When running the below code, it fails to display the text I wrote. Instead, it displays in the status bar the URI of the link. Why is this happening?
link here
window.status isn't a standard property. It has been eliminated for security reason. You can't do that on modern browsers (including IE9).
You'll have to find another solution, like for example making a small div at the bottom left corner :
<a href="link"
onmouseover="document.getElementById('status').innerHTML='your text';"
onmouseout="document.getElementById('status').innerHTML='';">link here</a>
<div id=status style="position:fixed;bottom:0;left:0"></div>
Being able to modify the status bar information is an excellent way to mislead users into thinking that a link will take them to Place They Want To Be instead of Place That Will Steal Their Password… so browsers don't let page authors mess with it any more.
Internet Explorer 7 limits the ability of Web pages to use scripts to write information to the status bar. This ability is restricted by default for the Internet Zone, and is subject to user-configurable settings for Trusted and Restricted Sites Zones. This is part of the work to ensure that users are not misled by Web pages. Calls to window status will fail silently in cases where updates are not allowed.
— Security and Compatibility in Windows Internet Explorer 7
HTML has a title attribute designed specifically to provide advisory information about an element. Use that to display status information.
link here
Related
I have below code:
HTML
<p>Click the button to open an about:blank page in a new browser window that is 200px wide and 100px tall.</p>
<button onclick="popitup2()">Open Window</button>
JavaScript
function popitup2() {
newwindow2 = window.open('', 'name', 'height=200,width=150');
var tmp = newwindow2.document;
tmp.write('<html><head><title>popup</title>');
tmp.write('<link rel="stylesheet" href="js.css">');
tmp.write('</head><body><p>this is once again a popup.</p>');
tmp.write('<p>view location.</p>');
tmp.write('<p>close the popup.</p>');
tmp.write('</body></html>');
tmp.close();
}
When I run this in Firefox: popup window has address bar like "http://www.w3schools.com/js/tryit_view.asp?x=0.695266304636076"
When I run the same in Chrome: popup window has address bar like "about:blank"
My question is:
Why it is different for two browsers even though I'm using the same code snippet?
How to make the common address bar(url) for popup window across all browsers?
Even my application is having this issue.
I am very curious to know the root cause for this. Can anyone please explain me?
You're going to notice little inconsistencies like this a LOT as you get into working with web development -- what's important to keep in mind is that while HTML/CSS/Javascript all have written specifications and standards, it's up to the browser manufacturers to implement those standards, and they often choose to do so in ways that may vary in small (or large!) ways between one browser and another. You'll notice that on some mobile browsers such as that on the iPhone (and from what I hear, new canary versions of Chrome), the address bar doesn't even display the full URL for normal pages, but rather just the root address of the site. It's something we as web developers just have to live with -- if it's not a hard and fast part of the technical specification, we can't always expect things to behave consistently or in the way we'd expect it to.
Is it applicable to remove the address bar from a popup window using javascript
ex:
window.open(url, 'liveMatches', 'width=720,height=800,toolbar=0,location=0, directories=0, status=0, menubar=0');
please advice,
use jquery ui (http://jqueryui.com/demos/dialog/)
or perhaps
window.open(url,'liveMatches','directories=no,titlebar=no,toolbar=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,width=720,height=800');
actually
You cannot remove the address bar in modern browsers. That is a security measure. The user must always know what page they are on. Address bar also let user know, what type of security is on that page (HTTP or HTTPS).
Theoretically, yes. However, as with everything in Javascript, there's no guarantee that any given browser will support it or that the implementation will be consistent across browsers.
This link as well as this link indicate that the location option should control whether or not the Location/Address bar is shown. It should also have relatively good cross-browser support.
I'm building an in-browser application for my company's internal use. It would be helpful if my users could quickly switch between 6 different browser dimensions. I've tried using window.resizeTo, but it seems most modern browsers are disabling any sort of coded resizing. Safari seems to be my only exception for Mac users, but I'm concerned that they too will follow suit with Chrome and FF.
Is anybody aware of any work-arounds or user opt-ins? I've found a Chrome extension that can get the job done, but ideally there wouldn't have to be any sort of configuration or 3rd party extensions as some of my users have very strict permissions on their machines.
No, that's not possible. Otherwise all kind of ads would ask the user to allow them to resize themselves in the hope some people allow it (and thus most likely allow it for the whole adserver used by tons of websites).
You could wrap your application's content in a <div> with overflow: scroll, and resize that actual div. If your application's styles do not allow that, you can wrap it in an <iframe> with the viewport size you want to enforce.
That's basically it. Somehow, the javascript in Google Docs can turn off the default headers and footers showing the URL, date, page numbering, etc.
