Accessing controls values, what is the recommended way to use ?
document.getElementById(...) or XSP.getElementById(...)
The XSP object acts a "wrapper" and would hide implementation details (browser incompatibilities, etc.) for you, therefore I would prefer the use of XSP.getElementById(...):
The XSPClientDojo library defines a global XSP object which exposes
some JavaScript functions to the XPages runtime. As its name suggests,
XSPClientDojo utilizes the Dojo JavaScript library, however other
implementations may be developed in the future (for example, when
supporting handheld devices).
document.getElementById(...) places the reliance on browser implementation. XSP.getElementById(...) places the reliance on the IBM Dojo extension and IBM support.
The same rules hold for any of the XSP.... methods. If browsers changes should ever affect it, IBM code will be updated and as long as your server is on the current release and fix packs you will not need to make changes to your application. So as with relying on any framework, it comes down to whether you are willing to keep the framework up to date to leverage the extra layer of abstraction.
Related
I need to build a web based application that can list available ssid in the area.
From my understanding, these probably can do what i want
Java applet
Adobe Flash
However, Im not sure whether these can do or not
HTML5/JavaScript
Java Web Start
I'm a .NET developer and I'm not familiar with these web technologies.
Are there any other method to get a list of SSID that i have not mentioned?
Thanks.
You'll never be able to list available SSID's with HTML5, Javascript, or any other strictly web-based technology. That's a very low-level task and won't be natively possible in any browser for security reasons. That being said, you may be able to draw on some technology like Java Applets, ActiveX, or even Silverlight 5 if I remember correctly. I don't know your project requirements, but you're better off creating a native application for this type of feature. If this application is being used by/sold to the general public, you're setting yourself up for a lot of headache by going with Applets/ActiveX/etc.
I'm developing a Firefox add-on. Part of the extension requires evaluating code in the context of a particular content window.
I found tab_utils.getTabContentWindow, which returns the ContentWindow of the given tab. The properties of this object are the properties of the webpage's window object.
From my testing it seems like accessing properties, calling ContentWindow functions, etc. all happens in the context of the webpage rather than the add-on. However, I'm not well-versed enough to know if this is sufficient for security, and the Mozilla docs don't make this clear.
Is it safe to access ContentWindow properties, use functions defined on ContentWindow, and access their results?
Good q, answer is no. As with e10s coming out next version it will be a separate process. So it will use a shim. And that shim will be going away 6 months after e10s (process tabs) release.
So you're going to want to use the sdk contentScript. Looks like you're using sdk.
I've found this nice article about the "injected Way", but the author never finished it :
http://hightechstartups.blogspot.ch/2012/05/different-way-of-developing-browser.html
I would like a bare bone cross browser extension, without any 3rd party extensions or framework (to be as light as possible and not dependant on a 3rd party) that would load Jquery and a JS from a distant server and the ability to load it before or after the page is fully loaded.
I've read a lot of topics about the subject, but since IE10, Chrome 26 and FF20 are out with their new cross-link limitations, i was wondering if somebody had ressources, source code or tutorial about the following requirements :
I need :
Cross browser extension supporting (IE 8+ or 9+ worse case, Chrome
26+, FF20+, Safari)
Ability to inject a single JS hosted on another server. Inserts a script tag that references a javascript file in the head of the HTML
page and then be executed
Not be dependant on a third party extension (greasmonkey) or framework (Kango, Crossrider)
Ability to load before or after the page is fully loaded
This method allows me to customise the browser extension depending on the user's location and it also avoid having updates as the JS is updated on each page refresh.
I'm aware of the downsides, but i would like to achieve this.
I'm aware of cross browser framework like Kango or crossrider, but both don't fit me needs.
The closest example i could find is this How can I run a <script> tag that I just inserted dynamically from a BHO
but it only covers IE and as i got very little Csharp experience, i would like to see a full example to understand it properly and learn from example.
I would LOVE to have a few examples, even if it's not cross-browser (IE being the worst part for me).
Thanks a lot for your support !
Update1:
About Kango and Crossrider, Kango is 2000$ if you want to use IE and for Crossrider you're required to be distributed and monetized by them.
I've managed to code for IE and Chrome, but i was looking for an "elegant" way and figured it was the best place to ask given the level of knowledge of people on this site.
