Search Results

Search found 25503 results on 1021 pages for 'browser security'.

Page 178/1021 | < Previous Page | 174 175 176 177 178 179 180 181 182 183 184 185 | Next Page >

Is it possible to make CSS-added text searchable by a browser?

- by Andrew Stacey

I run a website that uses CSS pseudo classes to insert text here and there. One of them inserts the value of a CSS counter (whereupon it would require considerable re-engineering of the system to do this without CSS text injection). The specific CSS rule is: .num_defn .theorem_label:after { content: " " counter(definition, decimal); counter-increment: definition; } and this converts "Definition" to "Definition 1" (say). However, the injected text is not searchable by the browser. It doesn't see the 1: if I search for "Definition 1" then it doesn't find it, and if I search for "Definition. Whatever the definition text was" then the browser happily highlights the line except for the inserted 1. So if you imagine the bold text as the highlighting, it would look like: Definition 1 . Whatever the definition text was This is not ideal! People like to refer to definitions by their number and to say "Look at Definition 1 on the page XYZ" (and in contexts where hyperlinks are not available - strange, I know, but it does happen). Thus: Is there any way that I, on the server end, can designate the injected text as "searchable"? If not, is there a simple way at the browser end that this can be enabled?

Read the article
Wildcards in jnlp template file

- by Andy

Since the last security changes in Java 7u40, it is required to sign a JNLP file. This can either be done by adding the final JNLP in JNLP-INF/APPLICATION.JNLP, or by providing a template JNLP in JNLP-INF/APPLICATION_TEMPLATE.JNLP in the signed main jar. The first way works well, but we would like to allow to pass a previously unknown number of runtime arguments to our application. Therefore, our APPLICATION_TEMPLATE.JNLP looks like this: <?xml version="1.0" encoding="UTF-8"?> <jnlp codebase="*"> <information> <title>...</title> <vendor>...</vendor> <description>...</description> <offline-allowed /> </information> <security> <all-permissions/> </security> <resources> <java version="1.7+" href="http://java.sun.com/products/autodl/j2se" /> <jar href="launcher/launcher.jar" main="true"/> <property name="jnlp...." value="*" /> <property name="jnlp..." value="*" /> </resources> <application-desc main-class="..."> * </application-desc> </jnlp> The problem is the * inside of the application-desc tag. It is possible to wildcard a fixed number of arguments using multiple argument tags (see code below), but then it is not possible to provide more or less arguments to the application (Java Webstart will no start with an empty argument tag). <application-desc main-class="..."> <argument>*</argument> <argument>*</argument> <argument>*</argument> </application-desc> Does someone can confirm this problem and/or has a solution for passing a previously undefined number of runtime arguments to the Java application? Thanks alot!

Read the article
wss4j: - Cannot find key for alias: monit

- by feiroox

Hi I'm using axis1.4 and wss4j. When I define in client-config.wsdd for WSDoAllSender and WSDoAllReceiver different signaturePropFiles where I have different key stores defined with different certificates, I'm able to have different certificates for sending and receiving. But when I use the same signaturePropFiles' with the same keystore. I get this message when I try to send a message: org.apache.ws.security.components.crypto.CryptoBase -- Cannot find key for alias: [monit] in keystore of type [jks] from provider [SUN version 1.5] with size [2] and aliases: {other, monit} - Error during Signature: ; nested exception is: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is: java.lang.Exception: Cannot find key for alias: [monit] org.apache.ws.security.WSSecurityException: Error during Signature: ; nested exception is: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is: java.lang.Exception: Cannot find key for alias: [monit] at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:202) at org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at cz.ing.oopf.model.wsclient.ModelWebServiceSoapBindingStub.getStatus(ModelWebServiceSoapBindingStub.java:213) at cz.ing.oopf.wsgemonitor.monitor.util.MonitorUtil.checkStatus(MonitorUtil.java:18) at cz.ing.oopf.wsgemonitor.monitor.Test02WsMonitor.runTest(Test02WsMonitor.java:23) at cz.ing.oopf.wsgemonitor.Main.main(Main.java:75) Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is: java.lang.Exception: Cannot find key for alias: [monit] at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:721) at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:780) at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57) ... 15 more Caused by: java.lang.Exception: Cannot find key for alias: [monit] at org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:214) at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:713) ... 17 more How to have two certificates for wss4j in the same keystore? why it cannot find my certificate there when i have two certificates in one keystore. I have the same password for both certificates regarding PWCallback (CallbackHandler) My properties file: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystore org.apache.ws.security.crypto.merlin.keystore.alias=monit org.apache.ws.security.crypto.merlin.alias.password=*** org.apache.ws.security.crypto.merlin.file=key.jks My client-config.wsdd: <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <globalConfiguration> <requestFlow> <handler name="WSSecurity" type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="user" value="monit"/> <parameter name="passwordCallbackClass" value="cz.ing.oopf.common.ws.PWCallback"/> <parameter name="action" value="Signature"/> <parameter name="signaturePropFile" value="monit.properties"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="mustUnderstand" value="0"/> </handler> <handler type="java:org.apache.axis.handlers.JWSHandler"> <parameter name="scope" value="session"/> </handler> <handler type="java:org.apache.axis.handlers.JWSHandler"> <parameter name="scope" value="request"/> <parameter name="extension" value=".jwr"/> </handler> </requestFlow> <responseFlow> <handler name="DoSecurityReceiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="user" value="other"/> <parameter name="passwordCallbackClass" value="cz.ing.oopf.common.ws.PWCallback"/> <parameter name="action" value="Signature"/> <parameter name="signaturePropFile" value="other.properties"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> </handler> </responseFlow> </globalConfiguration> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"> </transport> </deployment> Listing from keytool: keytool -keystore monit-key.jks -v -list Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: other Creation date: Jul 22, 2009 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: .... Alias name: monit Creation date: Oct 19, 2009 Entry type: trustedCertEntry