This only works in Google Chrome. When Google Docs is running from another browser it will print the headers/footers unless removed manually through the print configuration dialog. In Safari, it seems to generate a PDF server-side which of course will print outside of the browser.
I've searched around the web and have found nothing on how this is done. The javascript in the page is of course minified and obfuscated so it's difficult to get any insights from there.
So before I'm forced to dive into that spaghetti, I'd like to know if anybody has any ideas of how this is done.
After delving into some source code I found on a web page that has also resolved the issue (not Google Docs), the secret is the following CSS:
#page
{
margin:0;
}
This only works on Chrome, and perhaps Opera though I have to verify if the latter is true as it's printing the background color by default while chrome prints with a white background and the colored background in my page might be just obscuring the header/footer text.
Other browsers give differing results:
Firefox and Safari ignore the margins apparently and print the headers/footers anyway.
IE9 makes a mess of things and the contents print overlapped with the header/footer text. Poor browser always gets all the heat...
In conclusion, combining this with silent printing coming out in Chrome 18 kiosk mode will make for some interesting functionality, such as mail merge capabilities right from the browser though I still have to research how secure kiosk mode is though, as navigating to a malicious page runs the risk of exhausting printer ink and paper.
Navigation should be restricted to a URL white-list in this case.
I'm opening a popup window via javascript. I'm trying to set some of the display parameters - specifically we want to hide the location and statusbar, but every browser I've tested this in, the location and status bars still display.
My code looks like this:
newwindow=window.open(url,'name','height=250,width=290,left=200,top=200,location=no,resizable=yes,scrollbars=yes,toolbar=no,status=no');
Any ideas? The client is insisting on a popup window, rather than a hover tooltip.
The browsers have stopped listening to some of the parameters for security reasons. For example, FF3+ and IE6 / 7+ force a location bar to prevent scammers pretending to be a site they're not.
Related: The Internet Explorer 7 Security Status Bar
Whenever you are visiting any website, you should look at the full address (URL) for the site to understand what website you are looking at. IE7 helps you by enforcing the presence of an address bar in every window, but you still may need to scroll through it or maximize the window in order to view the full address.
If you need more freedom, and happen to have some control over the user's computer (e.g. in a closed intranet), there are solutions like Mozilla Prism that allow a web site to appear rather like a desktop application. But those are highly specialized solutions unsuitable for normal web sites.
Yes, some parameters are disabled. The reason is that it should not be possible to open a window that pretends to be something else.
The exact rules depends on the browser, the scope of the page (intranet/public), and the user settings. Most browsers won't remove the address bar, so that you can always see where the page is coming from.
You can for example read here about the restrictions in Internet Explorer.
Some quotes:
"Internet Explorer 6 for Windows XP
SP2 requires that the window title
bar and status bar are always in the
visible area of the display; if the
address bar is displayed, it must also
remain visible. By placing these
restrictions on script-opened windows,
the Window Restrictions security
feature prevents malicious code from
hiding information and from spoofing
user interfaces. The Window
restrictions feature is on by default
for the Internet zone, and the feature
is off by default for the Local
Intranet and Trusted Sites zones."
and:
"The status bar is an Internet
Explorer security feature that
provides the user with Internet
Explorer security zone information.
Prior to Internet Explorer 6 for
Windows XP SP2, the status bar could
be hidden from the user by scripts
that call the window.open method. With
the status bar hidden from view, users
could be deceived into thinking that
they were on a trusted site when they
were actually interacting with a
malicious host.
With window restrictions in place, the
status bar cannot be turned off for
any window created by the window.open
method; it is always visible for all
Internet Explorer windows. The zone
information that the status bar
contains cannot be spoofed or hidden
from view, so that the user always
knows in what security zone the
content is being displayed."
This is about IE 6, as that's when this was introduced. There were some furhter changes in IE 7, but that mostly has to do with how the navigation changed, making some parameters of the open command work differently or being obsolete.
Due to changes in security models, it's not possible to have a totally chromeless popup window any more and attempts to strip all the chrome off will simply be ignored. Have you considered using JQuery to create a pseudo-popup that is skinned to look like a window, give it drag handlers and a dismiss button? you could gracefully degrade to a standard pop-up.
http://jqueryui.com/demos/draggable/
Most browsers displays the location bar and status bar by default, and make it also impossible to override window.status. This is done for safety (to guard against phishing).
Some more specific information on how a user can change the setting that allows the status and/or address to be set by Javascript to hidden or visible:
From the 'custom level' dialog from the IE security tab - scroll down to:
"Allow websites to open windows without address or status bars"
Depending on if these is set to Disable or Enable - you will see different behavior from your application.
To my knowledge this applies to IE7, IE8, and IE9