Jump to content

HTML target attribute broken


arisoft

Recommended Posts

2 hours ago, arisoft said:

Many cache descriptions contains links to external pages. Many of these links has a special attribute target="_blank" to open the linked external page into a new tab instead of changing the current page. It is also common to open these links by pressing "Ctrl" button while clicking the link to force it to open into a new tab.

 

Due to recent changes, both methods has been rendered useless. Instead of opening a new tab this dialog is displayed:

kuva.png.55006d8c2961259175e04b1434425485.png

 

Answering "Ok" to this opens the new page always into the current tab which is not the preferred outcome.

 

This is horrible. In my new multi that was only published a week ago, I specifically wanted it to open a link (an enhanced version of the image on the cache page) in a new tab so that the viewer could continue reading the description. I've done similar things in other caches where clicking on an image (or part of an image) is meant to open additional information in another tab, NOT leave the cache page with the rest of the description unread. Looks like in this Year of the Hide HQ are intent on breaking them.

  • Upvote 5
  • Helpful 2
Link to comment
2 hours ago, mustakorppi said:

As you already have a list of allowable websites and API partners, why do you feel this disclaimer is necessary for sites you've already vetted to at least some degree?

 

In my case:

 

ExternalLink.jpg.5ff1231b16d031c4d27224b8c592f475.jpg

 

the "external link" they're objecting to is https://img.geocaching.com/cache/525b4663-f218-4f62-98ff-b046eab7418f.jpg so I guess geocaching.com doesn't trust images hosted on geocaching.com.

 

After all the time, effort and money I put into developing this cache, it's pretty disheartening to have it effectively killed off less than a week after it was published with no forewarning or explanation from anyone at HQ. That's it, in this Year of the Hide there won't be any more hides from me.

  • Upvote 2
  • Helpful 3
Link to comment
6 hours ago, 2Abendsegler said:

There are some bugs that haven't been corrected for weeks. Instead of correcting these bugs, the developers deal with something unnecessary like this. Sorry, but I really don't understand that.

 

I second that.

 

When we add the parameter target="_blank" in our HTML code, it is because we want the link to open in a new page. And now Groundspeak is changing that without respect for geocachers who, like me, take the time to code beautiful cache listings.

 

Another changes that no one asked for...!!!

Edited by OusKonNé & Cétyla
  • Upvote 1
  • Surprised 1
  • Helpful 4
Link to comment

Fixed for now:

 

Workaround.jpg.85c65dc8dbce1e99f659b2cb582d13a2.jpg

 

I need the linked image to be opened in a new tab because there are instructions after that point in the description on what to look for where the pointers are pointing and how to use what you find there, and I can't really move that information forward as it would have no context. I'm really not happy with this, not by a long shot, and will weigh up my options on what to do with this cache over the coming days.

 

If this change has been forced by some tinpot US legislature then so be it, otherwise it seems a pretty heavy-handed overkill for what is probably a non-existent problem.

Edited by barefootjeff
  • Helpful 1
Link to comment

Thank you for bringing this issue to our attention.

A hotfix was deployed today so that HTML attributes other than the default target="_self" will be respected once a player confirms the browser dialogue with OK.

Feel free to use Jeff's cache that he was speaking of as a test case: https://coord.info/GC9M6X5The browser dialogue will remain as this was a necessary security improvement.

Please note, that small site security updates have traditionally not been covered by release notes as the latter are reserved for larger new feature releases.

  • Upvote 1
  • Funny 1
  • Surprised 1
  • Helpful 2
Link to comment
48 minutes ago, onepooja said:

The browser dialogue will remain as this was a necessary security improvement.

 

Thanks for the hotfix, but I'm curious why this security improvement is deemed necessary in cases when, as with my cache, the link is pointing to an image hosted on geocaching.com. The warning is actually quite misleading in this instance as opening the link isn't leaving geocaching.com. Similarly with links in Project GC challenge checkers and third party puzzle checkers, I wouldn't have thought those posed a security risk. As mustakorppi said earlier in this thread, you already have a list of approved hosts for third party image links, so I would have thought that it would make sense to bypass the security warning when the link embedded in an image points to something hosted on one of those.

  • Upvote 1
  • Helpful 1
Link to comment

Frankly you are missing the point.

 

This functionality has long been around for links in logs and in the Message Center. There was now reason to expand it to the the Cache Details Pages, too.

 

The message informs players that they are leaving the domain geocaching.com and to be mindful of that - not more and not less. Your image from a technical standpoint is hosted on a different domain - see the URL.

 

Nowhere does it say "this is not part of our list of approved domains and is probably dangerous".

 

Now, why not cover a list of other domains here as by default okay? Because as very small a chance as it might be, people could technically put malicious stuff on one of the approved image hosting sites if they really wanted to or one of the other domains could get hijacked. Hence it is prudent to better be safe than sorry - instead of creating an option for complaints about why one blindly trusted anything outside of geocaching.com.

 

You don't have to like this change. That said, your cache that you wanted to archive is in a functioning state again. So I recommend you focus on enjoying that and its logs coming in.

