Jump to content

Stripping javascripts?

DrJay

By DrJay
in Website

Followers 2

Recommended Posts

fizzymagic

+fizzymagic

Posted
Posted

Did something happen overnight?

 

I have a javascript hit counter on all my geocache/TB/profile pages that has mysteriously disappeared from each one. :grin:

 

:P What's the deal? :)

The site has been improved. Javascript on your profile pages has been disabled for a couple weeks now. Thank goodness.

Link to comment
robertlipe

robertlipe

Posted
Posted
Didn't we just have this discussion?

That was yesterday. This thread is today. Tomorrow there will be another one.

The paper holds their folded faces to the floor, yet every day the paper boy brings more.

 

It's just plain weird to me that the site recognizes Javascript as one of many naughty and annoying things that should be banished from web pages, yet requires it for many of its own functions, almost all of which could have their crazy javascript viewstate callbacks replaced by a simple and functional link callback that worked sensibly and efficiently in modern tabbed browsing models. If you disable Javascript in your browser, almost none of the recently added features of this site work.

 

Don't get me wrong; I'm not a blind fan of Javascript - it's way overused. I just plain think it's weird that this site is the only one I visit that *requires* Javascript for "go to next page" to work, yet bans it from user pages.

 

Pick a side - your Javascript is categorically good while everyone else's Javascript is categorically bad? I'd much more respect a consistent view.

Link to comment
Semper Questio

+Semper Questio

Posted
Posted
Didn't we just have this discussion?

That was yesterday. This thread is today. Tomorrow there will be another one.

The paper holds their folded faces to the floor, yet every day the paper boy brings more.

 

It's just plain weird to me that the site recognizes Javascript as one of many naughty and annoying things that should be banished from web pages, yet requires it for many of its own functions, almost all of which could have their crazy javascript viewstate callbacks replaced by a simple and functional link callback that worked sensibly and efficiently in modern tabbed browsing models. If you disable Javascript in your browser, almost none of the recently added features of this site work.

 

Don't get me wrong; I'm not a blind fan of Javascript - it's way overused. I just plain think it's weird that this site is the only one I visit that *requires* Javascript for "go to next page" to work, yet bans it from user pages.

 

Pick a side - your Javascript is categorically good while everyone else's Javascript is categorically bad? I'd much more respect a consistent view.

 

I'm with you there. Be consistent.

 

On top of that, it seems every few days I find something else on the site I have to go into my security software and make adjustments for just so the stuff works right. It is quickly becoming the highest maintenance site for me. I'm an IT professional and it drives me nuts. I don't see how non-IT folks even see half of the stuff on this site if they take security package and Windows security default settings! Most average PC users sure as heck don't know how to make all the tweaks I've had to make. I assume they just go in and drop their overal setting to the minimum levels. THAT's comforting! :(

Link to comment
mini cacher

+mini cacher

Posted
Posted (edited)

Pick a side - your Javascript is categorically good while everyone else's Javascript is categorically bad? I'd much more respect a consistent view.

The thing is that they have total control over the javascript that they put on page but have no control over what others would try to put. So they know that stuff they put in is "safe" but they can't say that about use added javascript. Simple javascript can be used to do bad things in a shared environment such as this. As an example, it would be possible to put a bit of javascript on a cache page that would harvest people's GC.com cookies... which can be used to log in as them. I didn't even know that it was allowed until people started mentioning it was gone recently. I'm glad to hear that it was removed.

 

But I won't disagree that some of the javascript used in the site appears to just make things more complicated than it needs to be. But I didn't build the site and I don't know the reason behind doing the things that were done.

Edited by mini cacher
Link to comment
ParentsofSAM

ParentsofSAM

Posted
Posted

I'm with you there. Be consistent.

 

On top of that, it seems every few days I find something else on the site I have to go into my security software and make adjustments for just so the stuff works right. It is quickly becoming the highest maintenance site for me. I'm an IT professional and it drives me nuts. I don't see how non-IT folks even see half of the stuff on this site if they take security package and Windows security default settings! Most average PC users sure as heck don't know how to make all the tweaks I've had to make. I assume they just go in and drop their overal setting to the minimum levels. THAT's comforting! :(

 

I am a non-IT folk and there is times that the site does not work for me so I just turn off all my security stuff and poof it works. So while I am on gc.com I guess I am open to attack but then turn it on when I leave the site. I could never figure out how to make this site and a couple of others work with No Script so I just uninstalled the extension.

Link to comment
fizzymagic

+fizzymagic

Posted
Posted
It's just plain weird to me that the site recognizes Javascript as one of many naughty and annoying things that should be banished from web pages, yet requires it for many of its own functions, almost all of which could have their crazy javascript viewstate callbacks replaced by a simple and functional link callback that worked sensibly and efficiently in modern tabbed browsing models. If you disable Javascript in your browser, almost none of the recently added features of this site work.

Blame Microsoft. The weird javascript-with-POST callbacks is how the .NET web architecture does its thing. Nothing that Groundspeak can do about it; if they want to use .NET, they are stuck.

