Google trusted store badge not showing in all browsers - javascript

The Google trusted store badge in not showing across browsers and platforms.
I can get it to show in Safari Mac but not Chrome or Firefox Mac.
I can get it to show in IE Win and Firefox Win but not Chrome Win.
I went through Google's implementation tips.
Doctype checks out.
Google's Tag Assistant validates on the page.
The test, Test Drive, of the js implementation in Trusted Stores works fine.
robots.txt is also delivered under ssl.
Any ideas?

Google response:
We are writing to you because we noticed a posting your team made asking about the Trusted Stores badge visibility on your site.
I can confirm that your account, qxxxxxxxxxxxxxe.com, is in good standing. The badge is not displaying for half of users due to a few-week experiment we are running with all merchants in the program.
We run experiments from time to time, as we are always looking to improve the user experience with your site and the program. For example, we have made improvements to the badge design and behavior, such as only opening the flyover on click (instead of mouseover).

Related

Javascript Not Working on Android Default Browser

I am working on a web site that is served via a Mikrotik Router.
It's a site to provision internet for users up to 100m away.
When you connect to our Wifi, a sign in page is supposed to pop up where you enter your credentials to authenticate and use our internet.
For some weird reasons whenever the user tries to sign in, for android users the Android OS keeps on presenting their default browser to sign in on the Network. Unfortunately, it appears that the Javascript is not running on the native default Browser that popped.
I am not using any ES6+ features so I'm currently lost at what could be wrong.
When I previewed the Site on Google Chrome/Opera Mini and Phoenix Browser, the javascript is working very well.
I added this tag before the closing tag of my head element:
<noscript>
<div>
We're sorry but our site <strong>requires</strong> JavaScript to work.We recommend you use Google Chrome.
</div>
</noscript>
to be displayed if Javascript is disabled, but it is not even displaying.
I tried inspecting with Google Chrome devices inspection but it seems Google Chrome devices inspection only works with Google Chrome Mobile Browser(I might be wrong).
Any insight to fix this would be really appreciated.
Thank you.
I think you need to set setDomStorageEnabled(true)
for the webview settings.
You can read more about webview here:
http://tutorials.jenkov.com/android/android-web-apps-using-android-webview.html

How does Javascript Malware work?

I'm facing a problem with my Chrome on both Ubuntu 15.04 and Windows 10. It's some sort of malware named xnxx-ads.js. This malware opens unwanted tabs and plays advertisement audio on all sorts of pages. For instance, I might have a SO tab open with a speaker icon! playing ad.
The thing that is important to me (as a web application developer) is that how this malware works!? How can some script be loaded on a web page without it being addressed in the source? Is it because of a security hole in Google Chrome?
BTW, my Chrome is: Version 46.0.2490.86 (64-bit) on both operating systems.
[UPDATE]
My Chrome was just updated to Version 47.0.2526.73 (64-bit) and the problem remains.
To get mal-ware inserted into pages, you generally need one of these things:
If it is only on a specific site, it is possible that that site has been compromised and the content comes from the site already infected.
Something in your ISP is compromised and the content comes from your ISP already infected.
Something in your own network (e.g. router) is compromised and the contents arrives on your PC already infected.
A malicious program got itself installed on your computer and it is injecting things into web pages as they arrive on your computer (either by modifying the incoming TCP or by messing with the browser).
A malicious browser extension got itself installed on your computer and it is injecting things into web pages as the browser loads them.
The most likely options are 4 and 5.
You can probably rule out 1, 2 and 3 by checking the site on your phone or tablet while attached to your home network's wifi. If there is no infection on the web pages viewed on the phone or tablet, then it is not likely 1 or 2 or 3.
If you disable all browser extensions in Chrome and the problem still occurs, then you can probably rule out #5. If the problem goes away when you disable all browser extensions, then you probably have a bad browser extension.
In all cases, you should run a good malware detector. When something like this happened to my daughter's computer, Microsoft Defender did not detect it, but when I downloaded and ran the free Malware-Bytes scanner, it did find the problem and removed it.

Google Chrome Extension: access padlock/certificate info

Okay, a bit of an odd question here, but I'm doing a research project about what influences people to make trust decisions when they look at a website, and without going into all the back story here, I am developing a browser plugin for Google Chrome that identifies the elements that people look for the most in a web page and tries to give a trust rating for that page. One major bit of information is the security certificate and that nice green padlock you see in the omnibox.
I am new to Chrome extension programming and I've searched the Javascript Chrome APIs here: https://developer.chrome.com/extensions/api_index, but the omnibox seemed to only allow you to enter search terms. If it isn't possible, are there any alternative ways to see if Chrome trusts the certificate of the current page?
Question: Is there any API for getting info about the state of the padlock icon in the omnibox so that my application can know the state of that padlock icon?

How do I test the performance of my webpage

Are there any tools, websites that will allow you to test your website performance like load time, render time and what can be done to make it better. I know there is an addon called YSLOW for firebug. but I am just wondering if there is anything more than that.
New Relic does end to end monitoring. Standard version is free for Rackspace customers.
Most browsers have a built in inspector. At least Opera, Chrome, and IE.
Firebug for Firefox
Fiddler will help you inspect actual HTTP requests
Google's done some work with Page Speed
Of course you know about YSlow, which follow's Yahoo's Guidelines
Pingdom's monitoring solution will tell you worldwide how fast it can get TTLB, and they give you one free check.
Blitz will let you do load testing
Google Chrome - right click on a page on your website and choose "Inspect element"
Some Network stats for this page:
And an Audit on this page that shows possible optimizations:
My personal favorite: webpagetest.org, a free online service which allows to:
provide your URL (and username/pwd if needed)
choose browser (ie 7, 8 or 9, chrome or firefox, depending on location)
choose connection type
choose location from which to run the test
choose the number of runs
... (a whole lot of other configuration)
and which produces:
detailed view of each request (with nice graphs)
solid advice on how to improve

Will a chrome extension specified for a website running when I'm not visiting that site?

Suppose there is an extension for Google+, so when I'm visiting plus.google.com, it's running, but what happens if I close Google+ tab? Is it still running and consume my computer resource?
PS: I ask this because I'm wondering that if this is the truth, I can write an extension that enable or disable other extensions according to the website that I'm visiting, so maybe my Chrome would be faster
It depends.
The author of a Chrome extension can tell Chrome that the extension should only be active on particular websites. However, no matter the website you are visiting, the extension will always be running. To observe this phenomenon for yourself, hit Shift+Esc to display the task manager. Note the extension processes. You can see by trial and error that if Chrome is running, all of your enabled [background] extensions are also running.
The benefit of the Chrome extension developer specifying particular websites is that, even though the extension is always running, it will not receive event notifications for websites that don't apply to it - basically, it will be sleeping. So the effect is appreciable.
For more information about Chrome extension configuration options, see the Chrome extension manifest documentation here.
Edit: Please see Serg's answer re: modifying other extensions.
There are two types of extensions from resource consumption point of view - those that have a background page and those that don't. Permission warnings you see in the gallery don't give you any indication what kind of extension it is.
Extensions without a background page are consuming resources only (well, probably mostly) when used. Those with - consume memory always, plus might consume CPU depending on what they are doing there.
You can very easily write extension that disables all others with management api and the benefit from it will be noticeable on performance (I wrote one for myself actually).

Categories

Resources