Prev: User account blank password
Next: Sliverlight 4.0 full screen.
From: Woody on 29 Apr 2010 04:09
D.M. Procida <real-not-anti-spam-address(a)apple-juice.co.uk> wrote:

> Woody <usenet(a)alienrat.co.uk> wrote:
>
> > > What's needed is a single "Add this person to your address book" button,
> > > that does exactly what it says.
> >
> > And that has some very robust defenses against it being possible, as it
> > is effectively a cross site scripting attack, or more a cross zone
> > scripting attack. You cant do it with javascript
>
> If you use iChat or Mail, you'll notice that when the received text is
> something like "Tomorrow" or "2pm Tuesday", a contextual menu is
> available for iCal.
>
> Could a similar mechanism be made available for a web browser, and for
> the Adress Book?

Well, you could write a service for it, except then you would need to go
to the services menu, so multiple clicks again. Otherwise it would have
to be an input handler plugin, so yes, that would be possible but a bit
of work. Does have the advantage you would be able to use it in other
things than just the web browser though.

--
Woody
From: Ian Piper on 29 Apr 2010 04:48
On 2010-04-29 09:09:35 +0100, usenet(a)alienrat.co.uk (Woody) said:

> D.M. Procida <real-not-anti-spam-address(a)apple-juice.co.uk> wrote:
>
>> Woody <usenet(a)alienrat.co.uk> wrote:
>>
>>>> What's needed is a single "Add this person to your address book" button,
>>>> that does exactly what it says.
>>>
>>> And that has some very robust defenses against it being possible, as it
>>> is effectively a cross site scripting attack, or more a cross zone
>>> scripting attack. You cant do it with javascript
>>
>> If you use iChat or Mail, you'll notice that when the received text is
>> something like "Tomorrow" or "2pm Tuesday", a contextual menu is
>> available for iCal.
>>
>> Could a similar mechanism be made available for a web browser, and for
>> the Adress Book?
>
> Well, you could write a service for it, except then you would need to go
> to the services menu, so multiple clicks again. Otherwise it would have
> to be an input handler plugin, so yes, that would be possible but a bit
> of work. Does have the advantage you would be able to use it in other
> things than just the web browser though.

I think you are right. I have found a document in Apple's Developer
Documentation ("WebKit DOM Programming Topics") and that has a chapter
on "Calling Objective-C methods from JavaScript"). This got me briefly
excited - there is a whole API devoted to the Address Book - until I
read the first couple of paragraphs:

"The web scripting capabilities of WebKit permit you to access
Objective-C properties and call Objective-C
methods from the JavaScript scripting environment.
An important but not necessarily obvious fact about this bridge is that
it does not allow any JavaScript script
to access Objective-C. You cannot access Objective-C properties and
methods from a web browser unless a
custom plug-in has been installed. The bridge is intended for people
using custom plug-ins and JavaScript
environments enclosed within WebKit objects (for example, a WebView)."

That approach isn't going to work because I don't want to impose any
browser plug-ins on users.

Oh well, back to the drawing board :-(


Ian.
--
Ian Piper
Author of "Learn Xcode Tools for Mac OS X and iPhone Development",
Apress, December 2009
Learn more here: http://learnxcodebook.com/�
--�

From: D.M. Procida on 29 Apr 2010 04:59
Ian Piper <ianpiper(a)mac.com> wrote:

> "The web scripting capabilities of WebKit permit you to access
> Objective-C properties and call Objective-C
> methods from the JavaScript scripting environment.
> An important but not necessarily obvious fact about this bridge is that
> it does not allow any JavaScript script
> to access Objective-C. You cannot access Objective-C properties and
> methods from a web browser unless a
> custom plug-in has been installed. The bridge is intended for people
> using custom plug-ins and JavaScript
> environments enclosed within WebKit objects (for example, a WebView)."
>
> That approach isn't going to work because I don't want to impose any
> browser plug-ins on users.

How about a: "Download a vCard for this person" link? Then the user has
a clue about what they're expected to do.

Daniele
From: Woody on 29 Apr 2010 05:24
D.M. Procida <real-not-anti-spam-address(a)apple-juice.co.uk> wrote:

> Ian Piper <ianpiper(a)mac.com> wrote:
>
> > "The web scripting capabilities of WebKit permit you to access
> > Objective-C properties and call Objective-C
> > methods from the JavaScript scripting environment.
> > An important but not necessarily obvious fact about this bridge is that
> > it does not allow any JavaScript script
> > to access Objective-C. You cannot access Objective-C properties and
> > methods from a web browser unless a
> > custom plug-in has been installed. The bridge is intended for people
> > using custom plug-ins and JavaScript
> > environments enclosed within WebKit objects (for example, a WebView)."
> >
> > That approach isn't going to work because I don't want to impose any
> > browser plug-ins on users.
>
> How about a: "Download a vCard for this person" link? Then the user has
> a clue about what they're expected to do.

It seems the easiest way.


--
Woody
From: Adrian C on 29 Apr 2010 07:59
On 29/04/2010 08:17, Woody wrote:
> D.M. Procida<real-not-anti-spam-address(a)apple-juice.co.uk> wrote:

>> What's needed is a single "Add this person to your address book" button,
>> that does exactly what it says.
>
> And that has some very robust defenses against it being possible, as it
> is effectively a cross site scripting attack, or more a cross zone
> scripting attack. You cant do it with javascript
>

Is this something that is doable if the javascript is running on a page
served (or accessed as a file based web) locally? Is this an application
intended to be hosted on an intranet?

For ye could put the remote web service access in an iFrame, and add
javascript in that outside domain to do a HTML5 postmessage to ya local
javascript code, which would then do the address book insertion.

--
Adrian C
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: User account blank password
Next: Sliverlight 4.0 full screen.