Are browser dialog boxes considered accessible by WCAG A/AA standards? The dialog boxes I am referring to are the ones that are native to the browser like the following in Chrome:
There are 3 different Guidelines from W3C/WAI (Web Accessibility Initiative):
WCAG 2.0 for Web Content
ATAG for Authoring Tool (tl;dr CMS)
UAAG for User Agents (tl;dr graphical web browsers and many more like sites that'll embed content - ads, videos, weather forecast, etc)
The relevant guideline for browser dialog boxes is UAAG as in "does the UA expose web content in an accessible manner and are its own controls accessible - mouse and touch and keyboard, playing well with OS accessibility APIs"
Following ATAG allows a disabled person to create content on its own website as an admin or content writer or translator and such. A website can be accessible to its visitors but the backoffice/admin also needs to be accessible to employees, content producers, etc
And finally, there's also WAI-ARIA for Accessible Rich Internet Applications for rich widgets, web applicaitons whatever it means. tl;dr should be used as a complement to HTML5
Browser dialog box are accessible as long as your browser follows the UAAG requirements, which should be the case for the most modern used browsers (Edge, Safari, Chrome, Firefox, ...).
In your example, this dialogbox is launched when the window.onbeforeunload event is fired.
It can be a good solution to answer to the WCAG 3.2.5 point:
3.2.5 Change on Request: Changes of context are initiated only by user request or a mechanism is available to turn off such changes. (Level AAA)
http://www.w3.org/TR/UNDERSTANDING-WCAG20/consistent-behavior-no-extreme-changes-context.html
So this prevent, for instance, a third party script to redirect the user outside of the page without its confirmation, or the user to mistakenly close the wrong window.
But of course, opening a dialog box when not the result of a user action is not accessible.
Related
Im working on a web-scraping project i know how to get certain data from target page through HtmlAgilityPack. But i dont know what to send in the Post information of that page. The page is not sending any information through querystring. There are three textboxes in that page, two checkboxes and a search button
when i inspect the button with firebug it gives following information
<img border="0" align="top" onclick="javascript:PVO_PId_Search(
document.ProtocolForm.searchplt,
document.ProtocolForm.towcheck.checked,
document.ProtocolForm.collateralcheck.checked,
document.ProtocolForm.selState[document.ProtocolForm.selState.selectedIndex].value,
document.ProtocolForm.selPltType[document.ProtocolForm.selPltType.selectedIndex].value)" onmouseout="this.className='flyOut'" onmouseover="this.className='flyOver'" alt="Search" value="PSearch" name="PSearch" onload="javascript:updateButtonWithOneTxtbox(document.ProtocolForm.searchplt,this,'v_images/Search_button.gif','v_images/Search_button_grey.gif');" src="v_images/Search_button.gif" class="flyOut">
Now my question is, Is there any tool or firefox addin available which i can use and monitor (or debug) what kind of Post information it is passing ?
You can use built-in Web Developer tools in Chrome and/or Safari, etc to inspect all http request/responses between your client (browser) and the (server) web site. You'll see it in the NETWORK inspector tools.
However, unless it's your site, or some worthy educational experiment, whether or not you can actually spoof (yes, that's what it really amounts to) a POST (or GET) to the site depends on whether or not it has some built in protections/validations that protect it from such attempts.
Update:
Just fire up Chrome and (on Windows) CTRL+SHIFT+I (Safari, its CTRL+ALT+I) and you should see the NETWORK INSPECTOR:
Update 2:
And just for reference, if you want network inspection that isn't dependent on a browser, Fiddler is always part of my personal tool kit.
I have a website with a flex application. The flex application has no user input - except for clicks for navigation. The website also uses no scripting language - i.e. no php, asp, jsp or cfm.
The website just consists of one page which contains the flash file for the flex application. The source code of this page is here: http://pastebin.com/n5b4RxqT
I have been advised (by a software program used by my client) that this website is vulnerable to a reflective type XSS attack and have been advised to 'sanitize' all user input.
I am a noob with respect to XSS and would respectfully like to ask that AFAIK there is no user input. What should I sanitize and how?
Thanks in advance
Using AC_OETags is the old way of doing things and is deprecated. What you want to do is use SWFObject which is now the default in Flash Builder 4.
is it possible to hide windows taskbar during page load of an aspx page?
No. There used to be such option in IE, but as it was abused by malware (e.g. it hid the real taskbar and pretended there was a virus on the computer, then scared the user into downloading the real virus), it was removed.
