SitePoint Sponsor

User Tag List

Page 2 of 2 FirstFirst 12
Results 26 to 34 of 34
  1. #26
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    I'm ignorant of JS, but couldn't they just set a rule that getComputedStyle() can't be combined with :visited?
    Someone can set a padding on visited links, and then you can just figure out the position of some other element below the visited link. If it moved, then you know the link was visited. There are also other clever ways of going around the mere blocking of getComputedStyle().

    I don't know why Stomme poes continues to rant. He's now throwing dirt onto Safari and Firefox for choosing the right decision of supporting the optional bits in PNG images that specifically tell how the displaying program should manage the colors in the image. What, crazy to actually follow the PNG specification?!

    And on whether one should violate a spec, consider this: Say a spec exhibits a major security hole -- is it unreasonable to fix this security hole immediately, rather than letting your users run the risk of getting exploited as your proposal is considered? Regardless, even if Mozilla proposes this to the standards community (assuming that they haven't), and the community decides to fix the problem, you still end up at square one: unable to use a large number of CSS properties. Vying for a proposal to come before action is just playing with dice, hoping that others don't see the need to fix this exploit.

  2. #27
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,272
    Mentioned
    50 Post(s)
    Tagged
    2 Thread(s)
    I don't know why Stomme poes continues to rant. She's now throwing dirt onto Safari and Firefox for choosing the right decision of supporting the optional bits in PNG images that specifically tell how the displaying program should manage the colors in the image.
    I'd be happy enough if it simply wasn't on by default. Webmasters shouldn't have to go back and change thousands of images for a browser because it happens to have this stuff on by defualt (who wants to talk a client through about:config?)

    http://hsivonen.iki.fi/png-gamma/

  3. #28
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A few lines of code easily changes thousands of images, and then it's merely a matter of uploading the new files. Safari 2, the last major foothold on problematic color correction, has also been out for more nearly five years now, so it is fully a web developer's fault if s/he embedded color correction information in his/her PNG images, somehow expecting the images to look right with CSS color values. This leads us back to what I have been suggesting: don't put color correction in your images if you don't want them color corrected, and the problem is that CSS doesn't support color profiles.

    It's also not reasonable to talk the clients of photographers through about:config so that their photographs don't look flat and dull. At least with color correction on though, webmasters can do something to disable it on their own, whereas photographers cannot do anything to turn on color correction in the other situation. We also end up with a very problematic situation where there will be people who have it on and others who don't.

  4. #29
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,272
    Mentioned
    50 Post(s)
    Tagged
    2 Thread(s)
    I apparently do not have the option of removing profiles in my editor:

    Quote Originally Posted by sven neumann
    The Image Properties dialog for example
    will show you "sRGB built-in" for an image that has no profile attached.
    Yup, that's what I have when I make PNG's. In fact, because I have not downloaded any profiles, that's my only option, and it's supposed to mean "none". I should not have to excessively play with images or editors to make them work in browsers where previously they worked just fine. Nor do I want browsers trying to guess what profile my personal monitor is using if they can't get it right (FF 3.5+ on two Windows machines do not show a problem, but Macs and Linux do). People should have to turn "correction" on, not off.

  5. #30
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No profile attached = shouldn't have the problem. However, if it's not way, then your PNG images are indeed tagged. Check your images with TweakPNG to see if there are any color management related chunks.

    Either way, it's not a browser vendor's fault if the program you use isn't capable of doing something.

    Also, Firefox and presumably Safari get the color profile information from the system, so they don't guess any more than your system does.

  6. #31
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,272
    Mentioned
    50 Post(s)
    Tagged
    2 Thread(s)
    Also, Firefox and presumably Safari get the color profile information from the system, so they don't guess any more than your system does.
    I've wondered if that had something to do with why some OSes have mismatched colours and others don't. What I don't know is if an OS running on an OS (Windows running on a Virtual Box running on Linux) has a separate system profile or not, seeings how they are using the same monitor.

    ---------------------------------------------------------------------------

    (I've been dragging this way off topic)

    In any case, the question seems to be, will other vendors jump onto the :visited protection scheme? And how will this actually work once it gets implemented.

  7. #32
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,023
    Mentioned
    63 Post(s)
    Tagged
    0 Thread(s)
    Occam's razor suggestion - but if this is really a problem why not have the browser load all images linked in the CSS file immediately whether it needs to display them or not? That would foil the privacy issue while retaining legitimate use. There's a cost in bandwidth, but I think it's a fair cost for the flexibility requested.

    BTW, as long as css background positioning isn't affected I don't care. When I do use a visited state to a link button it's going to be part of a larger CSS sprite.

  8. #33
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Presumably that would still leave the door open for timing attacks, since images bog down the rendering process.

  9. #34
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,023
    Mentioned
    63 Post(s)
    Tagged
    0 Thread(s)
    Explain.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •