|
fuf posted:Wordpress thread recently reminded me about https://www.google.com/recaptcha I've had a look at that, the problem is what you do if JavaScript is turned off? There's a noscript version but it's not much use if I don't process the form on my server.
|
# ? Oct 14, 2016 12:48 |
|
|
# ? May 16, 2024 04:48 |
|
If you want to validate this data beforehand, why don't you just implement a proxy on a server you control? I.E. Have the form send data to your server, where you can validate it, and then send fully validated data to their form's endpoint? I don't really see how you can achieve this any other way and thinking about javascript being turned off is really a red herring imo.
|
# ? Oct 14, 2016 16:10 |
|
Coffee Mugshot posted:If you want to validate this data beforehand, why don't you just implement a proxy on a server you control? I.E. Have the form send data to your server, where you can validate it, and then send fully validated data to their form's endpoint? I don't really see how you can achieve this any other way and thinking about javascript being turned off is really a red herring imo. I figured that would be one way to go. You know who doesn't use javascript? Spambots.
|
# ? Oct 14, 2016 17:12 |
|
nexus6 posted:I figured that would be one way to go. eh i've dealt with a TON of complete browser spambots and scrapers, that execute js and all (so I just feed them while(true) loops)
|
# ? Oct 14, 2016 19:21 |
|
Lumpy posted:Anyone used Affinity Designer? (https://affinity.serif.com/en-us/ui-design-software/) I love me some Sketch, but there's some things I don't like about it, and this seems pretty cool. ddiddles posted:Same here, been running a mac VM for sketch, but its a pain. Trip report. https://www.youtube.com/watch?v=kRz8-EXlhBo
|
# ? Oct 14, 2016 21:41 |
|
I just finished a single page django website portfolio with the following stats: Page size 7.9 MB Requests 83 Load time 2.40 s First, are these decent speeds? I tried keeping all images under 200kb. The majority of the requests are for images that I was thinking I could use a jQuery plugin to not load them until details for a specific project and its images are opened. I was also going to move all the requests for jQuery plugins to CDNs. The remaining requests are for Google fonts, style sheets, and some other images that appear always on the page. Edit: The only thing pingdom.com says I failed on is "Leverage browser caching". I imagine a person is only going to visit my website once so I don't think that'd be useful? huhu fucked around with this message at 05:49 on Oct 15, 2016 |
# ? Oct 15, 2016 05:45 |
|
huhu posted:I just finished a single page django website portfolio with the following stats: The fact that they will visit only once probably means 2.4s per page load is actually hella slow.
|
# ? Oct 15, 2016 13:05 |
|
huhu posted:I just finished a single page django website portfolio with the following stats: CDNs for scripts and lazy loading are all well and good, but a 7.8mb page and 83 requests are still quite a lot. Are you bundling your scripts?
|
# ? Oct 15, 2016 15:50 |
|
Coffee Mugshot posted:The fact that they will visit only once probably means 2.4s per page load is actually hella slow. It's 2.4s for the entire single page website. Home, about, list of projects, and 18 project "pages", in total. Is that still too slow? chami posted:CDNs for scripts and lazy loading are all well and good, but a 7.8mb page and 83 requests are still quite a lot. Are you bundling your scripts?
|
# ? Oct 15, 2016 16:30 |
|
Are you loading fonts together (x|y|z) in a single request if it's googlefonts? Also, if you have some titles/logotype that only uses that font, you can restrict the font to only serve those letters, often resulting in a ~1-2KB file from fonts.googleapis.com
|
# ? Oct 15, 2016 20:17 |
huhu posted:It's 2.4s for the entire single page website. Home, about, list of projects, and 18 project "pages", in total. Is that still too slow? I'm assuming 2.4s is the total time before the browser stops working, but how long does it take from clicking the website's link to seeing content?
|
|
# ? Oct 15, 2016 20:38 |
|
gmq posted:I'm assuming 2.4s is the total time before the browser stops working, but how long does it take from clicking the website's link to seeing content?
|
# ? Oct 16, 2016 00:41 |
|
Biowarfare posted:Are you loading fonts together (x|y|z) in a single request if it's googlefonts? Also, if you have some titles/logotype that only uses that font, you can restrict the font to only serve those letters, often resulting in a ~1-2KB file from fonts.googleapis.com What? I had no idea about that, that's amazing. Thank you!
|
# ? Oct 16, 2016 21:22 |
|
When you try and verify a google search console property using an existing analytics tracking code it says: "Your tracking code should be in the <head> section of your page." I've always put the tracking code in the footer because of the standard advice to put javascript near the bottom so it doesn't block page rendering blah blah blah. Is there an advantage to putting it in <head>? e: bonus search console question: do I really need to add the www and non-www versions as two distinct properties for every single site? fuf fucked around with this message at 13:04 on Oct 17, 2016 |
# ? Oct 17, 2016 12:59 |
|
fuf posted:When you try and verify a google search console property using an existing analytics tracking code it says: This is somewhat old advice. Chrome will now block on any script tags, no matter where they are, so may as well just put them in <head> to keep things clean.
