'corePHP' Blog » Javascript

jQuery click event fires twice

Rafael Corral — Wed, 20 Jul 2011 13:29:27 +0000

Today I had an issue with jQuery where a listener for a ‘click’ event was being triggered twice.
With the following code, I would get two logs in the console:

jQuery(document).ready(function(){
	jQuery('#button').click(function(){
		console.log(1);
		return false;
	});
});

I was even trying the jQuery(function() { }); method, but I would still get the same results.

After some debugging, I figured out that if I moved that javascript to be inside the tag instead of the tag which is where I originally had it, that would fix the problem.

Hope it helps,
Rafael Corral
Lead developer

Control HTML without javascript

Rafael Corral — Wed, 01 Sep 2010 15:05:42 +0000

This is something I have known about for a long time. It is advanced and can mostly be used for Cross Site Request Forgeries (CSRF). Not that I condone these, but the best way to defend yourself against hackers is by knowing as much as they do.

In some cases users turn javascript off in their browsers (I do) for security reasons. HTML has just about no scripting capabilities if you discard the FOR attribute on the LABEL tag. It is possible to trick a user into submitting a form by them simply highlighting text on a page. The FOR attribute binds a label to another element, which is some sort of scripting, I guess.

Well, by simply wrapping the BODY of a page in a LABEL tag, which contains text and HTML, the LABEL and its contents become a button through binding of the FOR. This all happens behind the scenes. This means that whenever you select text or click on the body of the page, the binding becomes active, and it is possible to submit a form without any scripting at all!

Example:



Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor
incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud
exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore
eu fugiat nulla pariatur.

On my example I show a POC on how you could automatically log someone out of twitter by them simply clicking on a page. Twitter has fixed this CSRF by simply checking the referrer on the browser: If it doesn’t match twitter.com, it sends you to another logout page for you to confirm your action.

This is good knowledge. Use it to protect yourself and not to harm others.

I use a plugin for FireFox called NoScript. This plugin will block all scripts on a per-domain basis. If you trust the domain, then you can enable those scripts. This is extremely helpful because I visit many hacked packages on a weekly basis and I do not want my computer to get a virus. This plugin will protect you from at least 70% of web attacks. I highly encourage you to use it.

Hardcore Javascript browser & computer fingerprinting

Rafael Corral — Thu, 18 Feb 2010 17:40:07 +0000

This post contains a POC (Proof of concept) on how to detect if a user is using the same computer as they have previously used before. This can be useful if you want to register a user’s computer for a certain functionality that your website may have. It can also be used to only allow one computer to view private content of a site and has many other applications aside from being really cool!

The way the script works, it has functions to retrieve the following:

Browser type
Display width & height, color depth and available height
The plugins that are installed on the browser
The operating system the browser is running on

With these four pieces of information you have the option to MD5 hash them, which is what I recommend as it is shorter and easier to store in a database.

Please download the files from here. Two files are needed if you want to use the MD5 encryption.

To get all of the above information about the browser in one neat string with separators, call this JavaScript function:

$fingerprint = pstfgrpnt();

To get the values MD5 hashed, simply pass true through as a parameter.

The index.html file on the download includes a simple example.

That is it! Enjoy!

Fix the sIFR bug when logged in (UPDATED!)

Jonathan — Wed, 14 May 2008 23:42:13 +0000

I ran into a strange bug today while implementing sIRF into Joomla!. Everything looked great until I logged into the front-end. Then the titles show this:

After many hours of frustration, we finally came up with a fix!

The error comes from a conflict between sIFR and OverLIB, so we just disabled OverLIB. To do this you have to open the base index.php file in the root directory. Go to line 214 and change FALSE to TRUE.

// set for overlib check $mainframe->set( 'loadOverlib', true );

Your site will now display sIRF correctly when logged in.

UPDATE:

While we realized that turning off OverLIB was not a good idea, we didn’t have any better alternatives…until now! The problem was caused by the fact that Joomla! loads the front-end edit button inside the div with the class “contentheading,” which is translated by sIFR. To solve this, you have to edit com_content/content.html.php to move the edit button into a separate < td > so that it’s in line with the pdf/email/print buttons (and out of the contentheading div).

Thanks to Mike at mike.simbunch.com for the sharing this fix with us.

Close Window

Steven — Mon, 05 Jun 2006 17:19:45 +0000

Many people come across this issue with popup windows when they want to give the user a close button instead of the X up at the top.

You can easily and quickly achieve this just by adding a ‘href’ tag.

The following code is a sample, so customize it to whatever you need.

Close Window