Archive for the ‘HTML’ Category

Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

October 15th, 2019
In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the browser. Firefox browser has 45 such internal locally-hosted about pages, some of which are listed

Posted in arbitrary code execution, browser hacking, browser security, Firefox, hacking news, HTML, JavaScript, javascript exploit, javascript injection, Web developer | Comments (0)

Google brings AMP to email, turning your inbox into an app

March 26th, 2019
Lightning blazes across the night sky.

Enlarge / Lightning bolts have currents from 5,000 up to perhaps as many as 200,000 amps. (credit: John Fowler / Flickr)

Google is bringing AMP, its cut-down version of HTML, to email. Starting today, Gmail on the Web will be able to support embedded AMP content, with support rolling out to mobile clients later. Gmail will also be joined by Outlook.com, Yahoo Mail, and Mail.Ru, with their respective developers promising to add support soon.

AMP for email isn't just a warmed-over version of email with HTML formatting. The embedded AMP content will be able to offer features such as interactivity without having to click away from your inbox. For example, an online store could send you an email about a product or promotion you're likely to be interested in, and the AMP embed could allow both scrolling through pictures of the products and even initiate the purchasing process. Or Pinterest could email you a selection of the day's popular items and you could pin them directly from your inbox.

Accelerated Mobile Pages were introduced by Google in 2015 as a narrow set of HTML, JavaScript, and CSS capabilities that produced pages that are fast to download and render, could easily be packaged together, and were amenable to being embedded in, for example, Google search results pages. JavaScript features were limited to those offered by a Google-supplied library. This greatly curtails the range of things that pages can do in favor of being extremely cache-friendly and having consistently good performance.

Read 2 remaining paragraphs | Comments

Posted in AMP, gmail, google, HTML, Mail, Outlook, standards, Tech, Web | Comments (0)

With experimental “Never slow mode,” Chrome tries to stop Web devs making it slow

February 6th, 2019
The word SLOW has been painted on a street for the benefit of drivers.

Enlarge / Google wants less of this. (credit: Vegansoldier / Flickr)

Since Chrome's very first release, performance has been one of Google's top priorities. But Google is against a competing force: Web developers. The Web of today is a more-complex, bandwidth-intensive place than it was when Chrome was first released, which means that—although Internet connections and the browser itself are faster than they've ever been—slow pages remain an everyday occurrence.

Google engineers have been developing "Never Slow Mode" in a bid to counter this. Spotted at Chrome Story (via ZDNet), the new mode places tight limitations on Web content in an effort to make its performance more robust and predictable.

The exact design and rationale of Never Slow Mode aren't public—the changelog for the feature mentions a design document but says it's currently Google-internal. But taken together, that design and rationale will ensure that the browser's main thread never has to do too much work and will never get too delayed. They will also ensure that only limited amounts of data are pulled down over the network. This should make the browser more responsive to user input, lighter on the network, and a bit less of a memory hog than it would otherwise be.

Read 4 remaining paragraphs | Comments

Posted in browsers, chrome, Chromium, google, HTML, Open Source, Tech, Web | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

Here’s Top 10 Popular Programming Languages used on GitHub

August 21st, 2015

Open Source is the Future of the computer science world!

On Wednesday, the popular coding website GitHub shared a graph that gives a closer look at the popularity of different programming languages used on its code sharing website that lets anyone edit, store, and collaborate on software code.

Since its launch in 2008, GitHub saw various programming languages picking up momentum, as

Posted in C++ programming language, GitHub, HTML, java software, JavaScript, PHP code, Python, Ruby on Rails | Comments (0)