+Kaarthuul Posted November 13, 2018 Share Posted November 13, 2018 17 minutes ago, on4bam said: Works like a charm but it should be fixed at GS' side so it works for everyone. Can't even get this to work my side. Such a shame as all my links go to mailchimp which encrypts them anyway. I spent a lot of time making badges for local series that link to a larger version (to see the detail) hosted on my mailchimp account. Now all for nothing Link to comment
+thebruce0 Posted November 13, 2018 Share Posted November 13, 2018 46 minutes ago, Kaarthuul said: I get the popup and say OK but it just opens another profile page instead of the link. The post above talked about changing the HREF link to go via geocaching.com but I could not get it to work? You might have a popup blocker enabled. The hijacked links are working, if you get the confirmation popup - but the link opens in a new tab. The same tab will stay in the same profile page*. Try disabling popup blocking for geocaching.com. I tested your profile and the badge images do appear in a new tab after hitting OK. * as a side note, clicking a link returns to the top of the page because the click event isn't canceled, and since the hash in the link isn't an anchor, it scrolls to the top of the page - another very annoying browser quirk Link to comment
+DerDiedler Posted November 13, 2018 Share Posted November 13, 2018 56 minutes ago, Kaarthuul said: Such a shame as all my links go to mailchimp which encrypts them anyway. I spent a lot of time making badges for local series that link to a larger version (to see the detail) hosted on my mailchimp account. Now all for nothing There you said it. All the efforts put in by users, by paying customors, to create nice banners and profil pages making the game more beatuifull are disrespectfully destroyed or mutilated. 1 Link to comment
+HHL Posted November 13, 2018 Share Posted November 13, 2018 (edited) 17 minutes ago, DerDiedler said: to create nice banners and profil pages making the game more beautiful Actually better caches would make this game more beautiful. Banners and Statistic Pages are not the core part of this game. At least they are not even a minor part of serious geocaching. But "Each to his own" or "Jeder Jeck ist anders". ? Hans Edited November 13, 2018 by HHL 4 1 1 2 Link to comment
+igator210 Posted November 15, 2018 Share Posted November 15, 2018 (edited) On 11/13/2018 at 2:16 PM, DerDiedler said: There you said it. All the efforts put in by users, by paying customors, to create nice banners and profil pages making the game more beatuifull are disrespectfully destroyed or mutilated. And what about the paying customers (and non-paying) that would rather have a secure website instead of a pretty profile? This isn't a social media site. Edited November 15, 2018 by igator210 4 2 Link to comment
+The A-Team Posted November 15, 2018 Share Posted November 15, 2018 29 minutes ago, igator210 said: And what about the paying customers (and non-paying) that would rather have a secure website instead of a pretty profile? This isn't a social media site. Agreed, even speaking as someone who had a "pretty profile". I completely understand why JavaScript has been disabled, and have no problem with that part. The part that doesn't sit quite right is the way it was done. The general public was given no notice of this upcoming change, and therefore couldn't prepare in advance. Apparently some official partners were notified in advance, but were told they could use the staging server to test when that seems to have been an unsuitable test environment. In the end, nobody was ready for the change. As usual, poor communication has led to undesired yet completely avoidable issues. With a reasonable amount of advance notice (say, 2-3 weeks), users and partners could have prepared for the change and there would have been much lower impact. If TPTB were worried about broadcasting that there was a vulnerability that was going to be fixed and that this could lead to exploitation, they need to consider that JavaScript vulnerabilities aren't exactly secret or new, so anyone who was going to exploit it probably already had. The downsides of announcing the change would likely have been negligible. 5 Link to comment
+Gill & Tony Posted November 16, 2018 Share Posted November 16, 2018 OK. I have just spent a couple of days researching FTP, have downloaded an FTP program, learned how to use it, communicated with my ISP regarding settings in the FTP program, uploaded my highly detailed statistics to my ISP's web site, changed my profile on this web site to provide a link to my, now hosted externally, statistics. Excellent! Except Groundspeak have stuffed the link so it loops back to my profile and doesn't connect to the ISP's site. NOT HAPPY. 1 Link to comment
+thebruce0 Posted November 16, 2018 Share Posted November 16, 2018 Looking for the link you're referring to. But, if you use the left click or tap, the link should work (except that now they're not even opening the link in a new tab). If you do any other action on the link (middle click, or right click and open in new tab or window, etc) then the link won't work as intended. Seriously, this needs to be fixed asap. Ridiculous and unnecessary href link hijacking. 2 Link to comment
+Gill & Tony Posted November 16, 2018 Share Posted November 16, 2018 I changed it all back, so it isn't there any more. I left-clicked it, got a message about leaving GS, said OK or whatever, then just got my profile. I'll change the profile back, so you can try it. Give me a few minutes... Link to comment
+Gill & Tony Posted November 16, 2018 Share Posted November 16, 2018 Ignore previous rant, for some reason my browser had a pop-up blocker set for grounspeak. No idea why, I've never set any pop-up blocker. Colour me embarrassed 1 Link to comment
+thebruce0 Posted November 16, 2018 Share Posted November 16, 2018 Ah, yep. Another reason why this link hijack is a Bad Idea. 1 Link to comment
+noncentric Posted November 16, 2018 Share Posted November 16, 2018 On 11/12/2018 at 1:41 PM, thebruce0 said: Yes. Links were left as the user left them in the source html. They are now hijacked during HTML sanitizing for gc.com script interception. Now, "Open in new tab" opens the same GC profile page because the URL is the same as current - the profile page you're looking at. The hijack is in place by appending a hash to the URL which the GC script recognizes, so that it can intercept the link, prompt the confirmation, then follow through with the original URL (which can only be done via the GC script, not with standard browser behaviour). Before the change, the link was just the destination URL. Browser actions on the link were normal. "Open in a new tab" would open the intended destination URL in a new tab. Not so now. I'm not sure what is different, but the right-click "open in new tab" is giving me different results than a few days ago. Still using the same version of Firefox (63.0.1). On the 12th, if I did a "right-click->open in new tab" on the PGC section of someone's profile, then it would open a new tab with that cacher's geocaching.com profile. And nothing on that profile would be clickable. Now, on the 16th, if I do a "right-click->open in new tab" on the PGC section of someone's profile, then a new tab opens with that cacher's geocaching.com profile. BUT, then the pop-up window about leaving the site appears, I click "OK", and then that tab opens to the cacher's PGC profile. 1 Link to comment
+niraD Posted November 17, 2018 Share Posted November 17, 2018 2 hours ago, noncentric said: I'm not sure what is different, but the right-click "open in new tab" is giving me different results than a few days ago. Still using the same version of Firefox (63.0.1). On the 12th, if I did a "right-click->open in new tab" on the PGC section of someone's profile, then it would open a new tab with that cacher's geocaching.com profile. And nothing on that profile would be clickable. Now, on the 16th, if I do a "right-click->open in new tab" on the PGC section of someone's profile, then a new tab opens with that cacher's geocaching.com profile. BUT, then the pop-up window about leaving the site appears, I click "OK", and then that tab opens to the cacher's PGC profile. Yep. Now everything but a simple left-click is broken. Link to comment
+Viajero Perdido Posted November 17, 2018 Share Posted November 17, 2018 "Hey wait! You’re about to leave Geocaching.com. Are you sure you want to do that?" "( ) Allow dialogues from www.geocaching.com to take you to their tab" (Or similar words. I only saw it once.) What is the meaning of the tortured English I've highlighted in bold? Take you to their tab? What?!? (BTW, "dialog boxes" in Canadian English are spelt "dialog boxes", in case you're trying to translate. No need to translate that word. Dialogue isn't a computer term up here, it's when people talk.) Why did this only appear once? If that's intentional, shouldn't there be a "don't ask again" or similar gadget? *** E161118: Parse Error - unable to detect Language *** Link to comment
+thebruce0 Posted November 17, 2018 Share Posted November 17, 2018 Popup blockers are having a hayday with this messup... What's browser? What's website? What's normal? *headdesk* Link to comment
+noncentric Posted November 17, 2018 Share Posted November 17, 2018 2 hours ago, niraD said: 4 hours ago, noncentric said: I'm not sure what is different, but the right-click "open in new tab" is giving me different results than a few days ago. Still using the same version of Firefox (63.0.1). On the 12th, if I did a "right-click->open in new tab" on the PGC section of someone's profile, then it would open a new tab with that cacher's geocaching.com profile. And nothing on that profile would be clickable. Now, on the 16th, if I do a "right-click->open in new tab" on the PGC section of someone's profile, then a new tab opens with that cacher's geocaching.com profile. BUT, then the pop-up window about leaving the site appears, I click "OK", and then that tab opens to the cacher's PGC profile. Yep. Now everything but a simple left-click is broken. With left-click: The issue I'm seeing is that different profiles behave differently with left-click. I click on the PGC section of one cacher's profile (NYPC) and the PGC page opens in a new tab - the same action on the PGC section of another cacher's profile (Mineral2) causes the PGC page to open within the same tab. Not sure if there's something different in the cacher's profile coding or something else. Link to comment
