78 items tagged “browsers”
2009
Changes in Opera’s user agent string format (via) How depressing... Opera 10 will ship with 9.80 in the User-Agent string because badly written browser sniffing scripts can’t cope with double digits.
Critical Mac OS X Java Vulnerabilities. There’s a five month old Java arbitrary code execution vulnerability which hasn’t yet been patched by Apple. Disable Java applets in your browser until it’s fixed, or random web pages could execute commands on your machine as your user account.
Cross Browser Base64 Encoded Images Embedded in HTML (via) Scarily clever. View the PHP source to see what’s going on—most browsers get image tags that use data URIs starting with data:image/png;base64, but IE gets served a Content-type:message/rfc822 header and a MIME formatted multipart/related document, as used by e-mail clients to embed inline image attachments.
10 Cool Things We’ll Be Able To Do Once IE6 Is Dead. Highlights include child and attribute selectors, 24bit PNGs and max-width and min-width. Simple pleasures, but I can hardly wait.
cufon. A promising alternative to sIFR, cufon uses VML on IE and canvas on other browsers to render custom fonts in the browser. You have to convert your font to JavaScript first, either using their free hosted tool or by installing the FontForge based server-side script yourself. The JavaScript encoded font file uses VML primitives to improve IE performance; the JavaScript library converts that to canvas calls for other, faster browsers.
Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari. You just can’t trust browser security: Current versions of Safari, IE8 and Firefox all fell to zero-day flaws at an exploit competition. None of the vulnerabilities have been disclosed yet.
CSRF is not a security issue for the Web. A well-designed Web service should be capable of receiving requests directed by any host, by design, with appropriate authentication where needed. If browsers create a security issue because they allow scripts to automatically direct requests with stored security credentials onto third-party sites, without any user intervention/configuration, then the obvious fix is within the browser.
2008
Getting OpenID Into the Browser. David Recordon makes the case for online identity management as a key browser feature (I like the “your browser is currently locked” concept), and argues that Gears is in a great position to deliver it.
The March of Access Control. The W3C Access Control specification is set to become a key technology in enabling secure cross-domain APIs within browsers, and since it addresses a legitimate security issue on the web I hope and expect it will be rolled out a lot faster than most other specs.
and now... Opera. Jon Hicks is joining Opera as Senior Designer. I absolutely cannot wait to see what he comes up with there.
The greatest coup Microsoft pulled with Internet Explorer was putting the word "Internet" in its name. It sits there, on the desktop of every new Windows computer, and it says "Internet". So you click it. [...] What better way to beat a browser with the word "Internet" in its name - a browser that seemingly can't be beat no matter how hard we try - than the Internet Company itself making a browser?
Chromium. Google Chrome is out! Here’s the open source project, including the code for the new V8 JavaScript virtual machine.
A browser sniffing warning: The trouble with Acid3 and TinyMCE. Opera recommend “bug detection”, a step up from object detection and browser sniffing where your JavaScript includes mini unit test style fragments of code designed to test if buggy behaviour you are working around still affects the user’s browser.
Why do browsers still not have file upload progress meters? Great question.
When Bugs Collide: Fixing Text Dimming in Firefox 2. Handy tips from Drew on fixing the glitchy text rendering in Firefox 2 when you animate opacity without breaking alpha-transparent PNGs in IE6.
If we see good usage, we can work with browser vendors to automatically ship these libraries. Then, if they see the URLs that we use, they could auto load the libraries, even special JIT'd ones, from their local system. Thus, no network hit at all!
Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.
Happy Run Some Old Web Browsers Day! jwz has recreated home.mcom.com, the original home of the Mosaic Communications Corporation, using a snapshot from 21st October 1994 and a domain borrowed from current owner AOL. Also includes instructions on running 1994 Mosaic Netscape binaries under a modern Linux distro.
Ian's Acid 3, unlike its predecessors, is not about establishing a baseline of useful web capabilities. It's quite explicitly about making browser developers jump - Ian specifically sought out tests that were broken in WebKit, Opera, and Gecko, perhaps out of a twisted attempt at fairness. But the Acid tests shouldn't be fair to browsers, they should be fair to the web; they should be based on how good the web will be as a platform if all browsers conform, not about how far any given browser has to stretch to get there.
Opera and the Acid3 Test. Screenshot shows 100/100 (live code or it didn’t happen!)—Opera’s codebase must be in extremely good shape to fix so many issues so quickly.
IE8 speeds things up. Steve Souders notes that IE8 downloads script files in parallel before executing them sequentially, giving it a significant speed boost over other browsers that download sequentially.
Sunsetting Quirks Mode. Apparently proper standards support in IE (or at least the IE8 renderer) will be triggered by the HTML5 doctype, providing an alternative to those who don’t wish to pollute their markup with an IE-specific meta tag.
Legacy. James Bennett has what I think is the most interesting analysis of the X-UA-Compatible header to date.
If Web authors actually use this feature, and if IE doesn't keep losing market share, then eventually this will cause serious problems for IE's competitors — instead of just having to contend with reverse-engineering IE's quirks mode and making the specs compatible with IE's standards mode, the other browser vendors are going to have to reverse engineer every major IE browser version, and end up implementing these same bug modes themselves.
<META HTTP-EQUIV="X-BALL-CHAIN">. Mozilla hacker Robert O’Callahan discusses the technical implications of freezing copies of older rendering engines, including the increased footprint and the terrifying prospect of documents in different rendering modes communicating through iframes and the DOM.
The versioning switch is not a browser detect. PPK: “In other words, the versioning switch does not have any of the negative effects of a browser detect.”
Like DOCTYPE switching did in 2000, version targeting negates the vendor argument that existing behaviors can't be changed for fear of breaking web sites. If IE8 botches its implementation of some CSS property or DOM method, the mistake can be fixed in IE9 without breaking sites developed in the IE8 era. This actually makes browser vendors more susceptible to pressure to fix their bugs, and less fearful of doing so.
Beyond DOCTYPE: Web Standards, Forward Compatibility, and IE8. This has huge implications for client-side web developers: IE 8 will include the ability to mark a page as “tested and compatible with the IE7 rendering engine” using an X-UA-Compatible HTTP header or http-equiv meta element. It’s already attracting a heated debate in the attached discussion.
2007
Safari CSS Reference. Official documentation covering the CSS properties supported by Safari, including the -webkit proprietary extensions.
CSS3 and the death of Handheld Stylesheets. I hadn’t looked at CSS 3 media queries before (which let you apply different styles based on media features such as screen width, height and colour availability)—they seem like a much smarter solution that handheld stylesheets and also appear to be preferred by device vendors.