylks Jan 20 '14 at 15:19

8 Answers8

39

From Javascript? You can't. It's a security risk. Think about it - would you want every website to be able to run programs on your PC?

pjc50
  • 1,856
  • 16
  • 18
  • I know that this a security risk, but this is an urgent requirement to run pre-installed program on client and to be from Javascript? – Ahmed Atia May 18 '09 at 13:43
  • You could have a batch file to restore drive mappings on an intranet site, for example – Andomar May 18 '09 at 13:44
  • You might be able to achieve this with Microsoft ClickOnce (unreliable, requires IE and a .NET application) Some more context please: where is this webpage? What is the application? – pjc50 May 18 '09 at 13:49
  • 12
    pjc50 didn't mean "security risk" in the sense that it's inadvisable, but rather "security risk" in the sense that browsers will not allow it. – Matt G May 18 '09 at 14:03
11

You mean launch an external program thru a browser window using JavaScript? No way you can do that! That's a goddamn security black hole!

ROMANIA_engineer
  • 54,432
  • 29
  • 203
  • 199
DreamSonic
  • 1,454
  • 11
  • 19
  • It is actually possible: on Windows, you can use a [custom URL protocol](https://stackoverflow.com/questions/80650/how-do-i-register-a-custom-url-protocol-in-windows) to launch an external program from a browser window. – Anderson Green Jan 06 '22 at 03:19
10
<script language="javascript" type="text/javascript">

    function RunEXE(prog) {
        var oShell = new ActiveXObject("WScript.Shell");
        oShell.Run('"' + prog + '"', 1);
    }     
</script>
sri
  • 101
  • 1
  • 2
6

If you really have control on the client, then you may want to install some remote daemon service on the client side, like SSH.

PS. Invoke it through your "server-code", however.

Updated:

Don't be discouraged. You can absolutely do that in safe manner.

  1. First you need a daemon service on the client that will handle the task of invoking your application. Personally, I'd rather build simple rpc-server as windows-service with C++ or Delphi; but many other kinds of server could also do the job (SSH, Apache, Telnet)

  2. Then make a web pages that allow the user to "register" their services with proper authentication to invoke that service (password, security key)

  3. When you want to invoke your application from web-page on the client that's already registered, make ajax call (xmlhttprequest) to your server.

  4. The server should validate the requesting IP address with registered information.

  5. Then make a remote command invokation to the client with the registered information.

There can be some networking situation that this scheme might not work. However, if you really have control on the execution environment then there always be some workarounds.

Sake
  • 4,033
  • 6
  • 33
  • 37
  • But how to do this from web page/ javascript? – Ahmed Atia May 18 '09 at 13:53
  • Make an ajax call to your server. – Sake May 18 '09 at 13:55
  • This is still a horrible solution, but it is so hilariously funny that it's awesome. And in theory it could be done, and be "secure", assuming you can trust the server to have SSH access to the client. It would only apply to an Intranet setting, and really it would never actually be a practical good solution, but it's awesome and without browser addons (e.g., Flash, Silverlight, Java applets)! Does require too much configuration to make it usable by the idiot users that would even request this. – bambams Jan 23 '15 at 20:05
  • 1
    At last someone make sense here. All answers are. Outdated in this. Site. Thanks buddy – jagapathi Feb 28 '19 at 13:40
5

Redirect the client to http://yourserver/batchfile.bat. Under some browsers, this will prompt the user to run the batch file.

Andomar
  • 232,371
  • 49
  • 380
  • 404
3

If the problem is the batch file is being displayed in the browser you need to set Content-Type and Content-Disposition in the HTTP header so the user is prompted to Save (or Run) the file rather than have the browser display it.

You won't be able to run the file without an OK from the user but this shouldn't be a problem.

Have a look at this question for a little more detail.

Community
  • 1
  • 1
David Webb
  • 190,537
  • 57
  • 313
  • 299
0

It's not allowed directly, for security reason. Besides all other answers, there is another idea.

You can build a localhost rest service in your pre-installed program and use javascript to call it with command or data, well assuming that you write the the pre-installed program and the service is supposed to be running when you call. This solution works in some scenarios.

frank
  • 178
  • 2
  • 7
0

Basically, you can't. If you need to launch something on the client side, you'll need another mechanism altogether, presumably one with some security built in. A previous poster mentioned psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx), which will obviously only work if you have appropriate permissions on the target system, and which is completely outside the browser.

Basically, what you are asking for is a BIG, BIG, problem if you were able to do it easily.

You might look into ActiveX, but I don't know what limits there are on an ActiveX object these days (I know there ARE limits, but perhaps you can work within them).

Michael Kohne
  • 11,888
  • 3
  • 47
  • 79
  • So... the JavaScript asks the server to run psexec to start a program on the client? Would work I guess. – Andomar May 18 '09 at 14:01
  • Well, yea. And again, this only works if the server is running as a user that has appropriate permissions on the client. – Michael Kohne May 18 '09 at 18:03