URl object is not created in IE when address bar is escaped - javascript

I've came across a weird issue...
with internet explorer, version 11 in my case, browsing to:
http://bus.gov.il/WebForms/wfrmLuz.aspx?SugTransfer=0&company=1&language=he&RovaDest=2109&DateTokef=09/07/2017&title=09/07/2017%20-%20%u05D9%u05D5%u05DD%20%u05D0&RovaSrc=3195&DayOrder=1&FromYeshuv=%u05E8%u05E2%u05E0%u05E0%u05D4&FromRova=%u05E8%u05E2%u05E0%u05E0%u05D4%20%u05DE%u05E1%u05D5%u05E3%20%u05D0%u05D5%u05D8%u05D5%u05D1%u05D5%u05E1%u05D9%u05DD&ToYeshuv=%u05EA%u05DC%20%u05D0%u05D1%u05D9%u05D1%20%u05D9%u05E4%u05D5&ToRova=%u05EA%u05DC-%u05D0%u05D1%u05D9%u05D1%20%u05EA%u05D7%u05E0%u05D4%20%u05DE%u05E8%u05DB%u05D6%u05D9%u05EA%20%u05D7%u05D3%u05E9%u05D4&hour=&width=1024
and then in the dev-tools console, running this command:
window.URL.createObjectURL(new Blob(["string"]))
results with an error.
This doesn't happen for other sites...
Does anyone have an idea what's going on? is this yet an issue with IE?
Thanks alot!

Works for me!
Tools>Internet Options>Security tab,
1. Click "Reset all zones to default"
2. Select the Trusted Sites icon, "Sites" button, remove the domain bus.gov.il from your list.... (the Trusted sites zone actually has a lower security profile than the Internet zone... IE has a security zone setting preventing navigation into a zone of lower integrity... https (the secure protocol) works just as well in any IE security zone.... The IE trusted sites list is mostly used by Enterprise users to allow navigation to business partner portals... there should be no need for home users to add sites to the IE Trusted sites list. Remove any other hosts from your IE Trusted sites lists. Ensure that Tools>Smart screen filter is turned on to prevent phishing attacks. https works in any IE security zone(your data is encrypted)
That site uses Flash. Ensure that IE's ActiveX filtering is turned off before you visit the site (Tools>ActiveX filtering).

Related

Change browser from Edge to IE with Javascript

I'm working on a website where (due to security settings in the users Windows desktops), the users cannot use the Edge browser.
Is there a work-around where I can 'redirect' the website to use Internet Explorer? In other words, ask it to perform the equivalent of run Internet explorer as an app and go to the same URL?
We will fix the issues on the website, but I don't want to get into the issues here, thanks.
-----edit-----
In this case the users have pre-packaged Windows 10 with non-standard security settings for Edge. Sadly I don't have control over the windows build and in a large company there are a number of hurdles before the corrected settings can be applied.
It's all well and good to let users choose their own browsers in normal situations, but in this specific case a solution is required.
I am happy to create a temporary "please use Internet Explorer page" but I was hoping a mime application type or other solution could suggest to the windows pc to run IE along with the same url the user is first accessing to make this more seamless.
Sites can't control whether to use IE11 or Edge, however Microsoft does allow specific sites to be white listed to only use IE11 using Group Policy. Here is Microsoft's page talking about it: https://technet.microsoft.com/en-us/itpro/microsoft-edge/emie-to-improve-compatibility

Google trusted store badge not showing in all browsers

The Google trusted store badge in not showing across browsers and platforms.
I can get it to show in Safari Mac but not Chrome or Firefox Mac.
I can get it to show in IE Win and Firefox Win but not Chrome Win.
I went through Google's implementation tips.
Doctype checks out.
Google's Tag Assistant validates on the page.
The test, Test Drive, of the js implementation in Trusted Stores works fine.
robots.txt is also delivered under ssl.
Any ideas?
Google response:
We are writing to you because we noticed a posting your team made asking about the Trusted Stores badge visibility on your site.
I can confirm that your account, qxxxxxxxxxxxxxe.com, is in good standing. The badge is not displaying for half of users due to a few-week experiment we are running with all merchants in the program.
We run experiments from time to time, as we are always looking to improve the user experience with your site and the program. For example, we have made improvements to the badge design and behavior, such as only opening the flyover on click (instead of mouseover).

Get your website classified as 'first-party' in Safari

I'm running into a major issue with Safari compatibility for my website. It's not an error per say, but apparently Safari classifies my website as 'third party'.
This means, that for me to set cookies (which is 100% necessary for my web app to run), the user needs to open up Safari preferences, click to 'Privacy' and opt-out of Safari's default setting. They need to set Safari's cookie policy from 'Block cookies from third parties' to 'Never block cookies'.
This is a terrible experience and means that probably most users who use Safari on my site will just navigate away because it's not working. I could pop up an info graphic to walk the user through the process, but come on... Most every other major browser (chrome, firefox, etc) takes an opposite stance and default to accepting all cookies.
Is there some application process to Apple that will get my website classified as 'first party'? Does it have something to do with SSL? Is it a CORS issue?
How do I get classified as a 'first party' website?
I think there is a conceptual misunderstanding here. A web site isn't first-party or third-party by itself, and there isn't some kind of list of these maintained by Apple. It is the third party in a specific context. When Safari blocks third-party cookies, what that means is that website www.aaa.com (the site the user is visiting) can't set (or retrieve) a cookie for www.bbb.com (a third party to the transaction between the user and www.aaa.com). I suspect you are doing something involving an iframe or otherwise including elements from one domain in a web page on another domain, and that is the source of the problem.

IE9 Javascript injection issue

I am facing some issue with Javascript injection on IE9 (>Medium-high security). In my application when user wants to add any web page to their bookmarks, they click a link, and it injects a Javascript into that page, this injected javascript grabs all details about page and redirect users to my site.
On IE9, it does not seems to be working with Medium-high security. I suspect this has to do something how IE9 handles cross-site javascript injection. But, was not able to find any relevant information.
Can someone please help or guide me to some related information.
Thanks
You may find this TechNet post useful, especially the row "Allow scripting of Internet Explorer Web browser control".
Apparently Internet Explorer doesn't allow scripts to control the web browser except on Medium-Low and Low security levels. Because of this, you won't be able to redirect the browser unless it's set to one of those two levels.
Perhaps instead of redirecting them you could add some kind of notification to the DOM and give them a link to your website?

Is there a way that I can detect if Firefox will open a particular URL in an IE tab?

I have a web page that links to another web application, which unfortunately only completely functions in IE, so, when viewing the original page with another browser (like Chrome or Safari) I display a warning that the application won't operate fully operate unless opened in IE.
Of course, some savvy users of Firefox have the IE tabs extension and have configured it such that the problematic web application always opens in an IE tab. These users would prefer it if my intrusive warning weren't shown for them as it is not necessary.
So, is there a way that my web page can detect that the URL will open in an IE tab? I presume it would require the extension to expose this information somehow as Firefox does not generally allow javascript access to settings for security reasons.
well I am not sure how FF's IE tab works but I assume they share cookies set a cookie when it is IE and check whether it exists and do not show the warning. This will only remove the warning after first usage if my assumption about cookies is correct.
Second is more hacky, use css :visited puseudo styles to detect whether your user has ever downloaded the XPI of firefox tabs.

Categories

Resources