I'm working on a Chrome extension that'll need to display some messages to the users, be them instructions or errors. Right now the former are completely missing and errors are displayed in alert boxes.
We came up with this
alert(message); Not great, especially for instructions. Currently used.
chrome.notifications are not meant to be used this way: they appear off-center and disappear before the user may be done reading.
appending html content to the current tab, which we see as a last resort since we don't want to risk conflicts
Is there a better way to inform the user?
There is some other ways to do that, although none of them can be what you are looking for. Anyway, I'll share my solutions
1) Customizing default popup
You can append customized content to your popup window and let your users informed by setting the badge text:
chrome.browserAction.setBadgeText({text: "error"})
See https://developer.chrome.com/extensions/browserAction#method-setBadgeText
I think this is the best solution to show errors because your user won't be annoyed
2) Creating a new tab
To show instructions most extensions I used creates a new tab
chrome.tabs.create({url: "instructions.html"});
See https://developer.chrome.com/extensions/tabs#method-create
This occurs usually after the user installs the extension.
We ended up using humane.js to show messages on the page since it only required two small files, both of which have been "isolated" to avoid any possible CSS class clash with the existing content.
Still not ideal since I'd rather not having to add any elements/CSS to the page, but that's the best we got now.
Related
I need to track which detail pages are opened and how often in result sets.
To do my own logging, I would need to send a javascript put command when the user opens the detail page.
How can I do that?
This is not possible right now in a straightforward way.
If you're feeling adventurous, you can try using lazy-source:
https://bixbydevelopers.com/dev/docs/reference/type/structure.property.lazy-source
Make sure that only the details view of your concept is using the lazy-property, so it isn't loaded on the list-of summaries, since as stated in the docs,
Bixby calls the lazy source when the property is referenced either in a layout or dialog.
I'm trying to identify if a tab for which I received "webNavigation.onCompleted" is an "actual" tab.
As described in the documentation:
http://developer.chrome.com/extensions/webNavigation.html
A short quote from the docs:
A note about tab IDs :
Not all navigating tabs correspond to actual tabs in Chrome's UI, e.g., a tab that is being pre-rendered. Such tabs are not accessible via the tabs API nor can you request information about them via webNavigation.getFrame or webNavigation.getAllFrames. Once such a tab is swapped in, an onTabReplaced event is fired and they become accessible via these APIs.
So now when I get an event I encounter 2 problems when trying to figure out if the tab is "actual":
The scenario as described in the documentation, however I see that onTabReplaced can called before/after onCompleted,
or even not called even though I expect it to be called since I dont have the tab id in a list of tabs I create in tabs.onCreate,
and later the page is displayed in a tab.
Pages that are pre-rendered in Google chrome pages (e.g google for "ford"), and eventually dont become to show on tabs.
In case you're not familiar with pre-rendering:
https://support.google.com/chrome/answer/1385029?hl=en
I consider these cases to be different because I see in difference in pre-rendered pages,
that end u to be tads, and the ones who are not used eventually.
One page is eventually "navigated to", while the other on is just "cached".
But this difference can not be detected by using the webNavigation api, as far I as could find.
So my question - is there any way to distinguish (hopefully using the webNaviagtion api),
between an "actual" tab, a pre-rendered page which is going to be displayed as tab,
and a pre-rendered page that is going stay in cache (for now) ?
Just 2 clarifications, about solutions that supposedly I can use, but they look to me "not good",
at least at this stage.
The docs say "Such tabs are not accessible via the tabs API".
so technically I can try an use this API, get an exception, and this way figure out it's "pre-renderd" tab,
but I dont like my code to use exceptions for this, so I'm looking for a "clean" way.
in webNavigation.onComplete, I can set a timeout for 1 second,
and then if in this one second, onTabReplaced, I can figure out that this tab was
moved to be an "actual" tab. and not stayed in "cache".
But during this 1 second, or any duration I choose, there can be a lot of other events,
and even the tab can be closed.
