homepage Welcome to WebmasterWorld Guest from 50.19.206.49
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
Firefox 23 Released To Download, New Developer Options
engine




msg:4599783
 5:15 pm on Aug 6, 2013 (gmt 0)

Looks like the new options might be interesting in this release. There's a new options panel for Web Developer Toolbox.

This sounds interesting:
Mixed content blocking enabled to protects users from man-in-the-middle attacks and eavesdroppers on HTTPS pages


In developer toolbox:
New feature in toolbox: Network Monitor


and
Social share functionality


[mozilla.org...]

 

DrDoc




msg:4599792
 5:25 pm on Aug 6, 2013 (gmt 0)

Quite interesting. Will have to take her on a test drive.

dstiles




msg:4599816
 7:10 pm on Aug 6, 2013 (gmt 0)

The mixed-content blocking by default is good. I've had it set to block for years and build websites accordingly.

I also set FF to block all but well-known javascripts, a precaution born out by reports from the current/recent black-hat conference where they say categorically that the internet is "badly broken" (I've been saying that for many years now!) and unlikely to be easily or quickly mended. One of the major broken bits is javascript, which is now a major phishing/virus vector in all browsers. Not only is it dangerous in itself but could be fed to a browser via adverts - very worrying given most advertising companies' poor security checks.

I think FF needs to be improved a LOT more, including full provision for the latest TLS protocol - TLS/1 is another exploitable protocol.

Firefox is still, in my opinion as a daily and frequent user, one of the best and safest of browsers but it could be a lot safer, within the context of a badly broken internet.

Lots of info about all of this on threatpost[dot]com.

bill




msg:4599891
 1:53 am on Aug 7, 2013 (gmt 0)

The big news I noticed was that they have dropped support of the
<blink> tag

;)

commanderW




msg:4599892
 1:55 am on Aug 7, 2013 (gmt 0)

I've been reading about this new release for a while. 3 things that caught my eye:
    the defeat of browser hijacking
    the deletion of javascript option
    the death of blink

1- Disarming Browser Hijackers When we type something into the URL bar, other than a URL, Firefox does a search on it. The default engine is Google. This can be controlled with the preference 'keyword.URL' in 'about:config'. Apparently, malware creators and unscrupulous add-on developers have been using this preference setting to type in their own landing pages. Sometimes it's ads, sometimes it's a drive-by.

Jorge Villalobos, Add-ons Developer Relations Lead for Mozilla, says [blog.mozilla.org ]
keyword.URL has been the bane of our support team since pretty much ever. It is changed by most unwanted add-ons, pointing to unwanted search engines, with highly unwanted results. With this bug fixed, the URL bar now uses the selected search engine from the search box as the keyword search. While this will be an annoyance to power users in the short term, it should be easy to override with an add-on.

And this statement from the Bugzilla forum where the proposal to change the keyword.URL preference was discussed
[bugzilla.mozilla.org ]
50% of release users have the keyword.url pref set to something other than default which can only be done by editing about:config or by an external application. I think it's safe to assume these are being changed by external applications like software and add-on installs. Historically this is the largest issue reported to support.

and also this one-
[bugzilla.mozilla.org ]
50% of our users have a non- standard keyword.URL

make it very clear!

So what they've done is eliminate 'keyword.URL' and now the default search engine in the URL bar is the same as the one in the 'search bar'. The user can change both by clicking on the arrow next to the icon on the left side of the bar. I guess the idea is that there is no preference to reset except the one controlled by the search bar, and that if that gets changed the user can change it back. Here's hoping for the best for the beleaguered Firefox team.

2- The 'Enable Javascript' button has been eliminated [developer.mozilla.org ] I checked this out and it's true. It's not there anymore! In 'Options' (In the 'content' panel). In light of all the security risks and known exploits recounted in the post above by dstiles;
One of the major broken bits is javascript, which is now a major phishing/virus vector in all browsers. Not only is it dangerous in itself but could be fed to a browser via adverts

this seems like an odd move. I don't know what to make of it. However, as it says in the link- users can still turn off javascript in 'about:config' (Just type that into your URL bar, if you don't already know), by finding the preference 'javascript.enabled' and clicking on it to change it from 'true' to 'false'.