+Viajero Perdido Posted November 17, 2018 Share Posted November 17, 2018 Are all servers behind the load balancer running identical versions of the website? Or is someone tinkering with a live server? Link to comment
+NYPaddleCacher Posted November 17, 2018 Share Posted November 17, 2018 7 hours ago, noncentric said: With left-click: The issue I'm seeing is that different profiles behave differently with left-click. I click on the PGC section of one cacher's profile (NYPC) and the PGC page opens in a new tab - the same action on the PGC section of another cacher's profile (Mineral2) causes the PGC page to open within the same tab. Not sure if there's something different in the cacher's profile coding or something else. It could be how the link is created on different profiles. The "target" attribute in an anchor tag determines whether to open a link in the current page or as a new page. I didn't notice that clicking on the PGC image was triggering a pop-up blocker at first, but once I white-listed geocaching.com, a left-click on the PGC image would bring up the "you are leaving the site" dialog box, then clicking ok would redirect to the project-gc page. Link to comment
+Nothereeither Posted November 22, 2018 Share Posted November 22, 2018 GSAK seems to have updated FindStatGen3 (V4.6.3) and released it on 11/17/18 so that the fonts and links work for me. My profile information is back the way it used to appear and work. Link to comment
+Gill & Tony Posted November 22, 2018 Share Posted November 22, 2018 (edited) 3 hours ago, Nothereeither said: GSAK seems to have updated FindStatGen3 (V4.6.3) and released it on 11/17/18 so that the fonts and links work for me. My profile information is back the way it used to appear and work. But Javascript is still gone. No tabs and no collapsible HTML Edited November 22, 2018 by Gill & Tony 1 Link to comment
+not2b Posted November 27, 2018 Share Posted November 27, 2018 On 11/10/2018 at 4:41 PM, Gill & Tony said: Can anyone explain to me why European law applies in the US or any other non-European country? I mean, if an EU citizen chooses to visit the US physically, they are subject to US law. Why is it different if they choose to visit virtually? They aren't just visiting, they are paying if they are premium members, so GS is definitely doing business in Europe. But even if they weren't paying, the law applies to sites collecting personal information on EU citizens, so GS can either ban Europeans entirely or it can follow the GDPR. It works in reverse too: European companies are often compelled to choose either to follow some US rule or be banned from the US market. 1 Link to comment
+Vooruit! Posted November 29, 2018 Share Posted November 29, 2018 I know GS's standards are low, but this is taking things to a whole new level. If you would have any interest AT ALL in what your users are doing, you would NOT have implemented such a stupid update that 'just' breaks every user's profile page. Unbelievable. 4 Link to comment
+Gill & Tony Posted November 29, 2018 Share Posted November 29, 2018 On 11/28/2018 at 7:35 AM, not2b said: They aren't just visiting, they are paying if they are premium members, so GS is definitely doing business in Europe. But even if they weren't paying, the law applies to sites collecting personal information on EU citizens, so GS can either ban Europeans entirely or it can follow the GDPR. It works in reverse too: European companies are often compelled to choose either to follow some US rule or be banned from the US market. I'm not trying to be snide here, but that seems to mean that the US government (and any other non-EU government) has to apply EU law because they collect personal information from EU citizens whenever an EU citizen crosses their border and their passport details (and visa details) are recorded. Is that correct? Link to comment
+on4bam Posted November 29, 2018 Share Posted November 29, 2018 Yes, the have to follow EU law, but as you might expect, there are special rules for law enforcement/government. We can't have our data deleted from the finance dept. servers. A webshop will have to delete your data but there are exceptions if it's needed to keep them for warranty and/or for bookkeeping reasons (tax reasons). Link to comment
+K13 Posted November 30, 2018 Share Posted November 30, 2018 On 11/29/2018 at 6:59 AM, Vooruit! said: I know GS's standards are low, but this is taking things to a whole new level. If you would have any interest AT ALL in what your users are doing, you would NOT have implemented such a stupid update that 'just' breaks every user's profile page. Unbelievable. Nothing was broken on my profile page by this update. 3 Link to comment
+thebruce0 Posted November 30, 2018 Share Posted November 30, 2018 Not every user. Only those that employed javascript for any reason. And some link mechanics. Link to comment
Recommended Posts