|
# ? Oct 17, 2016 14:58 |
|
fuf posted:When you try and verify a google search console property using an existing analytics tracking code it says: I was under the impression that putting it in the head allows Google to track things before the rest of the page loads. So if your page is slow and a user clicks a link before it's fully loaded that click will still be tracked.
|
# ? Oct 17, 2016 15:36 |
|
I was under the impression that it was defer async anyway so it doesn't matter, all google properties serve web traffic over UDP anyway, and putting at the bottom was old-style to prevent synchronous scripts from blocking until rendered
|
# ? Oct 17, 2016 17:07 |
|
fuf posted:When you try and verify a google search console property using an existing analytics tracking code it says: Google tracking builds up a run time object with events to send async for logging, it would appear some event is ready to be tracked but the record has not been defined yet.
|
# ? Oct 17, 2016 17:27 |
|
I don't know how many of you guys are ecommerce based, but maybe keep an eye on "too good to be true" orders for a while, as the normal Q4 fraud season is starting up again. Be especially wary of orders from Florida in the states and Quebec in Canada. Seen about $100,000 combined across several client properties in the last two weeks. Just burns my butt we can't get any of these people arrested, since I have all the info: a phone number, an ip address, and a shipping address, enough at least to start an investigation. But since it's all cross border, the local law enforcement doesn't care, and national law enforcement only cares about the big stuff.
|
# ? Oct 17, 2016 20:02 |
|
Scaramouche posted:I don't know how many of you guys are ecommerce based, but maybe keep an eye on "too good to be true" orders for a while, as the normal Q4 fraud season is starting up again. Be especially wary of orders from Florida in the states and Quebec in Canada. Seen about $100,000 combined across several client properties in the last two weeks. You're in ecommerce so there's something I've been trying to figure out: wtf is the point of 3dsecure in the states? I have to use it every single time I pay my european service providers and it just redirects me to a random domain without a EV cert with a long random subdomain that just has an empty page with a submit button. My bank clearly supports 3DS in some way by returning a valid ok response, it just doesn't prompt me for any information or anything at all, and the domain is a wholly unrelated domain without any indicators of the company backing it in a random popup. There is no JS executing to collect system information either, it's just literally a <form><input type=submit><input type=hidden></form>
|
# ? Oct 17, 2016 20:27 |
|
Yeah I've implemented it a few times (as Verified by Visa/Mastercard Securecode/AMEX Safekey), usually with a custom XML handler of some kind. The idea is that a transaction is verified by 3 different interest holders using a verification scheme (password, token, etc.) specific to the card being used. Those gobbledygook domains are usually some kind of outsourced third party since every single crappy little bank that issues cards doesn't have the IT infrastructure to support the authentication server, and most of the big banks are all using the same third party mega company (emv I think). They used to be hot on it (I remember Visa required it at some point for level 1 processors), but the whole standard is in specifications hell right now apparently with some guys using version 1.0 and other guys investing in draft versions of 2.0. In my opinion from a security standpoint it's basically another CVV check that goes through different servers. Again, in my opinion, it was a flawed idea and execution resulting in end-user resentment from an extra step, an actual reduction of confidence due to the weird interstitial domains, and introduced yet another point at which MiTM can happen without any tangible benefit. Others might disagree though.
|
# ? Oct 17, 2016 22:05 |
|
Can anyone explain In case it's not clear, that element's set to display: table-cell* on the element, but the computed display type is block. The hell? *yes, I hate twisting divs into table-based layout, too, but I didn't start this thing and I don't have time to re-do it all
|
# ? Oct 17, 2016 22:08 |
|
What's the context?
|
# ? Oct 18, 2016 00:02 |
|
When I did some older websites, I didn't realize that only (555) 555-5555 style numbers get auto-translated into click-to-call for mobile browsers, while things like 555-555-5555 or 555.555.5555 wouldn't. Is there some jQuery I can plug in that will translate those numbers into click-to-call links, or do I have to go in to all my old sites and manually code in the href="tel:" thing?
|
# ? Oct 18, 2016 06:19 |
|
kedo posted:What's the context? Form layout, or do you mean you want to see more styles?
|
# ? Oct 18, 2016 14:54 |
|
Munkeymon posted:Form layout, or do you mean you want to see more styles? I'm wondering what its containing elements are and what styles they have.
|
# ? Oct 18, 2016 14:58 |
|
kedo posted:I'm wondering what its containing elements are and what styles they have. http://imgur.com/a/iAv6Q Sorry about the screenshots - I'm trying not to leak company details.
|
# ? Oct 18, 2016 16:23 |
|
Munkeymon posted:http://imgur.com/a/iAv6Q Its that float:left on granpa https://www.w3.org/TR/CSS2/visuren.html#dis-pos-flo
|
# ? Oct 18, 2016 17:01 |
|
BJPaskoff posted:When I did some older websites, I didn't realize that only (555) 555-5555 style numbers get auto-translated into click-to-call for mobile browsers, while things like 555-555-5555 or 555.555.5555 wouldn't. Is there some jQuery I can plug in that will translate those numbers into click-to-call links, or do I have to go in to all my old sites and manually code in the href="tel:" thing? I imagine you could write a script that uses regex to go through and replace all of the phone numbers to clickable versions on page load.