Furthermore some other buttons in options have been eliminated (though I don't really care about them :) [mozilla.org ] "Load images automatically", and "Always show the tab bar"

3-The Death Of Blink [developer.mozilla.org ]
Now I'm pissed! I have used the CSS text-decoration: blink; ever since my first web site. Judiciously. In my nav towers, boxes, and bars, in particular. It is a usability factor. It enhances navigability and legibility. Only Firefox and Opera have supported it, but I've put it in as a little bonus for these users :(.
You can read the all too festive discussion on implementing this move in the Bugzilla forum.
[bugzilla.mozilla.org ] Celebrated CSS guru Eric A. Meyer drops in to make a few comments.

commanderW




msg:4599893
 2:07 am on Aug 7, 2013 (gmt 0)

Thanks for noticing Bill, glad somebody cares :)
If you are viewing the page in the link in Engine's original post, with Firefox (but not FF 23), the entry announcing the death of blink is freaking blinking!

ken_b




msg:4599894
 2:24 am on Aug 7, 2013 (gmt 0)

The 'Enable Javascript' button has been eliminated

Somebody tell me why this is a good idea.

I turn JS on/off several times a day depending on what site I'm headed for, so this would be a big inconvenience.

.

commanderW




msg:4599896
 2:47 am on Aug 7, 2013 (gmt 0)

No worries ken_b an add-on developer will almost certainly have a 'turn javascript on/off button' before the end of august :). They can call it 'JavaScrew'.the button that fights back!

Until then, I have discovered that you can bookmark search results pages in 'about:config'. It works like this-

type "about:config?filter=javascript.enabled" (without the quotes :) into your URL bar. You will get the preference you need, and one other (at least on my version FF23) on a page in your browser window. Just bookmark it into the bookmarks toolbar in the normal way. Give it a name, something like, I don't know, "JavaScrew". Then, when you want to turn javascript on or off, you can simply click on this entry in the bookmarks toolbar, then double click on the item in the resultant webpage, and voila!

Best of all, I just tested it on a page with javascript and I did not have to restart Firefox for the change to take effect. I reloaded the page after changing the javascript preference and it was different. I tried this back and forth 3 times.

(edited 45 min. later because I gave the wrong instructions. These are now correct!

lucy24




msg:4599915
 6:46 am on Aug 7, 2013 (gmt 0)

I have used the CSS text-decoration: blink; ever since my first web site. Judiciously.

It is not every day that you see the words "judicious" and "blink" in the same paragraph. I was horrified to learn that any browser, anywhere, still supports either form (tag or attribute).

:: detour to CSS3 text-decoration module with depressing results ::

graeme_p




msg:4599918
 7:14 am on Aug 7, 2013 (gmt 0)

The blink effect is easily replaced with Javascript.

Very few people turn off Javascript, and because more sites require Javascript fewer people are doing it - I have up using NOScript because it was too much hassle. There are already several good JS blocking extensions.

drhowarddrfine




msg:4599958
 11:57 am on Aug 7, 2013 (gmt 0)

@ken_b Less than 2% of the internet has javascript turned off. Many web sites will not code for browsers that have less than 10% usage. So it's a feature hardly anyone uses.

Plus, the modern web is heavily based on javascript and far more is coming down the pike and a lot of it is available now. You'd see much more javascript pages around but it takes a while for older sites to come up to speed.

I have a new client who has no interest in making pages that work without javascript. It's an e-commerce site for products he sells and he says he has never not used javascript and doesn't want to pay anyone for the time to make it so. He's never had a complaint and, once, one of his developers wrote a script to detect how many of their visitors didn't have it on and the result was zero.

lucy24




msg:4599973
 12:16 pm on Aug 7, 2013 (gmt 0)

Where's the ROFL icon when you need it?

:: shuffling papers ::

Oh, here. (Site name suppressed, duh.)
/images/smilie/froehlich/a065.gif

#1 visitor arrives on site
#2 visitor discovers that site will not work
#3 visitor leaves in disgust
#4 site studies visitors to inner page and discovers that 100% of them have the software configuration required by site

graeme_p




msg:4599974
 12:32 pm on Aug 7, 2013 (gmt 0)

Lucy, no, because you can detect visitors who did not have JS on at step 1.

Of course you need to look at new, not returning visitors.

The numbers for JS off are very low even on sites that work perfectly without JS.