Read the article
Session Id in url and/or cookie? [closed]

- by Jacco

Most people advice against rewriting every (internal) url to include the sessionId (both GET and POST). The standard argument against it seems to be: If an attacker gets hold of the sessionId, they can hijack the session. With the sessionId in the url, it easily leaks to the attacker (by referer etc.) But what if you put the sessionId in both an (encrypted) cookie and the url. if the sessionId in either the cookie or the url is missing or if they do not match, decline the request. Let's pretend the website in question is free of xss holes, the cookie encryption is strong enough, etc. etc. Then what is the increased risk of rewriting every url to include the sessionId? UPDATE: @Casper That is a very good point. so up to now there are 2 reasons: bad for search engines / SEO if used in public part of the website can cause trouble when users post an url with a session Id on a forum, send it trough email or bookmark the page apart from the: It increases the security risk, but it is not clear what the increased risk is. some background info: I've a website that offers blog-like service to travellers. I cannot be sure cookies work nor can I require cookies to work. Most computers in internet cafes are old and not (even close to) up-to-date. The user has no control over them and the connection can be very unreliable for some more 'off the beaten path' locations. Binding the session to an IP-address is not possible, some places use load-balancing proxies with multiple IP addresses. (and from China there is The Great Firewall). Upon receiving the first cookie back, I flag cookies as mandatory. However, if the cookie was flagged as mandatory but not there, I ask for their password once more, knowing their session from the url. (Also cookies have a 1 time token in them, but that's not the point of this question). UPDATE 2: The conclusion seems to be that there are no extra *security* issues when you expose you session id trough the URL while also keeping a copy of the session id in an encrypted cookie. Do not hesitate to add additional information about any possible security implications

Read the article
Mustache.js render technique

- by PanosJee

Hello everyone, i am trying to use mustache.js to render some JSON in the browser. What i want to do is: <li> <span class="label">Location: </span> {{#locations}} {{.}}<span class="social-small-size "></span> {{/locations}} </li> The locations is a js array [["Pendéli, Attiki, Greece", "facebook"], ["Greece", "linkedin"]] Initially i tried to use {{%IMPLICIT-ITERATOR iterator=loc}} in my attempt to split the data in the view. So i the actual rendering code was {{loc[0]}}<span class="social-small-size {{loc[1}}"></span> But that did n t work altough the loop worked and i got 2 spans but without any content. I think the PRAGMA is what I need but I didn 't figure it out. Any hints ? :)

Read the article
JavaScript to detect if the parent frame is of the same origin?

- by tlrobinson

I'm looking for a cross-browser way to detect whether the parent frame is the same origin as my frame, preferably without printing warnings on the JavaScript error console. The following seems to work but I'd like to avoid printing errors to the console (at least Safari and Chrome do when accessing location.href on the parent frame. Firefox throws an exception which can be caught): function parentIsSameOrigin() { var result = true; try { result = window.parent.location.href !== undefined; } catch (e) { result = false; } return result; }

Read the article
microphone volume control from javascript

- by paleozogt

I'd like to be able to control the system microphone volume from the browser. I know that the microphone can be recorded from using Flash or Silverlight, but these don't allow control of the microphone volume. (Flash has Microphone.gain, but as its just a software multiplier, it doesn't help when the system mic volume is muted or too loud.) I've heard that HTML5 will have some sort of microphone access, but whether it will allow volume control is unclear to me. At any rate, I don't think any browsers support it yet. Are there any plugins that would allow volume control? The old Google Gears project has some AudioApi docs, though these don't seem to have made it into the actual plugin. There's also the Google Talk plugin- it seems to do some kind of gain control, but its unclear if there's an api to the plugin. Perhaps there's a draft HTML5 implementation plugin for microphone access (like indexeddb, for example)?

