Is there any support for putting non-webfonts into emails now? Not just using #font-face, maybe another method?
I found this SO question from some time back, along with some other questions and articles from about the same time period.
Not consistently. There are popular email clients that still remove all CSS from HTML emails.
I was able to find a blog post on Campaign Monitor's site that has some test results from using this technique. Almost all email clients stripped out #font-face specifically, regardless of their general CSS support: http://www.campaignmonitor.com/blog/post/3044/does-font-face-work-in-email/.
Your best bet would be to use images, which isn't a great solution for a number of reasons, the main one being that images are commonly blocked by default and you want clients to be able to view the content of the email regardless.
This will not work. Web-based email systems will simply strip out your font statements. MS Outlook uses the MS-Word engine to display mails and is incapable of doing this.
As far at HTML email goes, it's still 1999 and will remain that way for a loooooong time.
Related
Is there a way (possibly using JavaScript) to change the language of a website from English to Chinese (for an example) using a link?
In case you're searching for an easy way to offer your site in various languages, I believe your best bet will be Google's Website Translator.
Take into account, however, that the translations will be just about as reliable as the regular Google Translate results, which -- as you might know -- still leave a bit to wish for. For more rigorous stuff, you will need to create a more technical solution.
Edit: Noticed your comment reply above. It really depends a lot on how your site is constructed. If it's dynamically generated with content stored in a database, you could have one column for each one of your translations; the code generating your page must then be informed about which version to use, which could be done in several ways: I'd personally advise to structure your solution with this 'argument' in the URL, something along the lines of your-site.com/lang/page-slug-here, but you could also set a session variable ('just clicking a link'), or go by the user's browser language settings as default, and so forth.
Currently developing an extension for Gmail that inserts a couple of buttons, using jquery.
I'm relying on the canvas_frameiframe and a couple of more div referrenced with their class names, not by their ids.
How reliable is this? How frequent does Gmail gets their class names changed?
As a side note, I thought of an small javascript file to be pulled from a server constantly, that refreshes class names in case Gmail changes them. I don't like this approach (to change the code) since, this is a security extension, and this will probably request more permissions to the user.
As this is pretty much a hack, there is no guarantee when Google might change the underlying HTML structure.
This reminds me of Remember The Milk for Gmail as Browser Add-on. They did the add-on not via Gmail API but by pretty much hacking the Gmail HTML. It breaks really frequently, due to Google "upgrading" Gmail.
To give you an idea how often Gmail is upgraded, take a look at the list of Gmail versions that RTM team is keeping track of. Gmail is basically updated every few days!
Kudos to the RTM engineers though, they usually fix their add-on to support the latest Gmail relatively quickly whenever it breaks.
That being said, in short, there is no telling how fast <div id="canvas_frame"> might change, but at least now you have an idea how fast Gmail is changing.
Question: What precautions should I take when I let clients add custom JS scripts to their pages?
IF you want more details:
I am working on a custom CMS like project for a company, The CMS has number of "groups" that each subscriber "owns" where they do their own thing.
The new requirements is that some groups want to add google analytics to see how they are doing. So I naturally added a column in the table and made code adjustements so if there is some data in that column, I just use the following line in master page to set the script out:
ScriptManager.RegisterClientScriptBlock(Page, typeof(Page), "CustomJs", CustomJs, true);
It works just fine, only, It got me thinking...
It's really easy for someone with good knowledge of how to access cookies etc from from js. Sure, each group is moderated and only super admin can add this javascript, sure, they wouldn't be silly enough to hack their own group. Each group has their own code so its not possible to hack other groups BUT STILL
I am not really comfortable in letting user's add their own javascript codes.
I could monitor each group myself, but the groups are growing really quick and I will hit a time when I will no longer be able to do that.
So, to brief it up: What precautions should I take to avoid any mishaps ?
ps: did try to google, no convincing answers anywhere.
Instead of allowing the users to add their own Javascript files, and given that the only requirement here is for google analytics, why not just let them put their analytics ID into the CMS and if it's present, output the relevant Google Analytics code?
This way you fulfill the users requirement and also avoid the need to protect against malicious scripting.
Letting users use Javascript is in general, a very bad idea. Don't do it unless you have to.
I once I had a problem where I need to let clients use Javascript, but, the clients weren't necessarily trusted, so, I modified cofeescript so that only a small subset was compilable to javascript, and it worked pretty well. This may be waaaay too overkill for you.
You should not let your users access cookies, that's always a pain. Also, no localStorage or webSQL if you're one of the HTML5 people, and, no document.write() because that's another form of eval as JSLint tells you.
And, the problem with letting people have javascript is that even if you believe you have trusted users, someone may get a password, and you don't want that person to get access to all the other accounts in the group.
