Recently, we found that Firefox had made a change towards plugins, such that the user will be temporarily blocked from running them if they are not using the latest version. Our site requires Flash to play sound and interact with the user's webcam/microphone, so we need to do whatever we can to ensure they're not getting these warnings.
One way suggested to me is to create a small Flash control, and wait for it to tell Javascript that it's been initialized. If not (and the user is using Firefox) then they are taken to a page prompting them to update. This may work, but I worry about its reliability, and about running it on every page in our site.
Alternatively, I've been researching a way to use Javascript to detect versions, without making a Flash control. I not only need the user's current version of Flash, but also the version Firefox will expect - and I haven't found an autonomous way of doing so. I don't want an admin to have to change a small value each time Adobe releases a new version. Does anyone have any advice how I could find Flash's latest available version, or an alternate way to solve my problem?
I recommend you have a look at SWFOject and the Express Install option which should ease upgrading considerably.
I just noticed someone upvoting this question, so I thought that I would provide my eventual solution, which I think reduced the impact of a recent issue where Firefox blocked the most recent edition of Flash, pending Adobe's fix.
Basically, I went with a variation on the second paragraph in my question. It does not direct the user to a new page; instead, it opens a dialog over the current page that explains it's having issues communicating with Flash. (It does not specifically say "Your Flash is out of date" because this can also happen if the browser is hiding flash under a Yes/No user dialog). It also contains a small fake flash object, with the idea being that if the browser wants to display a security warning, accept prompt, etc., it can do it inside that space.
The dialog goes away on its own if said Flash control ends up making its callback to JavaScript. It also installs a variable under sessionStorage so we don't bother checking for it again (Flash takes enough time on some computers that you might see the dialog for a split second).
Related
Short version:
Is it possible to detect that someone added code to run inside a page from the browser inspector?
Long version:
Stock broker companies give their users the real time value of stocks, other free tools give you a delayed version of such values, for example 15 minutes old information.
There are other types of financial companies that have real time API to give you access to stock market at a cost.
What some people do is to keep their browsers open in the broker site and inject some JS code to observe the changes and post them elsewhere using XHR or web sockets. Not only network calls but also notification API and the draft Serial API can be exploited to put data out of the site.
This usually can't be done automatically due to the secure nature of logins requiring captcha or other methods. But once logged in and injected the hack will work until the tab is closed.
Usually this is not done by injecting script tags with outer files source, just pasting the whole code inside inspector and running it.
Now back to the question: Can a site know that code rogue code is running in their site?
I thought of some methods like a HASH of every variable used and if anything new is created it reloads the page or warn the user. But I'm not sure it is possible in nowadays JS, I guess document.all could help.
So yes, kinda, and also no kinda... there isn't a great cross browser solution to this as their implementation of the debug tools are all slightly different. This solution is probably the best I've found so far.
Is there a way to prompt users to enable physical web (and therefore BlueTooth) with JavaScript in a similar way to APIs like getUserMedia()?
EDIT: I know this is relatively early stage tech and not widely supported, so the best option will probably be to help users turn this feature on at Settings > Privacy > Physical Web=on
Actually, JS can create push notifications. The problem is that these notifications can't be prompted in the way the OP seems to want. What is possible (but likely not helpful) would be:
Open web page
Use JS to scan for beacons
IF found, prompt the user to turn on Physical Web to find beacons easier in the future
I should also add that WebBluetooth V1 only lets you connect to a single device. V2 has a proposal (not yet finalized) that lets you scan. So everything here is still a bit early. However, these changes are on roadmaps so it's not total blue sky...
No, there isn't. Javascript just can access LocalStorage on your disk, but not raise any prompt to any device on your machine.
I have an ASP.NET MVC application that makes pretty heavy use of javascript and JQuery for both administrative functions as well as customer-facing functions. Recently I reorganized the administrative screens to be able to more cleanly fit administrative controls for some new features.
I tested using IE and Chrome and found that there was a slight, but acceptable hang in one of the busier pages. However, the main person who uses the admin pages uses Firefox and kept reporting an unacceptable hang. I finally checked it out and found that what hangs in Chrome and IE for 2-3 seconds hangs in Firefox for 10-12 seconds, which is no good.
Not knowing where to turn, I wound up installing Glimpse and got it configured and running just fine, but I'm still having trouble figuring out how to drill into it to find out what area of the page is causing trouble. All I can tell so far is that it is definitely something with how the client (Firefox) is rendering. To be clear, it happens on all browsers, but for some reason it is way more pronounced in Firefox.
Can someone please give me some pointers on how to get started on diagnosing the issue? I'm not married to the idea of using Glimpse, but it seems like a pretty decent tool from what I can tell.
Thanks for your help.
Based on what you're describing, the problem appears to be client side. With that said, Glimpse may not be as well-suited as using Firefox's own profiler.
SHIFT+F5 will bring up the web developer performance screen. From there, you can begin/end a performance analysis and gain more insight into what may be taking longer than expected.
It may also be worthwhile to look at the network tab and make sure assets are loading in a timely manner.
Keep in mind as well that add-ins could play into the latency. If the end-user has a setup that performs post-page processing (such as Greasemonkey scripts or (recalling an earlier add-in) a Skype plugin that used to transform phone numbers on the page to direct-dial links), that would also play a part in the performance. A good way to rule these out is to hold down SHIFT while starting up Firefox (effectively running it in Safe Mode), which would determine if it's Firefox itself or an add-in that's to blame.
