XSUH
2010-07-11 22:45:34
0 comment(s)
I'm afraid I've just missed the World Cup 2010 final. Doh! But I have some 4 months old news to share with you!
I reported a bug in Mozilla's bugzilla on 1st March, 2010. This bug is being NEW since then (you won't be able to access the bug as it is considered being a security issue). Three later bugs have been marked as duplicates of it until now. There's also a paper out in the wild with several advanced exploit techniques described, that was not written by me. So we are using Firefox for 4 months with a serious information leakage, that can be used to monitor our browsing habits by site owners or to improve phishing attacks. I think 4 months is enough time to wait for some progress in fixing a security bug before turning it into public, and I've not seen any such progress (the only thing happened is that the bug has got a tag that it is blocking Gecko 2.0, so it is going to be fixed in Firefox 4 that is going to arrive in November), and nobody told me to keep this a secret (I waited almost a month for an answer), so here it is. In this 4 months other people found the same bug and wrote public papers about it, and attackers may be already exploiting it, so there is no sense for me to not publish details on this topic.
Tags: cross site url hijacking firefox opinion security xsuh
document.getElementById in IE7
2009-07-16 22:00:13
0 comment(s)
Given the following code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>IE7 getElementById() test</title>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="description" content="Internet Explorer 7 getElementById() test" />
</head>
<body>
<form action="index.php" method="post">
<div>
<label for="description">Description: </label>
<textarea rows="10" cols="82" name="foo" id="description">Write some description here...</textarea>
<button type="submit">Save</button>
</div>
</form>
<script type="text/javascript">
<!--
var obj = document.getElementById('description');
document.write('getElementById() returned a ' + obj.tagName + ' node');
//-->
</script>
</body>
</html>Can you guess what the output will be? Yes, for most of the cases it will be "TEXTAREA". But not for IE7 (and older)! According to the docs it will be "META". If you want to be Internet Explorer 7 compatible, you should never-ever call any object you want to access from JavaScript "description".
Tags: msie javascript getelementbyid
Pure CSS line graphs
2009-03-24 00:34:36
1 comment(s)
Once I've seen a blog post about CSS line graphs, which suggested to build such drawings from tons of HTML, some CSS and a special background image that contained line segments of every possible gradients, and should be cleverly positioned to connect those segments to each other, and then hide the glitches at the joins using flecks of the same color. As it's using an image for the hardest part, I wouldn't consider it a pure CSS line graph. But is there a way to achieve the same effect without images? Definitely yes!
Tags: css html line graphs
How to detect multiple window usage in JS
2009-03-01 00:15:26
3 comment(s)
When designing a web application, one should keep tabbed browsing in mind, because this is one of the greatest features in browser-history. So great that even Microsoft had to implement it in IE!
But sometimes using an application in multiple windows or tabs just doesn't make much sense, and can be expensive. For example a chat or IM application (like Meebo) polls the server nearly in every seconds, and doing that simultaneously in more tabs or windows is simply wasting resources on both server and client side. In such situations a script to detect multiple window usage and notify the user can come handy. Let's see, how to do that.
Tags: web php javascript window name
The nerd behind the blog
2009-02-28 14:10:17
0 comment(s)
Hi, I'm Attila Magyar, a student of programming and maths, web developer, fan of Linux (currently Ubuntu), and Google-addict. I'm going to post here about experiments, ideas, solutions or WTFs that I consider interesting, cool and|or funny, and somehow related to IT (mostly to programming, web-programming).
Tags: about