Hey Alan, if I ever click "remember me" on the page, it should always be checked when I come back to post something to signify it remembered me. If I uncheck it, then it should forget about me.
Back to the High Programmer's Blog
Hey Alan, if I ever click "remember me" on the page, it should always be checked when I come back to post something to signify it remembered me. If I uncheck it, then it should forget about me.
Mozilla has both pop-up blocker, an indicator in the bottom bar that a pop-up has been blocked, and the option for Adblock as well. I'm not saying that Firefox isn't the bomb, but why should I switch from Moz?
Compared to Moz, Firefox is only incrementally better. Unsurprising, since they both share the same core. Still, I was a Mozilla user for many years and changed to Firefox yesterday. I think it's worth the effort. All in all I viewed it as the next version of Mozilla. Really, my front page plea was more to people using Internet Explorer, who really deserve much, much better.
Stuff I'm liking:
- Alerts you when there are updates to Firefox itself or any extensions you've installed. It can automatically install an updated extension. The alert is a discrete little marker in your menu bar.
- Faster startup.
- The interface feels "cleaner". Mozilla is a giant beast with piles of options. Firefox does a good job of eliminating the unnecessary junk and reorganizing what remained.
Stuff I'm not sold on yet, but seem cool:
- "Live bookmarks". Your bookmark folder can actually be a live feed from another site. For example, you can have a bookmark folder that always contains the last 10 stories from the BBC or the New York Times. http://www.mozilla.org/products/firefox/live-bookmarks.html Not so useful to someone using a full blown RSS Aggragator like Sage (which is a Firefox extension (http://sage.mozdev.org/)) or Bloglines (http://www.bloglines.com).
Alan's recommended extensions:
- Link Toolbar provides handy buttons for following "Next Page", "Previous Page", "Up", "Index" and the like links. It's a quick and handy way to move through multipage documents. Mozilla has this functionality built in, but you need an extension with Firefox. Instead of taking a whole new toolbar, Link Toolbar places itself in the status bar. http://cdn.mozdev.org/linkToolbar/
- Adblock will reduce the amount of crap you're seeing. http://adblock.mozdev.org/
- Web Developer Extension is the power user's toy. It includes way more functionality than a typical web browser needs. If you do web design or just like having lots of unnecessary control over web pages, it's cool. http://www.chrispederick.com/work/firefox/webdeveloper/
Putting the link toolbar in the status bar seems like a good idea. I hate it when I go to a site that uses it and it pops the whole page down, and I don't really like having the link toolbar up all the time either.
I'm not sure how many people use this feature though. I have it up for PJ, but not my other comics. The only users I'm sure use it are web robots.
I use Moz at home and Firefox at work. I haven't updated Moz recently, but Firefox 1.0's usability trumps whatever version of Moz I have.
Is Firefox stable? I know that was a concern a while ago. I guess if it's at 1.0, it must be...
After using it for a few days, I must say that it is very fast. I like that very much. It just seems so much cleaner too.
Something Firefox still lacks is a "block flash objects from this address" when I right-click on a flash advertisement. I can block the less-obtrusive ad banners, but not flash? Flash ads are evil and I hate them
And yes I could uninstall flash, but I loves me the video games!
Re: Flash blocking
Two options:
Adblock will happily purge Flash ads. http://adblock.mozdev.org/
Another option is to us Flashblock. It replaces all Flash objects with a logo. Click the logo to load the flash. The extension is here: http://flashblock.mozdev.org/ or you can use the original: http://www.squarefree.com/userstyles/xbl.html
This is a test message.
If it works, I've added some additional tags and functionality.
How about you add some articles.... *grin*
I second that motion.
Yeah. I've wasted an awful lot of time typing 'www.hig<down arrow><enter>' and not getting new Alanwackiness. This saddens me. And I find the new comments here distinctly underwhelming. Though, as you've said
Alan wrote:
If it works, I've added some additional tags and functionality.
Hm. That was surprisingly satisfying. Also reasonably tamper-resistant.
Ooof, good catch Ben. Thanks. I'll have to beat that into submission. Upon reflection I believe QUOTE to be reasonably safe, but the URL needs serious contemplation. Probably the easiest option is to forbid quotation marks in URLs.
As for all the people wanting content: I'll see what I can do. I've got a backlog of stuff, but it's hard to find the time to polish it enough. I'm trying very hard to only post the sort of thing I enjoy reading on random blogs. (See my blog roll for examples.)
For those who (for some bizarre reason) want more stuff from me, try my LiveJournal feed. (Table-folk will likely be bored, as it's basically the stupid links I post to table.)
I also recommend using an RSS aggragator (Bloglines rocks). It's a much easier way to track blogs, including those that only post very irregularlly.
Wow!! Great Website!! I'm a programmer too, but very bad designing websites! Very beautiful
That is an uglily good catch Ben. :)
Alan, php has a $strip_tags function built into it. I used the following to elaborate this out into a decent functionality (borrowing heavily from php_manual commenters, of course) :
$allowedTags = '<b><i><a><li><strong><em><pre><blockquote>';
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'. 'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup';
function removeEvilAttributes($tagSource) { global $stripAttrib; return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource)); }
function removeEvilTags($source) { global $allowedTags; $source = strip_tags($source, $allowedTags); return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source); }
Alan:
The file Not Perfect links to is the [URL] tag I used to create it. Let me know when you no longer need that.
Michael:
I don't know PHP, but it looks as if your code, while probably useful, doesn't fix what I did. I could be wrong, of course. Check out the NP link if you're curious what exactly is broken.
Alan again:
Once you've fixed the tag processing, feel free to get rid of the not perfect and/or turn it into text-only.
Alan a third time:
I gently poked QUOTE and it played nice. Trying to add HTML failed because you're turning < into <, but URL let me get inside a tag that already existed. I don't think I could abuse it to insert any more tags, but I could probably turn Anchor into a block-level element and get a picture into it as a background, with the appropriate height and width tags. Also javascript mouse events as Michael noted, &c.
The other tags seem safe. I tried (ab)using QUOTE with HTML comments to insert text into the body of the <strong> tag, but no dice. The other tags don't seem particularly promising as attack vectors.
The URL loophole Ben found has been beaten into a pulp.