It is also perfectly easy to notify visitors why the site is not working, and those who turn off JS should know how to turn it back on.

bhonda




msg:4600016
 3:39 pm on Aug 7, 2013 (gmt 0)

One of the major broken bits is javascript, which is now a major phishing/virus vector in all browsers

Sure you don't mean Java there?

brotherhood of LAN




msg:4600018
 3:47 pm on Aug 7, 2013 (gmt 0)

I use the javascript on/off button sometimes, if it's in about:config instead, no big deal.

I hope their web dev tools can be switched on and off, I might want to scour the DOM for a particular site, but not on every page load. Alas, that's why firebug gets turned off and on all the time, for me... as it slows it all riiight dowwwnnn... particularly for JS heavy sites manipulating the DOM.

drhowarddrfine




msg:4600031
 4:02 pm on Aug 7, 2013 (gmt 0)

those who turn off JS should know how to turn it back on.
That's another point I always like to make. Those who turn it off know what they're getting into and know what to do.
commanderW




msg:4600050
 5:25 pm on Aug 7, 2013 (gmt 0)

Many people, and I mean many many people, have to turn javascript off and back on for a single page. On occasion, a site uses javascript to disable the context menu. There are a lot of reasons to need the context menu on a particular page. Right now I can't think of all the other different reasons I have had over the years to disable javascript. It seems to me that when sites started serving up javascript with ruby, and it was crashing my Safari browser, that I was able to work around this by turning off javascript (can't recall if this worked for sure or not, but I think this was the case) But the reasons are endless, and it is definitely a necessity to have the option.

I just love blink. And In reading, I am very sensitive to annoyances, since I drink a lot of coffee. Also, I am a bit of a perfectionist. Yet, I have found it to be a very handy signifier for something of particular importance on a web page, that the viewer needs to know is there. This is usually a nav link. But it can be an announcement, a warning, etc. If placed on the page with politeness and forethought, it is a usability aid. Or at least it was :)

Well, that's it for me, at least for a while. I'm traveling with no computer. Using portable apps on a thumb drive. And this morning I discovered that my thumb drive has been stolen in a library for the 4th time! Lost most of my work each time. I can't do much without it. I'm tired and moving on.

Thanks everyone for everything. Hope I get back on the web with some new hardware someday, but I'm giving up today. Going to spend some time watchimg the sunsets and maybe eat some ice cream. Ciao for now...

drhowarddrfine




msg:4600057
 5:42 pm on Aug 7, 2013 (gmt 0)

@commanderW Your reasons for people needing to do this are problems with the site that should be fixed. Also, blinking can be done with CSS, where it belongs, or javascript.

ken_b




msg:4600062
 6:07 pm on Aug 7, 2013 (gmt 0)

I'm aware of other ways to turn JS on/off and that most people surf with it on.

I'm still waiting for someone to tell me why removing the easy option button/checkbox is a good idea.

drhowarddrfine




msg:4600079
 6:55 pm on Aug 7, 2013 (gmt 0)

Cause no one uses it and they can use the space for something else. It's also something else that doesn't need maintaining or testing.

graeme_p




msg:4600086
 7:16 pm on Aug 7, 2013 (gmt 0)

Many people, and I mean many many people, have to turn javascript off and back on for a single page. On occasion, a site uses javascript to disable the context menu.


FF 22 and below let you prevent JS from disabling the context menu. Hopefully we can still do that from about:config.

dstiles




msg:4600111
 8:14 pm on Aug 7, 2013 (gmt 0)

commanderW - my tirade was using yesterday's FF. Linux upgraded to 23 today. :)

An add-on to turn JS on/off - surely you're all using NoScript!? Anyone not using that excellent add-on is simply asking for trouble. It does FAR more than turn JS on/off.

bhonda - no, javascript: it's been a vector for a few years at least and SHOULD be turned off in browsers unless absolutely required and on a known good site - although even that is no guarantee nowadays. I only use javascript for forms completion, and even then the forms work well without it: it's mostly a leftover on old sites.

Java has been a known virus vector for a decade or more and anyone in their right mind has it turned well off!.

drhowarddrfine




msg:4600127
 9:08 pm on Aug 7, 2013 (gmt 0)

Java has been a known virus vector for a decade or more and anyone in their right mind has it turned well off!.
Um. Java is not Javascript.

But I'm entering my 10th year of developing for the web. I've never met a developer, or any technical person, who ever turned js off. Sitting here in a client's office, I look at the five others here who are coding like mad on many different systems and I don't have to check to see if any have js off. The guy next to me is snickering as I write this.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved