How to make DOM element allways visible even during reloading the page? - facebook

I wan to make some fixed divs on bottom persistent without reloading them if user is on my site. It is like Facebook chat, user can be all over the site but chat is allways visible?
This queston is because I have created chat with NodeJS and when page is refreshed connection is destroyed and again created, so I want to make this connection persistent even during the reloading the page.
I know possible soluton that make every request Ajax call, but... this is unusable....

You can try localstorage. Data will persist on reload.
Use that with json.stringify and json.parse to make it work.
Unfortunately some older browsers still in use won't like that. I think all new browser versions can use localstorage. If you're not concerned about old browsers that's fine too.
There are localstorage shims, but that depends on how much work you're willing to put in to your project.
You can use localstorage to just store the html too if you like.
I prefer dom element updates using json values myself.
Visit browser version market share and you'll see quite a few of the older versions are out of usage. Though like with any tech usage stats you should take them with a grain of salt.
Edit Whoops! You said fixed divs without reloading them. I don't think that's possible if they are a chat. Unless I don't understand the question. Post some code if you can.

Related

Handling Browser Refresh in GWT

I am new ta GWT and I would like to know if there is a way to handler browser refresh. What happens now is that each time a user refreshes the page, or click F5, the application returns the user to the login page. what I want is to have the user stay at the same page when the page is refreshed. An example would be perfect.
Thanks a lot in advance!
Take a look at the Activities and Places design pattern for GWT.
It is a highly recommended approach that can handle page refreshes as well as back and forward buttons, and allows users to bookmark "pages" within your app.
Along with looking at activities and places which is a very useful way of handling navigation in an ajax application you will also need to handle the session from the server. You would have a call to do authentication either through a realm or some kind of homegrown authentication. I recommend Apache Shiro if you are just getting started. When you application loads from a refresh you need to make a call to the server to validate that the session you have is still valid and if so, you would send the user to the correct Place/Activity. The Activity/Places is a little bit more boiler plate but it is worth it in the long run and makes the application much more flexible. You may also want to checkout Arcbees GWTP plugin. This will handle most of the boilerplate for you but beware it can be a little complex to a newby. It uses Gin for dependecy injection and has some custom place mapping things that are a little different. But overall the documentation is very good and the gwtp eclipse plugin can save you some copying and pasting for some things.
You should look at the GWTP car store example. They did what you are looking for. https://github.com/ArcBees/GWTP/tree/master/gwtp-carstore
I would recommend you to consider History Tokens in your development to handle adhoc F5 refresh problems. Please have a look at http://www.gwtproject.org/doc/latest/DevGuideCodingBasicsHistory.html. While changing from one screen/layout to other, History Tokens help your browser keep track of the changes, because History Tokens change the URL itself. Examples can be found in the shared link.

Can You Hack a Websites Server?

I had an idea about website vulnerabilities, and I would like to know if it is possible. Also some suggestions on how to fix them.
If some part of my website writes data to the DOM and then calls the data back from it, would it be possible for someone to “hack” the server by editing the DOM in the browser?
For example, suppose I have some radio buttons. Each button has its own logic associated with it. If I remove one of the buttons, but fail to remove or comment out the logic, could someone go in and edit the DOM name of one of the buttons to the removed one, and upon submission have the server execute the logic associated with the removed radio button?
I understand how to fix that situation, by removing or commenting out the removed button’s logic, but I fear my site relies too heavily on such things that could be manipulated via the DOM. Hence, I’m wondering:
Is such a thing possible?
Is some complex validation method the only way to prevent “hacks” of this nature?
The answer to your question is yes. For example in many browsers you can open a javascript console and change not only the DOM but also the javascript on the site.
There is no guarantee that the code you write for a webpage will be run as you code it. Any user can change their copy. What they should not be able to do is change other people's copy. When they do this is called a cross site scripting (XSS) attack. (Typically done by adding script to a field which is saved in a database server and then served to another user.)
To protect your site you need to ensure that all web service calls are secure -- that is a user can't call them with malicious data and cause problems.
You also need to block against SQL injection attacks.
There is NO way to protect against a user changing the web page on their machine and having it do something you did not intend, so all validation needs to occur both in the browser and on the server.
As an example of how easy it is to change the local browser behavior, consider the browser extension. A browser extension is a pre-coded way to change the way web pages act locally.
(Think about ad-blockers as a specific example.)

Sending Data to Website From iPhone

I'm creating an iPhone Game where I want the user to get a unique numeric code when they first launch the app, that way when a friend of that user opens it, he/she can input that code and both users can get rewarded. I haven't encountered any issues regarding that, however what I want to do is make it to where the app registers the code given to every user and saves it to a website of some sort. That way when the other user enters the code, it will load the data from that website and check if it's registered. How would I manage to save the data onto a website? and also What free website could I use for this without having a character limit on the body page?
-Thanks in advance
Your thinking is correct, in that you need to save your data somewhere online, but you don't really "save data onto a website" in the way that you're describing. "Free Website" services usually serve a different purpose entirely - that of serving up public html pages. Sure, they can take the form of a CMS (like wordpress.com or tumblr accounts), but using that as an interface for storing your application's data is not something they're typically designed to do.
For something like this, where you have a public iPhone app that requires secure access to custom strings, you really want to have control over your own web server (different than a domain name, btw), and interface with a database on that server. This will come at a cost, and will involve more code than you're likely to find someone to write for you on here. Sorry to say it, but hey if someone wants to prove me wrong I'd love to see it.
Because all you need to store & retrieve are random strings (basically referral codes... if I'm understanding correctly), your database needs are pretty simple. If you're not familiar with things like PHP / MySQL, and you don't want to learn, it might be worth reaching out to some server-side developers for help. Unless there's more to it than you describe, you can probably find someone to help you for relatively cheap.
Good luck - and I'm sorry there isn't a simpler answer for ya.
You can send data using NSURLConnection. Just create an NSMutableURLRequest and call its -setHTTPMethod: method with “POST” as the HTTP method. Then, set its body and header fields appropriately, and you can use NSURLConnection to send the data.

"Refreshing" an XML feed on iPhone/Mac OSX

I'm curious for those of you who are building iPhone apps based on REST/SOAP/XML-RPC or simply pulling down a dynamic XML feed, what does it mean exactly to you when a user says 'refresh' the feed?
The straight forward way is to populate some collection, say an NSMutableArray, with whatever you bring down from the feed. If a widget on the UI is available to refresh, I typically do something like:
[myMutableArray removeAllObjects];
// follow steps to repopulate myMutableArray
It seems this is the least efficient algorithm for refreshing an XML feed. For instance many folks who are building Twitter clients, are appending changes to their existing feed, versus bringing down the entire feed in its complete form again.
What kind of algorithms are you using to "refresh" your models when speaking to a server-side data source?
Thanks all.
You should look into using the PubSub framework if you can require OS X 10.5. It's explicitly designed to fetch and update RSS/Atom feeds.
(Disclaimer: I wrote a lot of that framework while I was at Apple :)
The answer to your question is that feeds are inherently inefficient. You can minimize this by
Using HTTP "conditional GETs", so if the feed hasn't changed on the server you'll just get back a tiny 304 response. This saves time for the server and for you. (Some feed servers, like slashdot, will ban you if you don't use conditional gets!)
Check the "Last-Modified:" date on the response. Yes, even if you use a conditional GET. Some servers don't handle them properly. If the date is unchanged, ignore the feed.
Compare the raw data of the response against the last raw response you got. If identical, ignore the feed. (Some servers don't support conditional gets or send last-modified dates...)
Now you have to parse the XML.
Check the top-level mod date on the feed itself (this varies between Atom and the different flavors of RSS.) Again, if it's the same as it was last time, ignore the feed.
If you got here, the feed's been updated, most likely. The easiest thing to do is to throw away all of your old saved entries and replace them with the new ones. But this means you can't keep 'historic' entries that have fallen off the end of the feed. If you want to do that, you have to go through each entry in the just-parsed feed, match it with the corresponding entry in your persistent storage, and update the persistent one based on the new one. If you couldn't find a persistent one, add it as a new entry. (Matching entries can be difficult in lame RSS feeds that don't include unique GUIDs for each entry. You have to try comparing permalinks and titles. Yuck.)
This whole thing really is a big mess. It took a lot of work to make everything behave correctly and work with all the broken feeds and servers out there; take advantage of my pain and use PubSub, if you can :)
One approach is using the built in NSXML pull parser in a background thread and comparing entries from the stream to what you have in memory, updating only what has changed.
I've just released an open source RSS/Atom Parser for iPhone and hopefully it might be of some use.
I'd love to hear your thoughts on it too!

How to read DOM of the iframe loaded with a page from another domain?

Is there a way to access the DOM of the document in an iframe from parent doc if the doc in the iframe is on another domain? I can easily access it if both parent and child pages are on the same domain, but I need to be able to do that when they are on different domains.
If not, maybe there is some other way to READ the contents of an iframe (one consideration was to create an ActiveX control, since this would be for internal corporate use only, but I would prefer it to be cross-browser compatible)?
Not really. This is essential for security – otherwise you could open my online banking site or webmail and mess with it.
You can loosen restriction a bit by setting document.domain, but still top level domain must be the same.
You can work around this limitation by proxying requests via your own server (but don't forget to secure it, otherwise s[cp]ammers may abuse it)
my.example.com/proxy?url=otherdomain.com/page
Theoretically you can access the the content of the iframe using the standard DOM level2 contentDocument property. Practically you may have found out that most browsers deny the access to the DOM of the external document due to security concerns.
Access to the full DOM AFAIK is not possible (though there might be some browser-specific tweak to disable the same-domain check); for cross-domain XHR a popular trick is to bounce the data back and forth the iframe and the main document using URL fragment identifiers (see e.g. this link), you can use the same technique but:
the document loaded in the iframe must cooperate, and
you don't have access to the full document anyway (you can read back some parameters, or maybe you can try and URL-encode the whole document - but that would be very ugly)
I just found postMessage method introduced with HTML5; it's already implemented in recent browser (FF3, IE8 and Safari 4). It allows the exchange of messages between any windows object inside the browser.
For the details see the documentation at MDC and this nice tutorial by John Resig.