Mozilla recommends Brackets as a text editor for beginners (Link). After clicking the link Chrome states that the website isn't secure. Can others confirm that Brackets software and their website is safe to use?
If you click on Advanced you may find the answer to your question:
As you can see, the certificate is rather issued for a different part of the site (listed in the above screenshot).
The authors have kept the content of the documentation on GitHub (http://brackets.io/) because they judge the static pages do not need HTTPS. However, they hosted the .deb file safely (try to download it).
Conclusion: visit http://brackets.io/ both to read the documentation and download the .deb file safely
Related
At our office we use mediawiki as our intranet portal. Some of our departments like Sales, Support, etc use it to manage files on the network. They often link to Word/Excel documents with a file:// uri. The issue is everybody uses different browsers, ie explorer, Firefox, chrome. Often they cannot download files (link not working in certain browsers, browser security settings, etc). Is there a way to fix this for everybody without having to install additional software or change settings on each PC?
If possible I would like to keep linking to these local network files. I'd rather not upload them to google docs (extra work!) and use a share-link so it's just http.
Are you using the mediawiki way of posting links?
[[LinkHere]]
This might help with your issue, since MediaWiki chooses the way it is displayed.
https://www.mediawiki.org/wiki/Help:Links
Sorry. Cannot comment yet. This is not an answer.
I may be a bit of paranoid when it comes to installing chrome extension that request access to all my tabs and data. While a extension may be safe for the moment, a simple auto background update can make it a malicious virus and you won't even get notified about updates.
I would like to specifically whitelist all my extension to access the content pear webpages bases. Is there any such tool out there already (natively perhaps) before i start hacking my own extension to control it on my own.
That would leave me to my next question. Extension can be a bit secured running sandboxed environment and have no access to the "real" filesystem (not the virtual sandboxed filesystem) but could i write a NaCl plugin and have have full access and change the manifest file to change the content_scripts settings? if so, could you point me in the right direction?
I'm not sure to understand clearly your question, but let's calrify some things about extensions and how they can be dangerous:
First: If an extension updates and want to have new authorisations, Chrome will warn you and you can choose if you want it to be updated
Second: Chrome sandboxes extensions running on your computer
Third: The only authorisation that may represent a real danger for your computer are the ones requesting authorisation to "Access all data on your computer"
.
.
.
If you are really worried that some extensions may represent a danger for you (and I understand you), you can restrict them to run on specific webpages by doing the following:
1. Go to the extensions folders [C:\Users(YOUR USERNAME)\AppData\Local\Google\Chrome\User Data\Default\Extensions(APPID)] and open the manifest.json file with any text editor
2. In "content_scripts" declaration, in "matches", specify sites where the extension will ONLY work on [ex:*://google.com/* will make extension be active ONLY for google.com]
You can even be more precise and set specific URLs/HTML pages (see more: https://developer.chrome.com/extensions/match_patterns)
Hope it helps!
If it doesn't, please clarify your question again.
I am running a website based on php on a server run by a large host. My goal is very simple. Include link on my site to google search where I dynamically give the search term.
Starting with the url that appears in the address bar, I've narrowed the syntax down to
http://www.google.com/search?q=test
This works when I type it into the address bar. However, when I launch from the server, it redirects to:
www.google.com/webhp...lots of characters
There are references on the web to webhp being related to a virus but I'm pretty sure my host does not have any viruses on its servers.
Does anyone know proper way to launch simple google search from a link? Is a straight link forbidden? I am Willing to use JS to push link to client if necessary (which I use for google maps at Google's recommendation due to usage limits) but want to keep things as simple as possible. This link is just to save people a few clicks.
Thanks for any suggestions.
Simply use the urlencode Method
<?php
echo '<a href="http://www.google.com/search?q=', urlencode($userinput), '">';
?>
If you wish to do it with Javascript the answer is here: Encode URL in JavaScript?
Try to track down the "Url Rewriting", I think its a virus you need to remove: http://www.ehow.com/how_8728291_rid-webhp.html
WebHP is a computer virus that automatically sets your homepage to a
fake Google site, known as Google.com/WebHP. This virus will also
randomly open windows or tabs to load this website, as well as
generate pop-ups and fake errors. Also installed with this virus is a
rootkit which can disable your PC's firewall and other methods of
security. If left untreated, the WebHP virus allows hackers to
remotely access your computer and steal personal information, such as
credit card numbers and email passwords.
