I'm using Modernizr 3.0 to check for input[type='file'] so I don't show an upload button to users who can't use it. I'm worried that Modernizr.fileinput will return false for users who don't have file system access but do have camera access via
<input type="file" accept="image/*" />
I've tried checking this on browserstack but I'm still uncertain because I don't know how the various cameras respond on their VMs.
Does Modernizr distinguish between no file system access and no camera access or will Modernizr.fileinput return false if the user doesn't have file system access but does have camera access?
You can use Modernizr.filesystem in conjunction with Modernizr.fileinput to see if the user has file system access.
Most desktop browsers support filesystem API, but mobile browsers don't. A weaker check would be Modernizr.filereader but it'll work on most mobile browsers (barring older ones such as IE9 and old Androids).
You can check out the detect here.
It doesn't distinguish against anything, other than a few blacklisted user agents (which modernizr does use, if there is no sane alternative).
Related
I'm trying to add screen-sharing feature in my app using webrtc and Firefox browser,I'm facing the same error that described here:
Twilio screensharing on localhost in firefox?
The problems is that I need to set the flag(media.navigator.permission.disabled) to make the screen sharing work but for security reasons we can't do that in the code, what I'm trying to do is to make Firefox prompt the user to change this flag.
Is this possible? can we make Firefox prompt the user to change this flag?
any suggestions?
Thanks in advance!
For security purposes there is no way for JS code to change flags. Giving JS code the ability to do that would have really dangerous implications.
Screen sharing is only allowed on HTTPS origins. So you really need to get your self a certificate for your test page, e.g. from Lets Encrypt.
I am working on a site that has to use IE6 !!! BUT also requires intranet users to access apps that need Firefox. Is there a slick way of doing this when launching the app? (link pop up - seems old fashioned). Not sure how much access I have to the root directory, ie for HTaccess
thoughts much appreciated.
You can use a <div> element inside conditional comments and display it for intranet users only based on an IP check.
So I've been looking for a solution to implement in my site that allows for multiple files and large files (>2 GBs) to be uploaded, without using any plug-ins, desktop clients, etc. I also have a requirement to support browsers as far back as IE 7. FineUploader seems to fit the bill perfectly, but one aspect I have been trying to figure out is how it uses iframe to support non-HTML5 browsers? Is it basically serving up HTML content, so it still allows users to upload files, but with legacy limitations (one file at a time, not able to read file size prior to upload, etc.)? What functionality of FineUploader do I lose in non-HTML5 browsers?
Thanks,
Stas
I'm the maintainer of Fine Uploader and I will provide an answer to your questions.
For browsers that do not support the File API (IE9 and older, Android 2.3.x) Fine Uploader must rely on a commonly known "trick" to allow for "ajax" uploading. In these browsers, you must submit a form containing a file input element (one for each file). Fine Uploader creates a hidden iframe containing a form and a file input for the associated file. A separate iframe is created for each selected file. Fine Uploader then submits the form when it comes time to upload the associated file or files. The response text from the server is loaded into this iframe when the server response is received, and the library parses this response (which must be a valid JSON response, regardless of the browser).
The following limitations are in place on non-File API browsers:
You can only select one file at a time (one per "choose a file" dialog). This is due to the fact that none of these browsers do not support the multiple attribute on file input elements.
Dragging and dropping of files is not supported. This feature depends on File API support.
Progress bars do not appear, as there is no easy way to determine the upload progress of a file in browsers that do not support the File API. There may be efforts in the future to allow for progress calculation, such as a documented convention that results in periodic GET requests to check the progress, or support for the UploadProgress module in nginx or apache.
Client-side file size information is not available. So, any features related to or dependent on file size are not enabled. This information is simply not available unless the browser supports the File API.
Chunking and auto-resume features are not enabled since this explicitly depend on File API support.
Luckily, all "modern" browsers, including IE10, support the File API.
Hope this helps.
I have some HTML files I'm putting in Isolated Storage and then loading them up in a Windows Phone 7 WebBrowser control. I want to make an AJAX request in JavaScript to a remote host to get some data. This appears to fail with a "No transport" error. I assume there is a same origin policy which is preventing my request from going through.
Does anyone know if this is the case, and if so, can the policy be disabled?
This is from http://msdn.microsoft.com/en-us/library/ff462081(v=VS.92).aspx:
Content loaded from Isolated Storage or dynamically by using the NavigateToString(String) method is treated differently than content loaded from the network. Content loaded from Isolated Storage or dynamically by using NavigateToString has no cross-site restrictions, while content loaded from the network has normal cross-site restrictions. For this reason, you should be careful about loading untrusted content from Isolated Storage or dynamically by using NavigateToString.
So, answer to your question would be: Yes it does, but not for files loaded in the way you describe.
I am working on a Firefox extension that will involve ajax calls to domains that would normally fail due to the same-origin policy set by Firefox (and most modern browsers).
I was wondering if there is a way to either turn off the same-origin restriction (in about:config, perhaps) or if there was a standard lite-browser that developers turn to for this.
I really would like to avoid using any blackhat tools, if possible. Not because I'm against them, I just don't want to add another learning curve to the process.
I can use curl in PHP to confirm that the requests work, but I want to get started on writing the js that the addon will actually use, so I need a client that will execute js.
I also tried spidermonkey, but since I'm doing the ajax with jquery, it threw a fit at all of the browser-based default variables.
So, short version: is there a reliable browser/client for cross site scripting that isn't primarily a hacker app? Or can I just turn off same-domain policy in Firefox?
Use GreaseMonkey with GM_xmlhttpRequest
Did you look into HTTP Access Control