So again, I'm looking for a "clean" solution.
Thanks for your help.
Xpage (listPostits.xsp) has a "View" container control, where one of the column is set "show values in this column as links".
Now, here comes "Strange behaviour".
When i work with this application on my own (developer) PC (Win XP, Chrome or IE), the Domino generate the link, which can't be really processed:
/servername/db/postit/postit.nsf/listPostits.xsp/onePostit.xsp?documentId=many_numbers&action=editDocument
Namely, the Bold-marked portion shouldn't be there ! This portion is the name of the XPage, where the View control is in.
When i work with the application from other PC (Mac, Firefox) then i get the correct link (the same as above but without the XPage name inbetween):
/servername/db/postit/postit.nsf/onePostit.xsp?documentId=many_numbers&action=editDocument
update: let us leave for the moment the differencies in generated links between two machines. The first question is - why the extra portion is inserted into automatically generated link?
After playing around i think i might have found the reason for this strange behaviour. Namely, the "Substitution" Rules on the server side. One of them is to substitute "*/postit/all" with "/db/postit/postit.nsf/listPostits.xsp"
If i switch it off, then the Links are generated properly. Still, it's pretty strange to me that these settings influence the way Domino generates the links. I thought it works on the fly with them and those settings have nothing to do with the way how Links are generated inside the application.
So, the help now is needed regarding Web Site Rule Topic, but for that, i guess, i have to create another topic. But in case somebody has some good Info on this, please share it with me. I'm a bit confused at the moment :)
Final Update: Spent some more hours of testing and the results confirmed the initial idea.
If i open the page with the standart URL, i.e.
http://servername/db/postit/postit.nsf/listPostits.xsp then everything is fine, links are generated properly. When i however open the same page with short URL http://servername/postit/all , then server adds the substitute URL (db/postit/postit.nsf/listPostits.xsp) to every single link he generates automatically to be used as the link to open/edit the underlying document.
Is it bug or feature ? Don't know.
As a workaround (because i want to keep simple URL's for the application) i have to manually generate links.
Whenever I save or create a node of a certain user-defined type, I am back in the edit window instead of switching to the first tab labeled view. All my fields (body, title etc. are as they were and no message appears, neither directly on the page nor in the watchdog database log. The validation is working, though, because I see those 'required' messages as soon as I try to save without Title for example.
The strange thing is that when I create a new content type, or use the predefined story and page types, I can edit and create nodes. In the latter case, Drupal answers with an 302 redirect, whereas with the proplematic content types, only a 200 HTTP status is returned.
The issue doesn't seem to be related to either JavaScript (on or off, no difference), Browser (tried Chrome and Firefox) or WYSIWYG (used input formats with and without).
I'm using Drupal 6.22 and the CCK. I have about 7 content types, some of them with fields. I am not using Rules, but a multitude of modules, all of which are up-to-date. I will post a list if this issue can't be solved otherwise.
I have spend the last hours trying to figure this out, both by looking at my installation (settings, database) and by searching Google & Co.
Any ideas?
The situation appeared because Drupal translated both the Upload and the Save button to one word, Speichern. The FileField issue tracker contains the corresponding thread: http://drupal.org/node/684426
The ImageField and Locale modules, along with a language such as German or Finnish were partly responsible for the trouble.
How can we restrict a user from saving the page?
Please provide some tips to disable File->Save and View Source options
EDIT: Obviously it can't be done, and probably shouldn't be attempted. But possibly a more interesting variant on this question is how can we make is sufficiently hard for a user to save a page in a usable format such that it is not worth their while doing so? The question doesn't pose a value, but say we were protecting an article subscription site where the user is paying a few hundred dollars per annum for continued access to text.
Since the page has been sent to the client, there will always be a way to get that information. Trying to stop a user from doing this will only frustrate them.
The only way to have a user not be able to save a file is to not send it to them.
