If you are finding you need to use javascript inside an html or xhtml file and it won’t validate, then here is a little tip for you.
If you surround all your javascript with <![CDATA[ and ]]> tags, all will come good.
The CDATA is seen by the validator as data which doesn’t need checking. So this:
<script>
document.getElementById('container').innerHTML('<p>hello</p>');
</script>becomes this:
<script>
<![CDATA[
document.getElementById('container').innerHTML('<p>hello</p>');
]]>
</script>Another option is to escape < and > characters server-side / in the file and then unescape with javascript
<script>
document.getElementById('container').innerHTML('<p>hello</p>'.replace('/</','<').replace('/>/','>'));
</script>
Posted by Harry at 1:43 pm on April 21st, 2010.
Categories: Javascript, The Web.
The share buttons that are currently offered by sites such as Digg, Facebook and Tweetmeme all have something in common when it comes to their height. 61px seems to be a developing standard.
The problem is that when you line them all up the Facebook share button is actually wider than the others which seem to come in at 52px.
Well you can make the Facebook button 52px in width without too much trouble. Facebook only use two classes to style the inner ‘Share’ button which seems to be the decider when it comes to the buttons width.
By shaving a little off the left and right padding we can bring the Facebook share button back down to 52px in width and make it play nice with the other share buttons.
<style type="text/css">
span .FBConnectButton_Small .FBConnectButton_Text
{
padding:3px 2px 2px;
}
</style>The extra span is just enough to beat the included Facebook css with a higher specificity score by 1 single point.
Posted by Harry at 4:28 pm on March 8th, 2010.
Categories: Facebook, The Web.
It took a while to get my head around it, so here it is incase I need it again.
Integrating with WorldPay is not the simplest of tasks. The documentation is poor at best.
I was integrating by using a form on my site, which posts the order total and an order id etc to WorldPay. WorldPay then deal with taking the money from the user. What I couldn’t understand was how to get the user back to my site for thanks after they had paid.
Turns out it’s quite simple.
Continue Reading… »
Posted by Harry at 11:39 pm on February 1st, 2010.
Categories: The Web, WorldPay.
A lovely long list of mime types along with their extensions.
If you find any errors or know any extensions and mime type pairs missing be sure to let me know.
It’s in php array format for your convenience.
$mimetypes = array(
‘3dm’ => ‘x-world/x-3dmf’,
‘3dmf’ => ‘x-world/x-3dmf’,
‘a’ => ‘application/octet-stream’,
‘aab’ => ‘application/x-authorware-bin’,
‘aam’ => ‘application/x-authorware-map’,
‘aas’ => ‘application/x-authorware-seg’,
Continue Reading… »
Posted by Harry at 6:35 pm on January 28th, 2010.
Categories: The Web.
I’ve lost count of the number of times i’ve seen this bit of HTML / PHP:
<form method="post" action="<?php print $_SERVER['PHP_SELF"]; ?>">
Looks pretty harmless doesn’t it, but it is a pretty dangerous shortcut to use. Imagin I get a user to visit the page the form is on by following this link, maybe hiding it in a short url:
http://example.com/formpage.php?"><script>alert(document.cookie);</script>
where I’ve added some html into the url which contains a script tag.
I could use this method to grab all your cookies and log in as you, or send ajax requests back to the site on your behalf. All very frightening. The quick solution is to turn html characters into their harmless entities using the php function htmlspecialchars. So the code would be
<form method="post" action="<?php print htmlspecialchars($_SERVER['PHP_SELF']); ?>">
But wait! The best way to submit to the same page with a form is to use and empty action attribute. It’s valid and it works.
<form method="post" action="">
Don’t believe me? Go tell Jesse. He also wrote about empty action attributes.
Posted by Harry at 12:54 am on December 16th, 2009.
Categories: Methods, PHP, The Web.