|
Wednesday, 10 January 2007
Is this the future of web debugging? I think so.
Thursday, 21 December 2006
I’ve been asked a question similar to this one a number of times over the last few years:
Our business partner has a “members only” area on their public website and they have given us our very own “access code” in order to gain access to that area. How do we access the “members only” area directly, bypassing their web form which prompts for the “access code”?
Provided your business partner’s website doesn’t bother checking the “HTTP referer” field when the request is made by the client software connecting to them, something as simple as this will do:
<form action="http://someinsecurewebsite.com/" method="post">
<a href="javascript:document.forms[0].submit()">click me, click me</a>
<input name="accesscode" type="hidden" value="abc123" />
</form>
I’m assuming that your business partners URL for the web form is “http://someinsecurewebsite.com/”, the name of their access code field is “accesscode” and that your allocated access code is “abc123″. I’m also assuming that your web page which contains the above code has no other forms and that the client browser has JS enabled.
I won’t comment on what I think of the practice of providing such a weak security mechanism to provide access to restricted areas of public websites. I’ll save that for a future post. But let’s just say that it’s still a popular choice when you only want to discourage the general public from seeing certain sections of your website.
Wednesday, 4 October 2006
Having recently ported some HTML pages to XHTML, we were a little surprised that our favourite validator continued to warn us that our very simple one-line javascript code was no longer correct:
<script language="javascript" type="text/javascript">
copthis();
</script>
Apparently, the trick is to enclose the actual javascript code with a “CDATA” section like this:
<script language="javascript" type="text/javascript">
//<![CDATA[
copthis();
//]]>
</script>
The reason is apparently that under the XHTML standard, the javascript code is considered as “PCDATA” and therefore treated by the validator in the same manner as the rest of the markup code. See this article from About.com for more.
Tuesday, 11 April 2006
I know that Pope John Paul II has only been dead for a year now, and what I’m about to say could be interpreted as blasphemy, but did he get ripped off by his web designers or what? Take a look at his website and see for yourself.
First of all, you get the notorious mystery meat navigation. Or in this case, perhaps I should call it “holy meat” navigation instead. There’s the Pope, the mountain with the cross and then there’s a bunch of numbers, representing what must be significant years in his life. The idea behind this now dated (and still irritating) designers technique is to point your mouse over these links in order to supposedly get a visual confirmation that the link you’re pointing to is in fact a link.
Read more >>
|