Read the article
Determining URLs updated via a series of commit logs

- by adamrubin

I'm working on a project where I programmatically need to know when a URL has been changed by a developer, post or during deploy. The obvious answer may be to curl the URL one day, save the output, then curl and in x days then do a diff. That won't work in my case, as I'm only looking for changes the developer mande. If the site is a blog, new comments, user submitted photos, etc would make that curl diff useless. RoR example, using github. Let's assume I have access to the entire repository and all commit logs between iterations. Is there a way I could see that "/views/people/show.html.erb" was commited, then backtrack from there (maybe by inspecting routes.rb), to come up with the URL I can then hit via a browser?

Read the article
Authorizing a computer to access a web application

- by HackedByChinese

I have a web application, and am tasked with adding secure sign-on to bolster security, akin to what Google has added to Google accounts. Use Case Essentially, when a user logs in, we want to detect if the user has previously authorized this computer. If the computer has not been authorized, the user is sent a one-time password (via email, SMS, or phone call) that they must enter, where the user may choose to remember this computer. In the web application, we will track authorized devices, allowing users to see when/where they logged in from that device last, and deauthorize any devices if they so choose. We require a solution that is very light touch (meaning, requiring no client-side software installation), and works with Safari, Chrome, Firefox, and IE 7+ (unfortunately). We will offer x509 security, which provides adequate security, but we still need a solution for customers that can't or won't use x509. My intention is to store authorization information using cookies (or, potentially, using local storage, degrading to flash cookies, and then normal cookies). At First Blush Track two separate values (local data or cookies): a hash representing a secure sign-on token, as well as a device token. Both values are driven (and recorded) by the web application, and dictated to the client. The SSO token is dependent on the device as well as a sequence number. This effectively allows devices to be deauthorized (all SSO tokens become invalid) and mitigates replay (not effectively, though, which is why I'm asking this question) through the use of a sequence number, and uses a nonce. Problem With this solution, it's possible for someone to just copy the SSO and device tokens and use in another request. While the sequence number will help me detect such an abuse and thus deauthorize the device, the detection and response can only happen after the valid device and malicious request both attempt access, which is ample time for damage to be done. I feel like using HMAC would be better. Track the device, the sequence, create a nonce, timestamp, and hash with a private key, then send the hash plus those values as plain text. Server does the same (in addition to validating the device and sequence) and compares. That seems much easier, and much more reliable.... assuming we can securely negotiate, exchange, and store private keys. Question So then, how can I securely negotiate a private key for authorized device, and then securely store that key? Is it more possible, at least, if I settle for storing the private key using local storage or flash cookies and just say it's "good enough"? Or, is there something I can do to my original draft to mitigate the vulnerability I describe?

Read the article
Hot to trigger saved password autofill in browsers?

- by Aleksander Kmetec

I have a web application written in pure JavaScript (no pre-generated HTML except for the document which loads all the JS files). This app contains a login form which is created dynamically when the document.ready event event is triggered. I trick the browser into displaying the "Remember password?" dialog by posting the login form into a hidden iframe before logging in using ajax (in Firefox the password appears on the saved password list, so this part obviously works) but saved passwords never get filled in after the login screen is loaded again at a later time. The same thing happens in Firefox and Safari. Is there something I can do or some function I can call to trigger autofill?

