| Pages in topic: < [1 2 3] | Changes made to the way javascript is handled in ProZ.com profiles Thread poster: Jason Grimes
|
|---|
| Andreas, made changes to support your profile | Aug 10, 2009 |
Andreas Nieckele wrote: I would appreciate if you guys could get all of this fixed as soon as possible. Our profile pages are arguably the most valuable reason to invest on our memberships (which I just happened to renew), and as it stands right now I can't have my profile to look the way I want to: an exact replica of my website, just like it was until Friday.
Hi Andreas,
I've made a change so that viewers will always be given the option to view your profile page with dynamic content (the system didn't recognize the dynamic content in your page before, so viewers weren't given the option to see it). It looks like you changed your page in an attempt to get it working--if you change it back again, when the viewer enables dynamic content it should work exactly the same as before.
I hope this helps resolve the issue. I'm sorry for the trouble.
Additionally, I've fixed the particular issue you reported with inline CSS and added support for target and id attributes.
Best regards,
Jason
| | | | Zea_Mays 
Italy
Local time: 09:57
Member (2009)
English to German
+ ...
| Not the best way from my point of view... | Aug 20, 2009 |
Jason Grimes wrote:
Hi Özden,
This is not precisely true. The change to the way javascript is handled in your profile is not directly about making your profile more secure.
Rather, changes in the way javascript is handled all over the site are about making the overall site more secure. This change just happens to be most noticeable in profiles, where javascript has been allowed indiscriminately in the past. Now javascript is allowed only in much more limited circumstances: in the profiles of ProZ.com members, when the viewer has given consent to run it.
I hope this helps clarify.
Best,
Jason
Hi Jason & all the staff,
thank you for your efforts to improve the site, I appreciate it but in this case I disagree with the way you handle this item.
Javascript is not that big problem (note: it's not Java), and can be easily disabled by the visitor in HIS/HER BROWSER. Why don't ask also if the visitor wants to disable Javascript for the entire Proz.com site, since its use is really copious there??
Since 99,999% of people have antivirus programs, but DON'T KNOW what Javascript is, they will think about a danger and CLOSE the page (not simply click on yes or no, that's annoying).
And since any message and/or window you put BETWEEN a web page and the visitor REDUCES the visits to your page/site, I really think you'll better disable entirely Javascript on the profile pages instead of this visitor blocker: working in the SEO field, I AM SURE that this Proz (anti)feature will damage the business of many people (like me who's using harmless Javascript on her profile page to check how visitors land on it). That's not what I've paid my membership for!!
And: NO, the Proz.com feature to check visitors behaviour is not that good - e.g. it lists each search engine spider visit, which really doesn't make any sense, and forces you, by clicking on the IP addresses, to go to an external service provider (is IT safe??... Or is there a PARTNER program?) which shows really poor information.
By the way, disabling Javascript on my profile page part of the html formatting is no longer shown, which I don't understand since there is no connection between the two scripts, so I fear it's a Proz bug.
My two cents for this terribly hot day.
Have a good time.
| | | | | There are bugs in this anti-javascript measure | Aug 20, 2009 |
By the way, disabling Javascript on my profile page part of the html formatting is no longer shown, which I don't understand since there is no connection between the two scripts, so I fear it's a Proz bug.
I have found that much non-javascript content is interpreted as "dynamic content" by the system and thus is not correctly displayed if the visitor does not enable javascript. For example, I found out that if you try to change the position of an element using CSS' "position: absolute" or "position: relative", it will not work until javascript is enabled. Many other CSS settings work perfectly from the start, but "position" (and possible others) do not, which is quite bizarre.
And, just like certain CSS attributes, there must be other non-harmful elements being incorrectly affected by this glitch.
| | | | Zea_Mays
Italy
Local time: 09:57
Member (2009)
English to German
+ ...
Well, it seems now I get almost nothing but search engine visits...
| | |
|
|
|
Zea_Mays
Italy
Local time: 09:57
Member (2009)
English to German
+ ...
| | It's a necessity | Sep 2, 2009 |
Zea_Mays wrote: I am wondering why someone should put harmful Javascript on a page which s/he will open him-/herself and which should lead to more business...  Isn't Proz.com a site for professionals? So why should they insert harmful code in their profiles?? And what sense makes it to ask also the page owner! to enable/disable the script???
It's because not everyone registered on Proz is a serious professional using his profile for business. As I understand there were people (non-translators) registering on Proz and inserting malicious code in their profiles. Or something like that.
Also, it's not the owner of the profile who enables/disables javascript. Every single visitor of your profile will be presented with this option. When you enable/disable javascript on your profile, it applies to your computer only.
While I agree that this has seriously compromised the profiles of many serious professionals (including mine), it's quite surprising how lenient was Proz regarding the amount of freedom we had to modify our profiles until recently. Try creating a profile on any website that allows users to create profiles (Facebook etc.) and see how stricter they are. You'll most likely be able to enter text and that's it. Images or HTML won't be allowed in 90% of the cases. And there's a reason for this: people will exploit any malicious possibility.
| | | | | Asking the profile owner | Sep 2, 2009 |
Andreas Nieckele wrote:
Also, it's not the owner of the profile who enables/disables javascript. Every single visitor of your profile will be presented with this option. When you enable/disable javascript on your profile, it applies to your computer only. As far as I understand, Zea's idea was that if you are the owner of the profile in question, you will want to see whatever tou inserted there, including your JavaScript.
However, I see at least one reason for asking the profile owner the same question (about enabling/disabling JavaScript), and that reason is about testing. The owner may want to see how others (who answer No to this question) will see his/her profile with JavaScript disabled.
| | | | Ramon UK
United Kingdom
Local time: 08:57
English to Spanish
+ ...
Before this sudden change, I had some hidden analytics javascript installed to analyze visitor statistics.
I have just been hit by some sort of translation scam by someone stating they were in Germany when in reality they were based in Nigeria. They now have my bank details and have disappeared.
Beforehand I would have spotted their location quickly, and would have become more suspicious.
I know I'm not a full paying member, but I feel that own security ha... See more Before this sudden change, I had some hidden analytics javascript installed to analyze visitor statistics.
I have just been hit by some sort of translation scam by someone stating they were in Germany when in reality they were based in Nigeria. They now have my bank details and have disappeared.
Beforehand I would have spotted their location quickly, and would have become more suspicious.
I know I'm not a full paying member, but I feel that own security has now been breached on a much larger scale and I wasn't expecting this. My Javascript wasn't in any way malicious.
Is there any way, or would you be so kind, to allow the analytics on my site to quickly work again. They are after a possible identity fraud scam, and I would like to be monitoring all visits in IPs over next few days.
Alternatively, does anyone know of a REAL analytics program (not some simple counter tool that's popular on Ebay) that doesn't use Javascript and can be used in conjunction with Proz profile to measure IP addresses and entry links of visitors?
Many thanks,
Ramón
[Edited at 2009-10-08 17:40 GMT]
[Edited at 2009-10-08 17:54 GMT]
[Edited at 2009-10-08 17:55 GMT] ▲ Collapse
| | |
|
|
|
I am going to change my profile with this as a dynamic content.
| | | | | Pages in topic: < [1 2 3] | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Changes made to the way javascript is handled in ProZ.com profiles | Anycount & Translation Office 3000 | Translation Office 3000
Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.
More info » |
| | Wordfast Pro | Translation Memory Software for Any Platform
Exclusive discount for ProZ.com users!
Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value
Buy now! » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