  • Surprised 3
  • Helpful 1
Link to comment
13 minutes ago, Bl4ckH4wkGER said:

Frankly you are missing the point.

I think you are missing the point that everything you said in this message comes at the cost of usability. This warning has no benefit for your users: we come to geocaching.com for the user-generated content.  If enjoying that content means clicking a link to certitudes.org, then we either click that link or have no reason to come to geocaching.com in the first place.
 

No one is blindly trusting anything on the internet, including geocaching.com. But how would your internet experience be like if every site you visit did this for their external links?

  • Upvote 3
  • Helpful 3
Link to comment
15 minutes ago, Bl4ckH4wkGER said:

Nowhere does it say "this is not part of our list of approved domains and is probably dangerous".

 

But it does begin with Hey wait! with an exclamation mark which to me implies that you should stop and rethink what you were about to do. If I'm walking towards the edge of a cliff and someone yells out "Hey wait!" they probably want me to stop and not go any further.

 

 

  • Upvote 2
  • Helpful 2
Link to comment
3 hours ago, Bl4ckH4wkGER said:

Frankly you are missing the point.

 

I don't share this feeling. I understand why this is important and didn't even ask to remove the feature. @onepooja already reported that the main issue is fixed now.

 

3 hours ago, Bl4ckH4wkGER said:

The message informs players that they are leaving the domain geocaching.com and to be mindful of that - not more and not less. Your image from a technical standpoint is hosted on a different domain - see the URL.

 

For my view https://img.geocaching.com/cache/525b4663-f218-4f62-98ff-b046eab7418f.jpg is on the same domain as https://forums.geocaching.com or https://www.geocaching.com/geocache/GC9M6X5_the-bushrangers-legacy

 

These are subdomains of geocaching.com and under your control. The warning text is "Hey wait! You're about to leave Geocaching.com." is not correct if the intented feature is warning about leaving www.geocaching.com subdomain.

 

From the security point of view, it does not make sense to cry wolf just in case.

Edited by arisoft
  • Upvote 1
  • Helpful 5
  • Love 1
Link to comment
3 hours ago, Bl4ckH4wkGER said:

You don't have to like this change. That said, your cache that you wanted to archive is in a functioning state again. So I recommend you focus on enjoying that and its logs coming in.

 

As I said in another thread before all this happened, I don't expect this cache to get many finders or FPs (currently 2/1 after its first week, both on the morning after publication). If I'd wanted lots of logs I'd have just put out a trail of pill bottles under bushes and saved all the hassle. What I do want is for those who decide to take it on to have the best experience I can give them, and that includes a cache page that's absorbing and as seemless as I can make it in its presentation. Breaking the suspension of disbelief is what immediately comes to mind when I see that Hey wait! box pop up right at the climax of the narrative and had I known this was about to happen I would have designed it differently to avoid embedded links in images altogether. It's too late now, I know, I just have to put it down to experience and learn not to try something like this again.

  • Upvote 1
  • Helpful 1
Link to comment

This is silly on the level of writing "objects in mirror are closer than they appear" on vehicle rear view mirrors (or was it the other way around? R.I.P. Meatloaf). Nobody expects Geocaching.com to have reviewed those links.

 

Ironically, for me this is kind of an improvement. I wasn't aware of the ctrl-click method of opening a link in a new tab and was always annoyed when clicking the checker link for a puzzle cache made the checker replace the cache description. Especially during speed-solving efforts. Now this popup serves as a reminder to do right-click instead. Only it should say "Hey wait! You're about to replace the cache description with this external link.".

 

Funny that right-clicking and opening in a new tab does not bring up the warning popup. Is it safe to visit an unreviewed link in a new tab?

  • Helpful 1
Link to comment

Somehow I can't understand why this popup is there.

1, It's 2022. You can do something like

"Try to find it on Google (!)."

Link through your redirector, exclamation mark to report link, block link after five reports.

Using a pop-up window on each link is a solution like in 2000.

 

2, Excessive use of pop-ups is not appropriate.

External links have not been reviewed by Geocaching.com? Yes, I think I read about it somewhere in guidelines.

First popup: OK, maybe they want to remind me.

Second popup: They still don't know that I know? OK.

Fifth popup on the same link: Do they think I'm stupid? Cancelclick the link again, Block pop-ups on Geocaching.com, OK.

A few months later, an important message in the pop-up window: I see nothing, pop-ups on Geocaching.com already blocked.

 

  • Upvote 4
  • Helpful 1
  • Love 3
Link to comment
8 hours ago, M.B.E.S. said:

Thanks for this first fix. However, using CTRL+clicking on the link to open the link in a new TAB still doesn't work. The link still opens in the current TAB after the notification.

This!

 

Please stop breaking basic built-in browser functionality. You are creating inconsistencies that reduce the predictability of browser behavior, and that reduce the usability of the web as a whole.

  • Upvote 3
  • Helpful 2
Link to comment
1 hour ago, Max and 99 said:

This really should have been a release note. It is significant enough to warrant one.