In general, the code inside the browser has no business messing with anything outside the browser, for security reasons.
If you have control over the clients' computers (e.g. for an internal application that will be used from specific computers) and you know which browser(s) will be used, you could write a browser plugin (or an extension, in case of Firefox/Chrome/Opera) and install it on those computers - these have a much higher privileges of access to the rest of the OS, almost like normal processes.
No it is not possible without using some proprietary plugin inside the browser.
This question already has answers here:
Mobile Device Detection in asp.net
(9 answers)
Closed 6 years ago.
I have an existing web site and I would like to create a mobile version of it that is more suitable. For instance, the main site uses drop-down menus and we all know those are quite the fail on mobile devices.
I would like to redirect to my mobile version (it will be a subdomain of the current site) if I detect a request from a mobile browser. So when they Google something and come to my site, they will automatically see the mobile version (just like Wikipedia).
Does ASP.NET provide an easy way of doing this? If not, how can I do it?
You can use the IsMobileDevice property somewhere in the Request.Browser. You need some decent browser definitions though. I use these excellent set of browser definitions: Ocean's place browser definitions.
They are really in depth and the best I've seen. I think he is currently working on .NET4 ones too.
I think the best solution is WURFL. It is more up date device description repository and it is free. The only inconvenience is .net api is GPL.
Keep it simple...
Heres the JS for the same...
Hope it helps someone..
var useragent = navigator.userAgent;
var isMobile = !!useragent.match(/iPhone|Android|Blackberry|Sony|Nokia|Motorola|Samsung/i),
isWebBrowser = !!useragent.match(/Mozilla/i);
// Redirect the call accordingly.
if(isWebBrowser && !isMobile)
//call to web portal
alert(" You seem to me... calling from Web Browser")
else if(isMobile)
//call to mobile apps
alert(" Call seems to be from Mobile device...")
else
{
// jus kiddin...
alert(" Unable to detect the device..... Please report to admin...")
}
There is a project on codeplex that you can use : Mobile Device Browser File
Project Description
The Mobile Browser Definition File
contains definitions for individual
mobile devices and browsers. At run
time, ASP.NET uses the information in
the request header to determine what
type of device/browser has made the
request.
This project provides a data file that
when used with ASP.NET will detect the
incoming mobile device and present you
as the web developer with a set of 67
capabilities or properties describing
the requesting device. These
capabilities range from screen size to
cookie support and provide all the
information you need to adaptively
render content for mobile phones and
devices.
What is the Mobile Device Browser Definition File?
The Mobile Device Browser Definition
File contains capability definitions
for individual mobile devices and
browsers. At run time, ASP.NET uses
this .browser file, along with the
information in the HTTP request
header, to determine what type of
device/browser has made the request
and what the capabilities of that
device are. This information is
exposed to the developer through the
Request.Browser property and allows
them to tailor the presentation of
their web page to suit the
capabilities of the target device.
There's an article on CodeProject which provides such function.
I work in an area where the business users heavily depend on bookmarks to access their work-related web applications. Our standard browser is Internet Explorer v6. We have a new Flex application - when you add the site to Internet Explorer Favorites, then later try to access the site with the Favorites link, we get the following error message: "internet explorer cannot open the internet site http://our url. Operation aborted". If we then bring up the properties for the link and remove the trailing "#' from the url, the link works.
What is this trailing "#", and can it be removed? Is there a way to have Internet Explorer bookmarking to work for this site (other than manually editing the bookmark)? The problem doesn't occur in Firefox (but not everyone has access to that browser).
The trailing # is used to provide information to your client-side framework. It was originally meant to provide the ability to link to anchor points in an HTML document. It has been "hijacked" by JavaScript frameworks to provide state information to Flash and Flex applications.
The primary benefit of using # to navigate is that the browser doesn't navigate off the current page - meaning you only need to load your framework once. Traditional URLs would force an entire page reload.
Most likely you can't remove it. You should be able to provide a means for a secondary URL scheme that encodes what you need in a query string (?foobar=1).
You will need to configure server-side processing to either redirect the user to the hash URL or load the necessary information via a JavaScript hook to your Flex framework.
You might also look into the new Google Chrome plugin for IE.
You can turn this off in the compiler parameters in Flex Builder. Go into the project settings, then in "Flex Compiler" uncheck the box that says "Enable integration with browser navigation".