Archive for the ‘browser’ Category

3 Comments

Fixing the iPhone CSS hover problem on iOS

Wednesday, November 6th, 2019

Mobile phones don’t have a mouse, your greasy fat touchy fingers have to do the job, they kinda act like a giant mouse.

There is major difference: a mouse can click, drag and  hover above the screen, while your fingers can click and swipe, but not hover. Well they can, but nothing is happening then. 🙂

The official terms here are: mouse-events, touch events, and pointer events, for both mouse and touch events. So touch events don’t know about hover, cause that is a mouse event.

So those nice old style CSS-only dropdown menu’s won’t work on your phone, because the depend on :hover.

Hover events work on mobile Android or Firefox browsers, as those browser vendors looked for compatibility, and made a click with your fingers act like hover on elements that are not a link. That is smart thinking, and good care for compatibility. Keep old sites working. Keep sites accessible without forcing Javascript.

But they don’t work on iPhone or mobile Safari, so we need a solution for that.

Plain HTML is and has always been responsive. It’s the CSS that destroyed it, by setting explicit width.  Well there was no max-width, so designers had not much choice. But remove all CSS and magically your HTML will be responsive, except for tables and large images, but at least you can scroll them into sight so everything is still accessible.

Pity the Apple people. An iPhone with mobile Safari doesn’t do :hover, breaking compatibility for old sites, and forcing webdevelopers to use `Javascript`  for these trivial things. Annoying.

There are examples on the internet how to fix that, like adding an onclick attribute to every element you want the :hover rule for, but that’s adding a lot of code, and the elements the don’t hide again when you click somewhere else.

We need better solutions!

How to make :hover  work on Safari iOS on iPhones and iPads.

Here are a few very simple options, that I came up with having a new iPhone 11 around for a couple of days. Tested on the latest iOS 13.
(more…)

No Comments

Keeping the old TinyMCE editor while upgrading to WordPress 5.0

Sunday, December 30th, 2018

WordPress 5 has introduced a new block editor. Playing with the layout is easier this way, but on the other hand, writing a new post should not take more time than typing the text. Layout should be in the theme.

I guess competition from other website-hosting companies like wix.com, yola.com, weebly.com and jimdo.com is the culprit here. They all offer drop and drag editors for layout. No need for any knowledge of HTMl and CSS, or PHP. A noob should do the job apparently. And now WordPress is following. Designing without a developer is the new thing.

Not sure if I like that, WordPress has better performance with a minimum of plugins, and is CSS not handled better in CSS files?

If you’re used to the old, and why not, it’s working fine, just add this to your function file:

add_filter('use_block_editor_for_post_type', 'atys_disable_block_editor');
function atys_disable_block_editor($use_block_editor) {
return false;
}

The new block editor is another example that progress is not necessarily an improvement for all. Some will be scared by all the changes, speaking for myself: I think I will switch to a markdown editor sooner or later.

Less is more. For now, the old editor is OK.

No Comments

Security by design: following the right principle

Friday, April 6th, 2018

Since there was some attention to a CSS driven keylogger, it’s good again to point out the security risks of third party content. That risk is huge.

When a third party CSS Stylesheet can steal your password, it would be a piece of cake for any Javascript script to do the same.

If you follow this blog, it will not surprise you that we’re skeptical to all the JavaScript driven frameworks that are fashionable. In general Javascript is bad for security, privacy, and the planet 🙂 : battery usage. It’s good for tracking, fingerprinting and advertisements, and visual eye-candy.

Yes, JavaScript can be nice, but please adhere to these old principles: graceful degradation and progressive enhancement. And it’s fashionable not to follow those principles.

Don’t force JavaScript, because you’re trying to sell adds, or track users.

Don’t overdo JavaScript: an URL with your contact info should have your contact info (in HTML). Otherwise you should point to another URL. Don’t hide this information behind Javascript and in JSON somewhere. You’re breaking the internet. Keep information accessible.

It’s important to underline again. Every script that is loaded with <script> has access to the DOM, and if the page is a login page, it has access to the password and username.

So a simple principle can be deducted, and it’s a shame that we have to repeat it here.

Never add any (third party) script to a login page. NEVER.

Nobody should be authorized to have access to a plain password, except for the user. Nobody. Limit access by design, not by trust.

(more…)

No Comments

Web-extension compatibility in the cookieStore

Tuesday, January 9th, 2018

Since Firefox embraced the Web-extension API, life is easier for developers: extensions should be compatible with Chrome, Opera, Firefox, Edge, and Firefox Mobile.

So Firefox Android became my favorite mobile browser, because it’s the first mobile browser to support extensions. Well, there was a lab version of Opera Mobile (Presto), but that died even earlier then Presto died, unfortunately.