|
# ? Oct 18, 2016 17:06 |
|
Kekekela posted:Its that float:left on granpa It doesn't say that applies to children, though? Otherwise you couldn't float a table.
|
# ? Oct 18, 2016 19:00 |
|
I am sofa king stupid. I astound myself at how little I actually know. Please help or kill me. The goal: - Submit a form offsite from a popup overlay - Validate the data inputs - Display a 'thank you' message, keeping the user on the page This first portion below is the form processing (popform). It works great - except the form validation doesn't work in Safari (because html5 and 'required'). It does everything else I need it to: namely validating (again, except in safari) and then posting the form data offsite without leaving the page, instead showing the pretty 'thanks' div. If Safari weren't an issue, I'd be golden. It uses the class 'popform' to perform it's actions on inherited inputs. The second blob, 'hasHtml5Validation', uses the 'validate-form' class and calls a small .js file. Validation works in all browsers, except it sends the user offsite. I've tried adding both classes to the form, no go. I've tried changing them both to use the same class. Nope. Finally, as seen in the bottom chunk, I took the form processing function and put it in the 'else' portion of the 'hasHtml5Validation' code. Validation works, the form posts, but it still goes offsite. Frankly, I think that the bottom most portion makes the most sense - I think that the entire problem is that the POST is working fine, and when using only 'popform', we're good because it is making the round robin trip of POST, then GET, so the page stays intact. I just can't make them work together. code:
code:
code:
code:
|
# ? Oct 18, 2016 22:48 |
|
I don't know if this is the right place for this, I'm a sys admin and know very little about webservers, design, etc. A request came in, some folks who manage our internal web apps want us to change the 'check for a newer version of stored pages' setting in IE to "every time I visit the webpage". According to them "we deploy updates often and users will not see the updates until they refresh the page, clear their temp files etc" This can be done through modification of a client registry key, but this got me digging into things. While this would accomplish what they want it seems like it's not the best way to handle the problem. This would affect all browser client traffic on all computers in the company. It seems to me a better solution would for the web app owners to look into modifying their cache control headers for their web apps and adjust them accordingly. What would be the best way to handle this particular issue?
|
# ? Oct 19, 2016 21:42 |
|
skipdogg posted:I don't know if this is the right place for this, I'm a sys admin and know very little about webservers, design, etc. Modiflying cache headers as you mentioned is your best bet. The other thing to do is modifying filenames / appending to them when things change. For example, if your page has javascript in script.js and it changes, well, maybe the user is getting a cached version. If your filename is script.somelongassmd5hashorwhatever.js and the update makes it script.someotherhash.js then hooray, it's a new file to the browser. If for some reason the file names *must* stay the same, you can append query strings to them to attempt to cache bust: script.js?ver=timestamp so it looks different to the browser, but not to the sever. If your web guys are lazy and can't won't change the script tags (or CSS tags or whatever) in the HTML, then you are kind of screwed.
|
# ? Oct 19, 2016 23:52 |
|
Munkeymon posted:It doesn't say that applies to children, though? Otherwise you couldn't float a table. Sorry, I'm retarded.
|
# ? Oct 20, 2016 00:19 |
|
Woo big ol DDOS today: http://gizmodo.com/this-is-probably-why-half-the-internet-shut-down-today-1788062835 All the sites I work on are okay, but their hosts' site and management interfaces are MIA. This includes BlueHost, HostGator, PayPal and Braintree. Luckily I'm in Canada so the major payment processors are still online.
|
# ? Oct 21, 2016 19:22 |
|
A few weeks ago I was asking about UX/UI help for a redesign of my website (http://thesavvybackpacker.com) — specifically its navigation. I realized that I was in over my head so I'm curious how much it would cost to hire someone to help sort this issue out. And where would I find this help?
|
# ? Oct 23, 2016 17:59 |
|
nexus6 posted:You know who doesn't use javascript? Spambots. Wrong.
|
# ? Oct 24, 2016 10:31 |
|
skipdogg posted:I don't know if this is the right place for this, I'm a sys admin and know very little about webservers, design, etc. This is exactly the normal result if management is allowed to unilaterally construct their own "solutions" to technical problems. Godspeed my friend.
|
# ? Oct 24, 2016 10:33 |
|
The Wizard of Poz posted:Wrong. Could you elaborate? I'm genuinely interested as a few of my clients get a lot of spam and it seems like disabling JavaScript would be an easy way to get around form validation, especially if there is no server-side validation, as seems to be the case with a few of my forms. Before you ask, the reason there isn't any server-side validation is because the forms are processed by a third party (email marketing software), not me.
|
# ? Oct 24, 2016 11:03 |
|
|
# ? May 16, 2024 04:48 |
|
submit the forms to your own server and pass them on to the third party product after validation
|
# ? Oct 24, 2016 11:10 |