Read the article
Cross domain cookie reading/setting cross browsers

- by Rac123

I know there are already a few threads available here on this subject but I want others' opinion on this. There are two ways to set/read the cross domain cookies: Creating IFrame on A.com pointing to a page on B.com which creates the cookie and pass that information by creating another IFrame on B.com side pointing to A.com, either using window.name or in location.href.hash A.com page makes a XHR/JSONP call to B.com web service/page that has the following headers and it also sets up the cookie and returns the value. AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"") As we don't have postMessage available across all the browsers, I believe we have to go with one of the cases mentioned above. My question is which is a better way (cleaner) and why to implement for cross browser. Using any other JS framework is out of scope of this discussion. If there's another better way, please mention here! Thank you for your intelligent input in advance! :)

Read the article
Convert table base design to table less design in best way

- by Brij

What is the best optimized way to convert following in table less design? the layout should be cross browser compatible and SEO Friendly. <table cellpadding="0" cellspacing="0"> <tr> <td>Row 1 Column 1</td> <td>Row 1 Column 2</td> <td>Row 1 Column 3</td> </tr> <tr> <td colspan="3" align="center">Row 2</td> </tr> <tr> <td>Row 3</td> <td align="right" colspan="2"><img src="test.jpg" alt="test" /></td> </tr> </table>

Read the article
Lobo Cobra HtmlPanel does not update GUI after JavaScript action

- by Markus Lausberg

HI, I started implementing a HTML Browser in Swing. I want to use the Lobo Cobra toolkit because this toolkit inclused a renderer and parser for CSS and JavaScript. The pages are looking very nice and it is easy to use (one class implementation to show a html page). I want to show HTML pages in swing which can show javascript generated and modified objects, like a flashing circle. As far as i know, the cobra toolkit can show static javascript commands like 'document.write' or closwWindow() implementations, but not updating the GUI from a JavaScript. Did someone works with Lobo Cobra Toolkit before and give me some sample code or tips for showing HTML pages with animated JavaScript objects inside.

Read the article
Prevent IE users from visiting my site?

- by Paul Hatcherian

Internet Explorer has caused me a lot of trouble over the years, between security problems, memory leaks, endless CSS and JavaScript hacks to get my site to look correct, and inconsistencies between releases, I've spent countless hours as the hapless victim of IE's idiosyncrasies. Well that ends today, I've decided to take matters into my own hands and ban all users of IE from visiting my website. That will teach them to use such a cruddy browser. My question is how best to do this? I don't want to rely on JavaScript, which could be disabled, nor the request agent string, which could be tampered with. A clever user could even temporarily switch to Firefox or Chrome just to visit my site. Ideally, I'd have a list of the IP addresses of every IE user in the world and restrict based on the IP address. The main problem I'm having, aside from getting the list in the first place, is how do I keep it updated? Thanks!

Read the article
The text in a circle.

- by kalininew

Prompt how to solve a problem, please. There is a block with the text of the unknown sizes. It is necessary to spin (with pouring inside) round this block that the text was in a circle (without dependence from the sizes of the text). At change of the sizes of the text (at window compression) the circle should vary dynamically. It is necessary to make it in browser. From what to me to start to solve the given problem? Can be methods javascript (on a site it is connected jQuery)? P.S. The decision should be ???????????????.

Read the article
Optimized way to convert table base to table less design

- by Brij

What is the best optimized way to convert following in table less design? the layout should be cross browser compatible and SEO Friendly. <table cellpadding="0" cellspacing="0"> <tr> <td>Row 1 Column 1</td> <td>Row 1 Column 2</td> <td>Row 1 Column 3</td> </tr> <tr> <td colspan="3" align="center">Row 2</td> </tr> <tr> <td>Row 3</td> <td align="right" colspan="2"><img src="test.jpg" alt="test" /></td> </tr> </table>

Read the article
How can I detect client-side when a page load is the result of an AJAX history point?

- by Nick

I'm trying to prevent a "flicker" effect that is occurring on my ASP.NET page which occurs when a user navigates to the page via the browser back button after having navigated away from it. The reason for the flicker is that I'm using an Update Panel which has some content in there on the initial page-load. As a result, when the page is loaded via a back button that initial content is shown very briefly before it is updated with the correct History-aware data. In order to overcome this I am intending on having the updatepanel hidden (display: none) on inital page load and then show it as long as we don't have any history to deal with. The problem is that I can't find out what to check to determine if there's any history. I can see that the Sys.Application has a _history member but when I'm checking it on page init it is null each time. Does anyone know what I should be checking to determine if there's history to deal with for a page load client-side? And at what point to do it?

Read the article
Highlighting effect to text and/or image similar to be synchronized with audio

- by Irfan Mulic

I am looking how to approach following problem: We have application that displays text with audio recorded material. We use Browser Control (Internet Explorer) in Delphi App to do this. We respond to events in Delphi code setting innerHTML for elements if we have to update the style ... Now, request is to add option to dynamically move the cursor or dynamically highlight the words spoken from the paragraph. It doesn't need to match absolutely the exact word spoken so we will have to dynamically update the content of position of highlighted word based on some timer or something (because it is not text to speach). What should be the most practical and easy approach to this kind of problem, all answers are greatly appreciated. Thanks.