I looked into very many Google Chrome extensions and apps in order to find one that matches the following requirements:
runs in a Google Chrome tab
editor for any code, PHP, CSS, HTML
can load and save files (on my computer) and create new ones
works with local files on my computer
Is there any? kodingen, cloud9, shiftedit does not seem to make it on the localhost.
Maybe SourceKit will do?
SourceKit is an extension to your Google Chrome browser which runs in a separate tab. The files are stored in your Dropbox account, so not only can you access the files from your computer - you can access them from anywhere! It uses syntax highlighting like Notepad++ for a limited number of languages (you said php, css, and html - they are all supported). It can load, save, and edit text files locally on your computer if you install the Dropbox Desktop Application. This will also synchronize the files with your online account and thereby make them accessible from anywhere in the world.
That sounded more like a salesman's advertisement than intended.
Both Dropbox and SourceKit are free.
There are four catches as far as I can see:
Dropbox "only" offers 2GB for free, however, you can upgrade at any time if you're willing to pay.
Dropbox Desktop will only synchronize one folder (and all of its contents), but that's really not any different from a web site.
SourceKit will not debug your code, but will it highlight wrong syntax(only for certain languages).
EDIT Does not work offline.
I've tried it out, and it works well.
Sympathy Editor
Sympathy uses the npapi-file-io plugin mentioned in an answer above to allow you to edit local files.
Pros
Allows you to edit local files
Full syntax highlighting
Bookmark local files for easy access
Cons
Uses npapi plugin to read files, which means it has access to all your data
Unavailable on Chrome Webstore
Still under development
Only works on linux/windows as of the moment (not in mac)
If you are interested, you can see the README, or Manual on github.
Disclosure: I'm the primary developer of the extension.
Don't any of these extensions you have mentioned work with the file:/// protocol? They will work for the http:// protocol only if you are going to edit files inside your local webserver.
Instead of writing http://localhost/(...) you write file:///(...), where (...) is the full path.
In UNIX systems it is file:///home/jens/file.txt. In Windows it should be file:///C:\(...).
#Berk Demirkir may be right.
Here are the resources I found that may be of use;
32 Google Chrome Extensions For Smart Designers
Chrome Web Developer Tools No. 7 on the above list
There's no extension for editing local files.
But you can write one!
Acesses to local filesystem cannot be done using Chrome's Extension API.
But you can use HTML5's File API (which is draft) or Local Storage. If none of these storage methods sufficient for you, you can build a NPAPI Plugin. Chrome supports NPAPI Plugins. There's also a project called npapi-file-io in Google Code which aims to access local files from Google Chrome Extension context.
Edit:
Now, there's one usable editor, Symphaty. You can use Capt.Nemo's Symphaty editor.
Edit 2:
NPAPI plugins are phased out from Chrome since version 42. The only alternative would be to use a wrapper native app and communicate using Native Messaging API.
ShiftEdit can be used to work locally, you will need to have XAMPP or equivalent installed.
Question: Is it possible to construct a web page that has a script to turn off XML data-binding in MSIE? The ideal approach would be to code an HTML page and instruct all people in the office to visit the page with a button that says "turn off data-binding".
Rationale: The desktop sysadmin is not available at this time and the goal is to create a brain-dead simple way to let people turn this feature off without having to walk them through a bunch of MSIE configuration menus.
I'm assuming you're talking about Microsoft Security Advisory (961051).
If you could disable XML data-binding using client-side script, then someone could enable it with client-side script and expose the vulnerability again. So that isn't possible.
However, if everyone is running the same version of Windows and the same bitness flavor, then just send them to a page where they can copy and paste this into Start > Run:
Regsvr32.exe /u "Program Files\Common Files\System\Ole DB\oledb32.dll"
Note that this will protect against current attacks but to comprehensively protect against the vulnerability they recommend applying another workaround. More on that here.
And encouraging your employees to go to a website in an E-mail and run something they've been told to run is probably a bad idea as it opens them up to various phishing attacks since most people won't be able to distinguish between an E-mail from their own company IT department and an E-mail sent by a malicious person.
More about the available workarounds here.
In the end, the best practice would be to push out one of the workarounds as described in the above KB article.