Automatically recognizing whether some JavaScript code is malicious or sandboxing it is close to impossible. If you don't want to allow hacking your site you are left with only few options:
Don't allow users to add JavaScript at all.
Only allow predefined JavaScript code, e.g. for Google Analytics.
Have all custom JavaScript inspected by a human before it is allowed to display on the site. Never trust scripts loaded from third party sites - these can change from one day to another and turn malicious.
If you have no other choice, you may consider separating path/domain of user javascripts (and cookies).
For example your user have page:
user1.server.com
and you keep user pages at
user1.server.com
So, if you set session cookies to the user1.server.com, it'll render them unobtainable for user scripts from other domains (e.g. user2.server.com).
Another option may be executing all user's javascript at server JS engine (thus controlling all it's I/O and limiting access to browser resources).
There is no simple and easy solution anyway, so better consider using options from other answers (e.g. predifined script API, human inspection).
I am creating a web site and my client demands to restrict user to copy TEXT displayed on the web page.how can I do that? I am using PHP and HTML in my application.
Not trying to be rude, but why do people keep asking this? If you want people to be able to see the information, then you cannot prevent them from copying it. Any kind of javascript nonsense to prevent right-clicking or selection or whatever else will not stop determined thieves and will annoy legitimate users.
As mentioned by every answer previously, there's no way to prevent someone from being able to use the copy from your site. Even if you use methods to restrict direct copy and paste, there are always screenshots, OCR or good old writing by hand.
Looking at it from a different perspective...if the content is sensitive and your client doesn't want it distributed, you COULD add it to a section of your site that requires registration and authentication to access. By doing this you could require that users agree to terms and conditions on registration which explicitly deny permission to reproduce any of the content from the site.
Just a thought.
As every other answer has said, there is nothing technically you can to to prevent people from copying the text of your page. For the text to be display to the user, you must send it to the user's computer, which means they can copy it.
However, you can legally prevent them from copying the text with a service like CopyScape
Copyscape is dedicated to protecting
your valuable content online. We
provide the world's most powerful and
most popular online plagiarism
detection solutions, ranked #1 by
independent tests. Copyscape's
products are trusted by millions of
website owners worldwide to check the
originality of their new content,
prevent duplicate content, and search
for copies of existing content online.
Copyscape provides a free service for
finding copies of your web pages
online, as well as two more powerful
professional solutions for preventing
content theft and content fraud:
Copyscape Premium provides more
powerful plagiarism detection than the
free service, plus a host of other
features, including copy-paste
originality checks, batch search, case
tracking and an API
Copysentry provides comprehensive
protection for your website by
automatically scanning the web daily
or weekly and emailing you when new
copies of your content are found.
Read more on their site.
you can force people to call a phone number to hear the text of your website, a great solution if you do not want people to copy/paste the text of your webpage
Basically, you cannot. Even if there was a way to restrict user from copy & paste the text, they can always just grab the screen and translate it somehow into text.
I'd recommend not to try restrict users in any way. It's not really friendly and people usually hate it. If you want to create some private content, just make people to log in, do some ACL check and hope that they won't copy it somewhere else. You could also consider using some kind of license to prevent people from "stealing" your content.
Even if he was to build the system in flash the user could still hand write out the content if they desperately wanted it, like everyone else said its impossible to stop a determined person from getting your content, unless of course you don't display it.
No, AFAIK, there is no way you can achieve that. Unless you're building the whole thing in Flash or other non-HTML plugin contents.
The short answer is that you can't (easily) do this - if it's visible in the browser then it is obtainable somehow. This is particularly the case if you are just displaying text.
And it all gets back to "Why"? If the information is secret, don't show it to someone in the first place. If you're concerned about copyright violation, as others have said, once someone sees the text, even if you somehow came up with a brilliant technical solution that prevented them from copying the text in any way (which I doubt is possible), they could always write it down by hand, or take a picture of the screen with a digital camera and then OCR it. In the digital age, your protection against copyright violation is more legal than technical: if somebody steals your material and resells it, sue them.
Depending on the nature of your material, you may be able to make it awkward for people to get it all on one screen. Like, if you were running an on-line phone book and you were afraid of people stealing your listings, instead of displaying some large number of listings on one giant page -- all the "A"s or whatever -- you could require people to enter search terms and only show two or three possible hits at a time. Then if someone wanted to steal your listings, they would have to spend thousands of hours entering every imaginable search term. Now that I think of it, I was using some phone book site the other day that gave me a listing of names and addresses that were possible matches, but then I had to click on each one to get the phone number. At the time I thought "dumb nuisance", but now it hits me: they probably had the same idea that I briefly thought was original. Anyway, if your material is a database of individual factoids, this could be practical. If it's an article on the economic history of Lithuania or some such, making the user seach for it in tiny pieces is just going to make people abandon you and look elsewhere.