Read the article
How to trigger saved password autofill in browsers?

- by Aleksander Kmetec

I have a web application written in pure JavaScript (no pre-generated HTML except for the document which loads all the JS files). This app contains a login form which is created dynamically when the document.ready event event is triggered. I trick the browser into displaying the "Remember password?" dialog by posting the login form into a hidden iframe before logging in using ajax (in Firefox the password appears on the saved password list, so this part obviously works) but saved passwords never get filled in after the login screen is loaded again at a later time. The same thing happens in Firefox and Safari. Is there something I can do or some function I can call to trigger autofill? UPDATE: autofill works in Safari on initial page load, but not when user logs out and the login form is recreated without a page reload. In Firefox it never works.

Read the article
Finding zoom level from window object properties

- by Mihai Fonoage

Hi, I want to find out the zoom level of what is being displayed in a browser window based on the javascripts' window object properties (http://www.javascriptkit.com/jsref/window.shtml) to which I have access. I just can't seem to find the right mathematical formula for the zoom based on the inner width, page offset, etc. I found a solution, but that uses the document.body.getBoundingClientRect call which does not return anything in my case and for which I can't tell if there's a suitable replacement from the window properties. I am using Safari. Thank you, Mihai

Read the article
Embedded media player gets inconsistent currentPosition on both IE8 and Firefox3

- by logoin

I have a embedded media player in the browser that is controlled by javascript to handle all the mediaChange event. The code looks like mediaChangeHandler: function(media) { if (media && this.offset && !this.offsetJumpPerformed) { if (parseFloat(media.duration) > this.offset) { pos = parseInt(pos); this.getPlayer().controls.currentPosition = pos; alert("jump to position: " + this.getPlayer().controls.currentPosition); this.play(); this.offsetJumpPerformed = true; alert("currentPosition:" + this.getPlayer().controls.currentPosition); } } } The first alert indicates the currentPosition is where I want it to be. However, the second alert would get currentPosition that's couple seconds less than what I have set up. Does anyone have idea why? I tried googled it but haven't found anything useful. Thanks!

Read the article
What is the best practice for writing bookmarklets

- by Ritesh M Nayak

I am writing some bookmarklets for a project that I am currently working on and I was wondering what the best practice for writing a bookmarklet was. I did some looking around and this is what I came up with javascript:void((function() { var%20e=document.createElement('script'); e.setAttribute('type','text/javascript'); e.setAttribute('src','http://someserver.com/bookmarkletcode.js'); document.body.appendChild(e) })()) I felt this is nice because the code can always be changed (since its requested every time) and still it acts like a bookmarklet. Are there are any problems to this approach ? Browser incompatibility etc? What is the best practice for this?

Read the article
Detecting a image 404 in javascript.

- by xal

After a user uploads a file we have to do some additional processing with the images such as resizing and upload to S3. This can take up to 10 extra seconds. Obviously we do this in a background. However, we want to show the user the result page immediately and simply show spinners in place until the images arrive in their permanent home on s3. I'm looking for a way to detect that a certain image failed to load correctly (404) in a cross browser way. If that happens, we want to use JS to show a spinner in it's place and reload the image every few seconds until it can be successfully loaded from s3.

Read the article
showSettings callback in Flex?

- by Jim Robert

I am pretty new to flex, so forgive me if this is an obvious question. Is there a way to open the Security.showSettings (flash.system.Security) with a callback? or at least to detect if it is currently open or not? My flex application is used for streaming audio, and is normally controlled by javascript, so I keep it hidden for normal use (via absolute positioning it off the page). When I need microphone access I need to make the flash settings dialog visible, which works fine, I move it into view and open the dialog. When the user closes it, I need to move it back off the screen so they don't see an empty flex app sitting there after they change their settings. thanks :)

Read the article
X-Domain and P3P Headers

- by Jackson

Hi, I have a website A.com and a domain at B.com with a widget inside an iframe getting data from A.com. I want to allow x-domain cookies to be passed from a.com to inside the iframe using ASP.NET My understanding is that - I can do this in IE using P3P Headers - such that the A.com cookie is passed to the iframe and session | cookie data is preserved. The P3P headers have to be sent from the A.com and from the iframe. Is this correct ? In dev, my understanding is if I "accept all cookies" in IE - then P3P headers won't matter anyway and so this should all just work. If I put on Medium Security then P3P is required.

Read the article

< Previous Page | 174 175 176 177 178 179 180 181 182 183 184 185 | Next Page >