While the best answer is "Don't do this," there are ways to make it more difficult for them. And since the point of this site is actually answer the question even if it's bad, here is the best way:
First you'll need to have the page open in a new window where you turn off the address bar and toolbar and everything else. That will make it so the user can't easily get to the File menu at all. To do this you'll need a "splash" page that the user loads to and then when they click a link, it opens the popup that serves the main content of your page. Details on how to create popups without things like the toolbar are here:
http://blazonry.com/javascript/windows.php
Then you'll want to add some javascript to each page that prevents the user from right clicking. Here is one method:
http://javascript.about.com/library/blnoright.htm
Finally, if it's your Javascript code that you don't want to be seen, then obfuscating your code is a pretty effective way to do that. They can still see the code if they have much know-how, but the obfuscated code would be a gigantic pain to actually interpret. There are lots of obfuscators out there; here is a free web-based one:
http://www.javascriptobfuscator.com/
This is far from foolproof. It will stop all "casual" users, but any power user will probably be able to easily figure out a way around it. Still if the idea is to at least prevent a good majority of it then this should suffice.
Update for updated question:
To address your new expanded question, I would say the best way to accomplish what you're saying is to use a format that supports DRM. Adobe Acrobat would probably be the best choice because almost everyone has the reader installed. You can prevent PDF files from being saved to the computer so that they can only be loaded from the webpage by a logged in user. The user could still do a screen capture of the document itself which I don't believe is preventable (unless Adobe Reader has some security in place for this, which they might) but it should be sufficient security for most uses.
Don't do it.
Seriously, if the user can see the page in their browser they can see the source code and/or save it to their computer.
You are fighting a losing battle here.
What about the browser's cache? It can be saved from there.
What about a print screen? That could also save the page.
The only way to prevent a user from saving something is to not show it to them in the first place.
It's really a waste of time and resources to try and do this in html as any method you use can be trivially circumvented.
Instead I would use some other technology to display the data - you can never get around a screen capture. but if you're for instance displaying text and you want to make it hard for the use to save that text for use elsewhere then possible options include
PDF - which can disable save and print. There are extensions to most popular web languages that will write a pdf on the fly. Indeed you might be as well just to go down the DRM route with Adobe and embed a document
Flash - most probably via Flex which could be used to write a general-purpose app to display text and images. The advantage of Flash is that it's easier to set up links than pdf.
Or something else, a custom java applet, or even a vrml plugin and display the text in 3D!
In all cases you could display text against a disruptive background to make OCR more difficult, and images could be watermarked. However nothing is going to stop a determined and resourceful viewer, although you can possibly make it sufficiently hard that it's not worth their time.
The least you can do is... the content is generated dynamically by Javascript. In that way, they cannot simply save it. Of course, in FX, they can still view the generated code and then copy&paste. however, normally people cannot save the page.
It shouldn't be an issue, but if you really don't want a user from seeing your code (javascript, css or html) for some reason, than you could use some obfuscation tool which makes the code less readable.
Try javascript "encoding" and obfuscation.
Something like
if(document.location == 'mydomain.com') {
content = getAjax('mycontent.xml');
// content will hold something like 72, 94, 81, 99, ... - encoded ASCII codes
document.write(String.fromCharCode(content));
}
It will always be possible to save the page, but for non-technical guys it will be harder to make it work.
There are 2 protections
domain name
converting ASCII
It's only pseudocode, but I think you get the idea.
add these to code sets in script tag
document.addEventListener('contextmenu', function (e) {
e.preventDefault();
});
document.onkeydown = function (e) {
return false;
};
I'd like to add one more method which, imho, is hard to circumvent: Ctrl+S! (for me, Apple+S)
how can we make is sufficiently hard for a user to save a page in a usable format such that it is not worth their while doing so
Nothing hard: add on every page: "Personal property of John Stealer, company Zetabeta, paid with credit card 756890987654, billing address ..., subscription expires 12/20".
This is an "extended text format" that I just invented... it has an amazing property: though it looks like a regular text, user is much less willing to print it out and give to others...