Personally, I've taken the philosophy that I just don't care. I've had many occassions when I've done Google searches on subjects that interest me and turned up articles that I've written, on sites that never asked my permission. I once even found an article that I wrote on one of those pre-written student papers web sites. (Not that any student would just paste his name on it, print it off, and hand it in, of course. They are "for research purposes only". I'm sure if they knew of students claiming this as their own work they would take down the site immediately.) So an article that I published on the web, available to anyone for free, these people were now charging dishonest students $25 to download! My reaction was, Way cool! It's one thing when others quote you, but you've really reached the big time when others plagiarize you!
This is not possible.
You cannot prevent someone from getting the information if you're sending it to them so they can see it. A user can simply view the source of the HTML and see what the text is and copy it from there and there's nothing you can do to stop them.
Implementing anything in JavaScript is completely ineffective since anyone can just disable JavaScript in their browser and get around it, and you'll only end up annoying your users.
The only way to prevent someone copying the text from a web page is to not put it on the web page in the first place.
If you presented content via images, or flash, and prevented the ability to save as that might be a solution. I found some resources you might find useful in protecting images here and some information on "preventing" print screen here.
Unfortunately, there is no easy solution for your question, as once the content is delivered to the user, they have ultimate control over the information (who's preventing them from taking an actual picture of the site?).
Well, the PHP has nothing to do with it, as that's server-side. You might be able to cook up something in javascript (it's fairly easy to disable right-click; it may also be possible to disable text highlighting), but it's fairly easy to get around this. Failing all else, the user might view source, though that can be encrypted too:
document.write(base64decode('encoded string containing entire HTML document'));
This is, frankly, both annoying and pointless. Anything that's available to the user can be taken somehow. Even flash isn't immune. (There are browser plugins available to take videos out of flash.)
You may want to look at your target audience as well to help determine how you want to make it harder (since you can't realistically prevent it)..
For the simple user just disabling the right click may be good enough to prevent it. Slightly more work would be to do as others had suggested and create an image. With the image you'd probably want to set a background-image on a DIV or something since you can easily drag images, using the IMG tag, straight from the page onto you desktop, or wherever. From there you could use Flash, or some other RIA, or maybe even SVG/VML..
Anyone who knows how to do a screen capture really narrows down what you can feasibly implement :(
<script type="text/JavaScript">
//script to bar copying of website contents
function killCopy(e){
return false
}
function reEnable(){
return true
}
document.onselectstart=new Function("return false"){
if (window.sidebar){
document.onmousedown=killcopy
document.onclick=reEnable
}
};
</script>
I'm using PHP to send html emails. I've tried to import css files inside the email, and it works fine.
<link href="http://www.mywebsite.com/css/mail_styles.css"
type="text/css" rel="stylesheet" />
But i want the email to look stylish with some JQuery tricks, so i tried to import the JQuery library inside the email to add some scripts, but even gmail couldn't read the library.
<script type="text/javascript"
src="http://www.mywebsite.com/scripts/jquery.js"></script>
So is there a way to import JavaScript libraries inside html emails ?
Thanks ...
Most email clients either disable email JavaScript entirely, or only allow a subset of it, due to security reasons. Web-based clients such as Gmail are likely to fall into the former category.
You can try embedding the script file itself directly into the email, but overall using JS in emails is a bad idea that's best avoided.
edit
Remember, email is a static content-delivery mechanism. As another commentator noted, if you want to send someone dynamic content, email them a link to your DHTML webpage.
#Karim79, I'm not convinced that the answer is so clear cut as you suggest.
It all depends on the environment used to read the email, and whether that environemnt supports javascript or not. Admittedly, I suspect that most email readers would be averse to supporting javascript, in order to avoid viruses and malware, but there is no absolute reason why this couldn't be done.
Having said that, the unpredictable level of support offered by readers would probably mean that you shouldn't rely on the script running correctly (if at all), so you'd probably want to take a 'graceful degradation' approach.
Using Javascript in emails would be a security problem. And something not desirable. If you want send some fancy page to the user, why not send him the link to a page?
If I recall you can only use in-line.
BUT most email clients (especially web based) will genearlly not allow JS of any sorts.
I have been advising and creating html newlstters etc for people for years now and general rule - don't use JS.
A good guide for html emails is: http://www.anandgraves.com/html-email-guide#javascript
I would never consider using JavaScript in an email, most likely the majority of your users' email clients wouldn't support it anyway so it's not worth the effor or that an overzealous e-mail filter might reject your messages.