Disable XSS Auditor in Google Chrome on MacOS X

I am working on an existing client website using a VERY OLD version of Microsoft Sharepoint. In some of the pages, I have to use a webpart to embed some Javascript code. The web admin is the only access I have to the backend — I don’t have access to the server environment to edit anything directly.

My problem is, with the JS code in place, I can’t edit webparts. Google Chrome throws up a XSS Auditor warning, and won’t let me proceed.

I get it. The XSS Auditor prevents cross-server scripting from compromising security. But in my case, I’m working in the backend of a Fortune 500 company’s intranet, and I need the XSS Auditor to get out of my way.

I finally found the code I needed to disable the XSS Auditor in Google Chrome on MacOS X.

  1. Quit Google Chrome if you have it running.
  2. Go to Applications > Utilities > Terminal.app and launch a Terminal window.
  3. Paste in the below code and hit return to launch Chrome with XSS Auditor turned off.

'/Applications/Google Chrome.app/Contents/MacOS/Google Chrome' --disable-xss-auditor

IMPORTANT:

Because we launched Chrome using a Terminal command, the Terminal is keeping Chrome running and logging errors for your information. So don’t close your Terminal window or quit Terminal before you’re done working, as that will exit Chrome.

Because launching Chrome using this method makes your browser vulnerable to cross-server exploits, be sure to quit Chrome and Terminal then relaunch Chrome normally before doing other stuff.

Hope this helps someone like me who Googled forever before finally finding the bit I really needed to get stuff done.

Adobe Flash Player Projector (stand-alone application)

Client wants to create an interactive flip book out of a static PDF created with InDesign CC. So easy! From InDesign CC, go to Export and set the format to SWF. Double-click the SWF, and … wah wah wah … no application is associated with the SWF. Because InDesign doesn’t create the EXE / application projector for you. You could open the SWF in a Flash plugin enabled web browser, but maybe, like me, you want to see it as a standlone without automatic scaling and other browser-related interface elements.

So. Annoying.

After some digging, I found what I needed hidden in Adobe’s Downloads page. Actually, on Adobe’s “Debug Downloads” page which says:

Screen Shot 2016-01-14 at 10.24.57 AM

 

Guess what, you’re a Flash developer.

Adobe Flash Player Support Center: Debug Downloads
http://www.adobe.com/support/flashplayer/debug_downloads.html

Click on Download the Flash Player projector to get the standalone application.

I’m so tempted to tag this as a #hack which is kind of isn’t. (Hey, what the heck.)

What version of Joomla am I running?

Your site — or your client’s site — has been hacked, and it isn’t functional. How can you tell which version of Joomla the site is running?

Look inside these files — and file location is your first clue:

Joomla! 1.0.x
/includes/version.php

Joomla! 1.5.x
/libraries/joomla/version.php

Joomla! 1.6.x
/libraries/joomla/version.php

Joomla! 2.5.x
/libraries/cms/version.php

Hack: Apple Magic Mouse plus Adobe InDesign equals frustration

If you’re like me, you use and love the Apple Magic Mouse, but once  you fire up Adobe InDesign the page zooms around randomly and you want to tear your hair out. No more!

Go to bettertouchtool.net and download the latest version of Better Touch Tool now!

Once you launch the app, you will want to open the app’s Preferences (command+control+option+O). Add a new application for InDesign specific settings.

With InDesign selected in the above pane, click the little cog icon next to “App Specific”.

You want to check the setting for “Disable single finger scrolling for ‘Adobe InDesign CS5′”. This turns off the crazy scrolling behavior in InDesign. You can still vertically scroll in InDesign, but use two fingers instead of one.

This is the best interface tweak I’ve found yet.

Joomla 1.7 hack – replace the META GENERATOR tag

In Joomla 1.7, the system automatically creates a META Generator tag that you might want to change or hide.

The default tag looks like this:

<meta name="generator" content="Joomla! 1.7 - Open Source Content Management" />

There is no way within Joomla to change or remove this tag, so you have to put a little line of PHP in your template.

Edit your template and look for this line:

<jdoc:include type="head" />

Just above that line, paste in the following:

<?php $this->setMetaData('generator','my site'); ?>

The two lines together should look like this:

<?php $this->setMetaData('generator','my site'); ?>
<jdoc:include type="head" />

In the above code, substitute your custom generator tag value in place of the words my site.

Because this hack is in your template, you don’t have to worry about the next upgrade to Joomla overwriting hacked core files.

Thanks to gabha.net for showing the way.

(This tip was originally posted on June 18th, 2009 for Joomla 1.5, but this hack is tested and working for 1.7, so I’ve updated and reposted.)

Update 21 January 2012:

Looking at this post’s comments, some people seem to be having trouble. In the following example, I’m using the Joomla 1.7 default template Beez2 – Default to illustrate further.