For the installer i currently use NSIS, but i'll test Wix too.
Finally i guess the only way for me would be to learn C++ and .net to get it to work with IE, but if anyone could provide more source code it would be great to test speed and compatibility and discuss here what's the best solution.
Why do Kango or Crossrider not fit your needs? Both frameworks allow you to manipulate the page's DOM (which is what you want):
Kango: Adding content script
Crossrider: documentation, example code
If you want to code your own solution, take a look at the relevant documentation:
Content scripts (Chrome)
The Page mod Jetpack API (Firefox)
Injected scrips (Safari)
Injected scripts (Opera)
Internet Explorer does not natively support extensions. It took me about 80 hours to create a stable and reliable IE extension which supports cross-site AJAX, a (preference) storage method and injection of scripts as early as possible in any frames based on its URL. I developed and tested the extension with Visual Express 2010 on Windows XP and Windows 7, for IE 8-10 (the extension might work on IE6/7, but I decided to not support these ancient and rarely used browsers).
First, I wrote an extension in C# based on LiveReloadIEExtension (a sample IE extension, which in turn is based on this Stack Overflow answer - see also this blog post). It was functional, but it required .NET 4, lacked support of frames, and it's relatively slow.
So, I decided to write an IE extension from scratch in C++. A good starting point is available at http://www.wischik.com/lu/programmer/bho.html: Sample code for C++ BHO, which changes the document's background based on key/mouse events. I've also learned a lot by looking at other code samples on CodeProject, topics on the MSDN forums, questions and answers on Stack Overflow, lots of other blogs, and the MSDN documentation:
DWebBrowserEvents2 interface lists several events which you use to find an appropriate injection point.
Scripting Object Interfaces (MSHTML) lists even more interfaces. You'll be mainly interested in the iHTMLDocument, iHTMLDocument2, ... interfaces.
After creating the IE extension, you want to deploy it of course. I used Wix toolset to create a MSI.
The html + css standards difficulties of supporting IE as a browser translate into using it as part of the WebView control where there are further limitations on functionality.
Other difficulties include:
It renders on top of the XAML
- Using the recommended approach of WebViewBrush isn't a valid scenario if your pages have dynamic content on them.
It doesn't support HTML5
You can't access the content
You can't access the content
- Trying to debug issues with it is nigh on impossible.
Are there any alternative embeddable browsers available or in the works?
To answer your question, I think Jim is correct that there are no other embeddable browsers available, and it's not something I'd expect to see.
I would also recommend that you review the Windows Store Certification requirements, as many may be applicable in this case, including:
2.4 "The primary experiences your app provides must take place within the app" (as opposed to coming from the web)
3.6 "Your app must fully support touch input, and fully support keyboard and mouse input" which covers requirements for touch, including the need for your app's touch support to be consistent with the Windows 8 touch language.
While it's obviously appealing to re-use content across platforms, it's also important to keep in mind that this may lead to degraded experiences for end-users. If those experiences are too far afield of the established behaviors for Windows Store apps, they could also result in your app failing store certification.
For more info on Windows Store app development, register for Generation App.
I'm developing a Firefox plugin using XPCOM, I've not yet read all the docs, but as far as I can see, A plugin is simply a DLL that provides services via a XPCOM interface and interacts with the browser via XPCOM interfaces. Since the plugin itself is a native DLL, how would the security model work? Would it rely on the fact that the user trusts the plugin not to do nasty stuff, like with OCX controls?
I can't see any other way it could be secured... Is there?
Just to clarify a few definitions, as far as I know, in Mozilla-land:
a plugin is something that is used to render content via the NSAPI (think Flash, PDF, ...) and is normally not using XPCOM
an extension is a package that extends Mozilla/Firefox via XUL and/or XPCOM, which can contain components and/or XUL GUI stuff.
a component is a provider of XPCOM services and can be written in Javascript or as a native shared library/DLL
So I guess, what you want to do is an extension consisting of a component.
As an answer to your question: You are right, as soon as the user installs an extension, he is agreeing to trust that one. Even if it consists of Javascript code, it has automatically more access than web site Javascript.
XPCOM does not seem to be intended for plugins, but rather applications, so security is not modelled.