If I go to a sub-path of a domain, the normal way is to do Some Path. This will reload the page completely.
But on Facebook, when you open a photo, the url on the address bar changes, however the entire page doesn't reload, it only loads the photo platform. So in this way people can share url of photos. I'm wondering how is this done?
I've done some search and some people suggested using history.pushState, however, this is only working on most modern browsers. The one on Facebook also works on IE 7, I'm wondering how they did it?
As you said, history.pushState is only available on modern browsers (noteably IE>=10).
For older browsers, the only way (as far as I'm aware) to change the URL in any way, was to use the "hashbang" technique - using/abusing the ability of hashs in URLs to retain page information. You'd then end up with a URL similar to index.php#!page=x&foo=bar where the hash would be used to represent the current page. The URL would then map one to one with a link such as index.php?page=x&foo=bar, and on refreshing the page, the JavaScript could read back the hash and display the page appropriately. It was by no means a great solution, in particular the browser doesn't correctly store your history, but it was still very popular.
If you're looking to use Ajax to reload pages and change the URL at the same time, then perhaps look into libraries such as History.js / Ajaxify, which will try to use pushState where available, but fall back to using hashbangs where it has to.
You seem to think that facebook supports Ajax for Legacy IE. I'm not aware of this as I can't say IE7 is very often my go-to browser, but IIRC Twitter has far less time for older, less feature-full browsers, and falls back to a much simplified interface (I think it even uses a basic mobile view). I'd probably take a similar stance if it was my website, and make use of pushState where available, and simply offer standalone pages where not. Working on backwards compatibility in these areas has the tendency to be fairly arduous (although the above-mentioned plugins will take quite a considerable load off), and unless you need to offer support, maybe it's just not worth it?
I do not know, how facebook did it, but if you look in the "routing" chapter of Backbone.JS you will see, that
For browsers which don't yet support the History API, the Router handles graceful fallback and transparent translation to the fragment version of the URL.
And if you look further, the sourcecode says:
// Backbone.History
// ----------------
// Handles cross-browser history management, based on either
// [pushState](http://diveintohtml5.info/history.html) and real URLs, or
// [onhashchange](https://developer.mozilla.org/en-US/docs/DOM/window.onhashchange)
// and URL fragments. If the browser supports neither (old IE, natch),
// falls back to polling.
This is the mentioned article to onhashchange.
That is probably the way to go.
Here's the Question: What is the best way to make sure that your requirement for Flash Version "x" on a site will properly detect presence of later-version Adobe Flash Player Version "10" (or "1y" for that matter)?
Now here's the mystery: Why are so many sites that require Flash Player versions 8 and 9 or better failing to detect Flash Player version 10?
And here's the juicy background, in technicolor screen captures in my post, "WTF: The Adobe Flash Version 1x Crisis."
UPDATE 2: I have since confirmed that the problem I am seeing is not about improper comparison for the same-or-more-recent version. It appears that some client-side detection is unable to determine whether there is any Flash Player installed at all, much less what version it is. I have also discovered that if I am running as admin I don't have the problem: detection of Flash 10 works just fine. That makes this a bigger can of snakes than I first thought. I'm not ready to change this question's title just yet, and I am continuing to dissect client-side code to see what wondrous logic unfolds. Details on these latest revelations are on my blog.
UPDATE: Although I did a search, I missed the related question "Why don't flash videos play after upgrading to Flash 10?" The speculations there are interesting but they don't get to the bottom of it. Also, it's not clear how Levi's problem was resolved. Interesting ... Maybe we can get to the bottom of things here.
Some Background
I managed to install the new Adobe Flash Player version 10.0.12.36 as a clean install (with previous versions removed using the Adobe-provided uninstaller).
The first disappointment was noticed when I couldn't play the latest NCIS program from the CBS Television site, not in HD, not in plain-old standard. But I could play videos of my favorite programs on Hulu. The more I nosed around, the more times I found those obnoxious you-don't-have-Flash, you-need-a-later-version-of-Flash, your-version-of-Flash-old messages that offered a button for downloading.
Every time I clicked the download/update button, and told the Adobe site to do the install (which should fail if attempted, because I am not running as admin), my already having version 10.0.12.36 was confirmed instantly and no update was attempted.
Curious, huh?
The Challenge
I think I know exactly what the most-likely bug is in the Flash-detection script that people are using. It is just too juicy to not be the bug.
Now, that does not mean all sites that fail to detect version 10 suffer from the same bug. I just think the one I have in mind is really likely. I should probably seal my theory in an envelope somewhere. Meanwhile, let's see what the StackOverflow community has to offer and what we conclude the lesson is.
I say the bug is really simple and very funny. What do you say?
My guess is the javascript is doing string comparison, and in string land, "10" < "9".
Also, Flash10 changed their security model somewhat (breaking a tool I use called SWFUpload) so it may be related to that (see: http://benr75.com/articles/2008/11/25/swfupload-with-flash-10-fix )
My guess would be detection from string which is something like "Flash Player version X.Y" by doing something like "get the character before '.' and convert it to number." I've done this a few times myself, it's just stupid.
Unfortunately the problem is caused because the poor version detection shipped with flash. That's right, the shoddy code it actually created by Adobe Flash (not sure which versions), which is the reason it's so widespread.
Personally I use swfObject to embed flash.