Editing the HTML of Beez2 – Default, you will see on line 36 is the opening HTML <head> tag, then on line 37 is <jdoc:include type=”head” />

We’re going to insert a new PHP command between line 36 and 37 — between the <head> tag and the <jdoc:include type=”head” />

Copy the following code:

<?php $this->setMetaData('generator','my site'); ?>

Then paste this code into the Beez2 – Default template code between line 36 and 37. Your code should now look like this:

To customize this,  you will replace your own value for the ‘my site’ value. In my case, I use my domain name.

Now, save the template and upload. Switch to your web browser, reload the page, and view the source.

Viola!

Joomla AllVideos plugin – preview or first frame image

If you’re using the JoomlaWorks AllVideos plugin on your Joomla site, you may want to know that as of version 2.5 (current version is 3.3 as of this writing) you CAN assign a poster image to your video. This is an undocumented feature as far as I can tell, and I only found the solution from this forum comment.

Place a .jpg image in the same folder as your FLV file. So if your video is myvideo.flv, post a matching file in the same directory as myvideo.jpg

To see this effect in action, watch the image preview load for the video posted on this page: http://www.hiltonstayconnected.com

ChronoContact “Daily Hints” bug

The current version of ChronoContact for Joomla 1.5 has a serious bug.

Once installed, the Forms Management tab in ChronoContact will display a white page preventing you from managing forms in the component.

jalal reported the issue on the Chronoengine forums, along with the solution he discovered on his own.

Re: Forms Management link not working
Postby jalal » Tue Dec 29, 2009 2:17 pm

OK, I’ve sort of fixed it for now.

I commented out line 37 in admin.chronocontact.html.php (which pops up the tooltip) and things work correctly now. More specifically, it is line 4820 in the same file that is causing the segmentation fault (“$rssDoc =& JFactory::getXMLparser(‘RSS’, $options);”).

If I get a moment I’ll see if I can figure out more, but the above gets things working for me.

cheers

Re: Forms Management link not working
Postby GreyHead » Tue Dec 29, 2009 2:46 pm

Hi jalal,

Ah OK it’s probably the “Daily Hints” — I’d forgotten about that problem. You can disable them from the Parameters Icon in the toolbar now that you can get into the Forms Manager.

Bob

Here’s hoping they remove this “feature” before releasing the final version…

Javascript navigation in PDF files

I’m currently working on an enhanced, interactive version of a 24 page brochure I designed. In the PDF, we’re adding web-like navigation items, including the standard previous and next buttons.

Going through this tutorial, the best bit is how to use Javascript to create forward/next buttons. Since the original post is from 2007, I wanted to blog it quickly for my own future reference. (For Javascripters out there, I’m sure this is old news, but for me this is a neat trick.)

Note that you can also use JavaScript to move to the next page. Use the Run a JavaScript action and type the following in the JavaScript Editor:

this.pageNum++;

this.pageNum--;

Thanks to acrobatusers.com for showing the way.

TweetDeck on Mac OS after Migration Assistant

Not sure how many other Mac users are going to have this problem, but it is worth blogging just in case.

A couple weeks ago, my laptop died. Once I got the replacement in, I used the Migration Assistant in Mac OS to restore my Time Machine backup.

Restoring from Time Machine should be done when formatting the computer, but in my case I am working remotely, didn’t have the Apple installer CD, and the laptop was up to date with the exception of my files, applications, etc. So Migration Assistant was my only real option without driving to the Apple Store and spending money I don’t need to spend.

Migration Assistant did a great job, but there are some oddities after migrating, since some aspects of your user environment are tied to your account name and the directory structure under /Users. And because I was essentially importing a previous admin account into a laptop that already had an admin account, I had to rename the account I was importing. This resulted in directory structure changes which Adobe Air and/or TweetDeck didn’t like.

After Migration Assistant completed, I logged out of the laptop’s new admin account and logged into my old laptop’s admin account, which is where all my files and other data are stored. The user environment looked fine, all my apps ran fine, etc. But TweetDeck balked. TweetDeck loaded but wouldn’t log into Twitter or display my settings.

Here is what finally fixed TweetDeck for me.

Go to this directory on all user accounts on your Mac OS computer:
/Library/Application Support/Adobe/AIR/

Delete this file:
eulaAccepted

Go to this directory on all user accounts on your Mac OS computer:
/Library/Application Support/Adobe/AIR/ELS/

Delete the folder named something like this:
TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1

Only after deleting these files on all user accounts did TweetDeck reset and let me log into Twitter. Happily enough, the settings for each of my TweetDeck columns was retained.

Hope this helps some other Mac OS / TweetDeck users. If this information helped you, please let me know.