Better yet, it should have been rejected during design review, usability review, or code review.

 

But I've been on development teams when someone non-technical (legal, marketing, etc.) dictates the implementation of some misguided feecher, so I have some sympathy for the developers.

  • Upvote 5
  • Love 2
Link to comment
17 hours ago, ChriBli said:

Funny that right-clicking and opening in a new tab does not bring up the warning popup. Is it safe to visit an unreviewed link in a new tab?

 

It's a technical thing. All the website is doing is intercepting the left click on a link and inserting their own functionality before the browser dealt with the link syntax (which is why the 'target' was being lost initially). Right clicking is a browser function and the website isn't informed that "open in a new tab" was chosen. They would have to start intercepting the right click functionality - and I truly hope they do not do that because that would be even more ludicrous =/

 

5 hours ago, niraD said:

But I've been on development teams when someone non-technical (legal, marketing, etc.) dictates the implementation of some misguided feecher, so I have some sympathy for the developers.

 

And, as always, the critical is always the loudest and smallest. People in the middle who shrug it off won't say anything and accept it (the vast majority), and people who don't know any better really have no idea what's happening or why, they'll just follow what the internet tells them. So the majority of response will be okay/great. Even though the criticisms may be well-thought and valid, and implementing fixes would also be accepted by majority (because of the middle).

Focus testing is definitely no easy thing, and making decisions should never be done simply by majority neutral/positive response. When many will say "I love it!" without knowing any better, something could be broken and they'd never realize. 

 

Anyway... there are many developers and professionals in these forums, some very blunt, but overall a very very very small segment of the community. I think the only hope for constructively critical responses from here to be heard is if a developer/lackey takes a comment or idea to heart and presents it to the dev team, however that may be done at HQ, with some umph. *shrug* (and it's not like that ever happens, but I think this update is yet another good example of a whole lot of professional feedback, like decades of man-years - yet met with "you don't have to like it" - which sadly feels pretty insulting to our intelligence).  Especially when many new updates are rolled out with bugs that many forum-goers seem to catch almost immediately, wondering how they snuck by... 

 

But gah, I truly hate being negative. Sometimes things just need to be .. um, gotten off the chest. :P

 

Edited by thebruce0
minor sentence expansion
  • Upvote 2
  • Helpful 1
  • Love 2
Link to comment

Just noticed this change and here to pile on. 
 

hey Groundspeak, this change to have a pop up stinks!!!

 

we’ve all been using web browsers for 20 years or more. We know how the internet works. 
 

when you click a link it may be taking you to a new site. That’s the way the “world wide web” was designed. 
 

I don’t need your annoying pop up to educate me of this fact EVERY TIME. 
 

 

Edited by HoochDog
  • Upvote 5
  • Helpful 1
Link to comment
On 1/29/2022 at 1:01 AM, Bl4ckH4wkGER said:

This functionality has long been around for links in logs and in the Message Center.

I've been thinking about this since your post. I really cannot think of any time that I've gotten this warning on a log or in the message center. Maybe I'm just misunderstanding what you stated.

Edited by Max and 99
Link to comment

Hello, as a big HTML fan I also have a solution:

 

You could use a normal hyperlink:

<a href="https://www.geocaching.com">text</a>

You can use the target variant, but it can't be used here. But you can use a window.open via Javascript. This looks like this:

<a onclick="window.open('https://www.w3schools.com')">text</a>

 

Hope I could help ;-)

 

  • Funny 1
Link to comment
On 1/31/2022 at 9:25 AM, barefootjeff said:

I haven't tried it, because sure as hell if I do I'll be flooded with targeted marketing from the advertiser for the next month, but I'd be willing to wager that if I clicked on that ad there wouldn't be a Hey wait! popup warning me not to.

 

For completeness, I used a sacrificial PC to try clicking on the advertising image on the right side of a cache page. As expected, there was no Hey wait! popup, it just went straight to the external page (in this case, the website of a real estate business in Wollongong).

  • Upvote 2
  • Funny 1
  • Surprised 1
  • Helpful 1
Link to comment

My solution was to create a simple userscript that overrides the event listener that does the click hijacking, and adds the target="_blank" attribute to every link in user-provided cache content. No more need to worry about where the link is going to open.

 

The latter part will be useful even when this current silliness goes away.

  • Helpful 1
  • Love 2
Link to comment
On 1/31/2022 at 6:23 PM, Bl4ckH4wkGER said:

We have reopened the conversation with our Legal and Engineering department in an effort to find a solution that meets both, liability concerns and player pain points.

So it's "lawyers' demands" vs. "user friendliness"? I have a hunch how that will end ... :rolleyes:

  • Upvote 1
  • Helpful 1
Link to comment
On 2/2/2022 at 7:41 AM, mustakorppi said:

My solution was to create a simple userscript that overrides the event listener that does the click hijacking, and adds the target="_blank" attribute to every link in user-provided cache content. No more need to worry about where the link is going to open.

 

The latter part will be useful even when this current silliness goes away.

 

please share this script!

Edited by Mars Express
  • Love 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...