But it’s not all sunshine. There are quirks, and incompatibilities in webextensions. Of course you would say. And I’m talking about more then just the chrome/browser name-space differences.

Take cookies and cookiestores.

cookies.getAllCookieStores()

Browser vendors use different storeId’s, but do not really document it.

Chromium/Opera/Chrome storeId ‘s

  • “0” for default windows
  • “1” for private windows

Firefox uses different storeId’s

  • “firefox-default” for normal windows
  • “firefox-private” for private windows.

How to set a cookie

Here some examples to evade the cookie-wall of Volkskrant.nl newspaper by setting cookies.

For a default Firefox window

browser.cookies.set(
 { url: "https://www.volkskrant.nl",domain: ".volkskrant.nl", name: "nl_cookiewall_version", value:"1", storeId:"firefox-default"}
 );

For a Firefox private window

browser.cookies.set(
 { url: "https://www.volkskrant.nl",domain: ".volkskrant.nl", name: "nl_cookiewall_version", value:"1", storeId:"firefox-private"}
 );

For a Chromium/Opera/Chrome default window

chrome.cookies.set(
 { url: "https://www.volkskrant.nl",domain: ".volkskrant.nl", name: "nl_cookiewall_version", value:"1", storeId:"0"}
 );

For a Chromium/Opera/Chrome private window

chrome.cookies.set(
 { url: "https://www.volkskrant.nl",domain: ".volkskrant.nl", name: "nl_cookiewall_version", value:"1", storeId:"1"}
 );

 

 

6 Comments

openVPN on Ubuntu, fixing import errors

Sunday, October 22nd, 2017

You can run into trouble importing an .ovpn config file in Ubuntu, while the same file is imported without any problem in Android.

Somehow when there are unknown or not-supported sections in the config file, importing in Ubuntu will fail with this rather obscure error:

The file 'vpn.ovpn' could not be read or does not contain recognized VPN connection information

Error: the plugin does not support import capability.

The solution is to manually edit the openvpn.ovpn file in a text editor and fix it.

In my case the openvpn.ovpn config file suffered from 2 problems:

  • connections were double defined
  • a <dh> tag was includes, which shouldn’t be in a client file

Fixing the openvpn.ovpn file import

Following these steps will fix the import of openvpn.ovpn config files in Ubuntu 16.04 LTS. Open the openvp.ovpn in a text-editor.

  1. Delete the complete <dh> tag.
  2. When you have multiple <connection> tags, it won’t import. Remove the TCP connection tag completely:
    <connection>
    remote <ip> 443 tcp-client
    </connection
  3. The edit the remaining connection tag by removing the surrounding tags, simply unXML it.
    <connection>
    remote <ip> 1194 udp
    </connection>
    to
    remote <ip> 1194 udp

Save your file and import it.

  1. Edit connections
  2. Add
  3. Scroll down
  4. Import a saved vpn connection
  5. create
  6. Select the edited openvpn.ovpn file
  7. Done!

Explanation

The Diffie Hellman Parameters are only needed for the server, so this is a bug in  the openvpn server that creates the client config file. Still the import script should skip this setting instead of choking on it.

Then the multiple connection issue: Most openvpn servers will accept connections over UPD (preferred setting), but will offer a fallback over TCP when the client is behind a firewall that doesn’t allow UDP. This will happen now and then. The TCP port is the same as the https port, so that port is always open. It seems the network manager doesn’t allow multiple connection setup, although it can use a TCP connection. If you need TCP as a fallback just setup two connections:

  1. OpenVPN UDP
  2. OpenVPN TCP

And choose what you need in your network settings, this is probably the best solution. And actually easier then changing method inside the the profile settings, like you should do in Android.

You probably need to replace tcp-client with tcp, and remove the connection tag:

remote <ip> 443 tcp

Happy and safe networking!

No Comments

Sorting with grid

Wednesday, April 12th, 2017

A while ago we showed you a way to use flexbox for sorting lists and tables. This month the powerful CSS Grid layout system went unprefixed in all major browsers.

In short Grid is for two dimension grids, while Flexbox is better suited for one dimensional layouts, like a nav bar. They can work together, a grid cell can be a flexbox container and vice versa.

The grid system is rather easy to grasp, it doesn’t have much surprises.

Let’s go over to the sorting trick:

Just push the buttons or table header to sort the stuff.

How does it work

Sort the elements on text and write the grid order attribute for CSS.

<li style="grid-row-start: 7;">scstqehfr</li>

The main `win` of css sorting is you don’t need to modify the DOM, which is expensive in most browsers. That said, you need some CSS trickery to get tables look like tables at the moment a tbody has a grid or flexbox display-layout.

Read more about the Basic concepts of grid layout here.