 

There is a way in which I understand why Microsoft implemented it the way it did; you'll note that there is a large, hidden, opaque form field called __VIEWSTATE on all the pages. The .NET architecture uses that to store the session state on your computer instead of on the server, which makes for a "cleaner" implementation.

 

Except it doesn't, because .NET stores a whole bunch of state information on the server, too. :P

Link to comment
Jeremy

Jeremy

Posted
Posted

 

Pick a side - your Javascript is categorically good while everyone else's Javascript is categorically bad? I'd much more respect a consistent view.

 

It's about trust - not whether script is good or bad. I don't trust profiles to have Javascript when they can be easily abused. I can, however, trust myself with most matters - Javascript being one of them.

 

It's a fallacy that Microsoft requires Javascript. You can do without. We have just decided to use Javascript for some functionality on the site.

 

The Viewstate also has nothing to do with Javascript. It has to do with managing state on the page - what buttons are pressed, what boxes are checked, and the content of certain text areas on the page. You can also do without Viewstate. We just choose to use it.

Link to comment
fizzymagic

+fizzymagic

Posted
Posted
The Viewstate also has nothing to do with Javascript. It has to do with managing state on the page - what buttons are pressed, what boxes are checked, and the content of certain text areas on the page.

I don't think you can use Viewstate without using the javascript callback option. Otherwise the entire viewstate variable has to get put into all the URLS on the page.

 

But I didn't know that you could implement the .NET architecture for stateful pages without Javascript. Cool.

Link to comment
Yellow ants

+Yellow ants

Posted
Posted
It's a fallacy that Microsoft requires Javascript. You can do without. We have just decided to use Javascript for some functionality on the site.

 

Okay, so then we know the boo-boo is squarely on your shoulders. Functionality of the gc.com site is awful. Want to open a link in a new tab? Sorry, no can do, it's all Javascript links :P

Link to comment
Raine

+Raine

Posted
Posted
Want to open a link in a new tab? Sorry, no can do, it's all Javascript links

 

I think that's a bit extreme. Not all links are "javascript".

 

What links are you wanting to open in another tab that are showing as javascript ones?

 

-Raine

Link to comment
Pablo Mac

+Pablo Mac

Posted
Posted
I don't see how non-IT folks even see half of the stuff on this site if they take security package and Windows security default settings!
Some of us don't have any Windows security settings to worry about.

 

Want to open a link in a new tab? Sorry, no can do, it's all Javascript links <_<
I have never had a problem opening any link in a new tab. CMD-Click works every time in Safari & Firefox.
Link to comment
Glenn

+Glenn

Posted
Posted
I don't see how non-IT folks even see half of the stuff on this site if they take security package and Windows security default settings!
Some of us don't have any Windows security settings to worry about.

 

Want to open a link in a new tab? Sorry, no can do, it's all Javascript links <_<
I have never had a problem opening any link in a new tab. CMD-Click works every time in Safari & Firefox.

I'm glad I'm not the only one. I was wondering what everyone was talking about. I use Firefox and I can open every link on GC.com in a tab.

Link to comment
klossner

+klossner

Posted
Posted (edited)

Not me. Firefox 1.5.0.5 under Windows XP SP2: on a profile page, if I middle-click the "Trackables" tab, I get a new tab, blank content, URL

java script:__doPostBack('ProfilePanel1$lnkCollectibles','').

("java script" here should be one word, no embedded space, but the forum post function rewrites it.)

Edited by klossner
Link to comment
DrJay

+DrJay

Posted
  • Author
Posted

 

It's about trust - not whether script is good or bad. I don't trust profiles to have Javascript when they can be easily abused.

 

I guess I understand... it just sucks that jerks have to ruin things for those of us who have no evil intent.

Link to comment
Yellow ants

+Yellow ants

Posted
Posted

Okay, so then we know the boo-boo is squarely on your shoulders. Functionality of the gc.com site is awful. Want to open a link in a new tab? Sorry, no can do, it's all Javascript links :unsure:

 

boo hoo.

 

Glad to know you care so much about your paying customers that you'll ridicule them in public. :shocked:

 

By the way Jeremy, you've still haven't fixed the security hole on the TB pages I told you about weeks ago. Here's a simple test case: As long as you can read the text on this TB, iframes are still allowed.

Link to comment
Urubu

+Urubu

Posted
Posted

I think you made him cry when you said his website's functionality was "awful." The response was apropos to the tone of the post.

 

I disagree. In my opinion (yours may differ...) using a public forum to mock a customer who doesn't like your product is inappropriate. I was shocked by the 'boo hoo' note, and I think it definitely crossed the line.

Link to comment
Team Petey

+Team Petey

Posted
Posted

I completely agree with you Urubu - the "boo hoo" comment was completely inappropriate and bordered on mocking Yellow Ants. Acting as a moderator, I would expect some degree of professionalism from Jeremy.

 

Even if you've had a bad day, a (successful) business still runs on professionalism and service - neither of which was shown by that post.

 

Just my 2 cents...

 

Happy caching to all,

 

-Glen from Team Petey.

Link to comment
Guest
This topic is now closed to further replies.
Followers 2
Go to topic listing
×
×
  • Create New...