onresize wakeup call in older FF

[Csaba Gabor]

I want to be able to (vertically and horizontally) center an
image in a div that will fill up all space except for a fixed
height strip at the bottom of the page. The image should
maintain its original aspect ratio and be as large as
possible while not exceeding its original size, nor the
space limits of the enclosing div.

In FF, this can be achieved by having the main div actually be
two nested divs, divOuter and divInner. Set the max-height
and max-width of the image to 100%, and it works like a
charm for images whose height exceeds that of divInner.
However, short images will not vertically center (or at least I
never found a way).

The way I solved the 'short image vertical alignment' problem
was to detect when the image became "short" relative to the
view on it (divInner), and at that time, switch the display of
divOuter to table and switch the display of divInner to table-cell.

This combination functions nicely, thank you very much.
However, my way of detecting the transition point (of the
image going between tall and short, by virtue of div height
changing), by using window.onresize, does not work nicely
on onlder FF (1.5, for example) because the window's resize
event only fires when the mouse button has been released,
at which point the image will right itself.

Is there an event I could trap for which will somehow
indicate that a resize is in progress? For example,
window.onmousemove doesn't work since the mouse never
gets over the client window. At the same time, though, the
divs are being resized.

Thanks for any tips,
Csaba Gabor from Vienna

 

[Thomas 'PointedEars' Lahn]

[...]
This combination functions nicely, thank you very much.
However, my way of detecting the transition point (of the
image going between tall and short, by virtue of div height
changing), by using window.onresize, does not work nicely
on onlder FF (1.5, for example) because the window's resize
event only fires when the mouse button has been released,
at which point the image will right itself.

JFYI:

Firefox 1.5 met its end-of-life on 2007-04-13 CE with version 1.5.0.12.
Firefox 2.0 met its end-of-life on 2008-12-18 CE with version 2.0.0.20.
(Firefox 3.0 is going to meet its end-of-life on 2010-01-31.)

Per Net Applications data as of September 2009 CE, the market share of
Firefox 2.0 rates at 1.24%, of Firefox 1.5 at 0.14%.¹

These versions have a number of critical security issues not fixed. Updates
to Firefox 3.5 (current) are readily and freely available for all platforms
and operating systems.

Do not bother with jumping through hoops for those antiques. And do not
continue using them for everyday browsing!


PointedEars
___________
¹ <http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2>;
see also:
<http://marketshare.hitslink.com/browser-market-share.aspx?qprid=3>

 

[Thomas 'PointedEars' Lahn]

[...]
This combination functions nicely, thank you very much.
However, my way of detecting the transition point (of the
image going between tall and short, by virtue of div height
changing), by using window.onresize, does not work nicely
on onlder FF (1.5, for example) because the window's resize
event only fires when the mouse button has been released,
at which point the image will right itself.

JFYI:

Firefox 1.5 met its end-of-life on 2007-04-13 CE with version 1.5.0.12.
Firefox 2.0 met its end-of-life on 2008-12-18 CE with version 2.0.0.20.
(Firefox 3.0 is going to meet its end-of-life on 2010-01-31.)

Per Net Applications data as of September 2009 CE, the market share of
Firefox 2.0 rates at 1.24%, of Firefox 1.5 at 0.14%.¹

Looking at stats of my employer website (Sep 11, 09 - Oct 11, 09), I see
that FF2.0.20 constitutes about 1.72% of all Firefox clients. However,
that's 1,475 visitors — a rather large number that would be a shame to
just stop supporting.

No, instead it would be a shame to support them any longer, for the reasons
mentioned above and that you snipped. They can and SHOULD make the update,
and it does not really hurt if this gimmick does not work there. As Georg
Maaß put it so aptly in de.comp.lang.javascript (though it sounds better in
German): You can't teach a mice to dump a pile like an elephant; who needs a
pile as large as this, needs to get themselves an elephant.

And talking about employers, looking not only at the numbers but at all the
circumstances, I think you will have a hard time explaining to an employer
why they should invest money in a dead product.

Compare this to IE5.5 which shows exactly 3 visitors (out of total
230,149)

But although those people should update at least for security reasons too,
they might not have a real choice. Although doubtful, they might rely on
that MSHTML version for an Intranet business application, or there might
not be an update for their operating system (I haven't checked) and they
could not afford a new one. Totally different story.


PointedEars

 

[Thomas 'PointedEars' Lahn]

Thomas 'PointedEars' Lahn wrote:
Csaba Gabor wrote:
[...]
This combination functions nicely, thank you very much.
However, my way of detecting the transition point (of the
image going between tall and short, by virtue of div height
changing), by using window.onresize, does not work nicely
on onlder FF (1.5, for example) because the window's resize
event only fires when the mouse button has been released,
at which point the image will right itself.
JFYI:

Firefox 1.5 met its end-of-life on 2007-04-13 CE with version 1.5.0.12.
Firefox 2.0 met its end-of-life on 2008-12-18 CE with version 2.0.0.20.
(Firefox 3.0 is going to meet its end-of-life on 2010-01-31.)

Per Net Applications data as of September 2009 CE, the market share of
Firefox 2.0 rates at 1.24%, of Firefox 1.5 at 0.14%.¹
Looking at stats of my employer website (Sep 11, 09 - Oct 11, 09), I see
that FF2.0.20 constitutes about 1.72% of all Firefox clients. However,
that's 1,475 visitors — a rather large number that would be a shame to
just stop supporting.

No, instead it would be a shame to support them any longer, for the
reasons mentioned above and that you snipped. They can and SHOULD make
the update,

They *can*? And you know that how?

[...]

And talking about employers, looking not only at the numbers but at all
the circumstances, I think you will have a hard time explaining to an
employer why they should invest money in a dead product.

Are you being serious right now?

Deadly serious. If you read here longer, you know me as a person who does
not make recommendations lightly to deprecate a certain browser (version).
But when making design decisions, one needs to differentiate between
products that are used and for which there may be no viable alternative, and
products that have officially reached their end-of-life and have been
replaced by readily (and freely) available better alternatives.

This goes especially for versions with security leaks, as you might remember
from my recent exchange with VK: Should there be an obsolete version of IE 6
that exhibits the .type bug (for which sufficient proof is still needed), it
would be for the better not to support it. Because then the people stupid
enough to still use it were hopefully pushed to make the long overdue
update, thereby shutting one more gateway for Windows exploits that would
ultimately harm others. IE 6 is still supported (though vendor support will
hopefully end by 2010-04 CE), and security updates can be downloaded for
free.

For another alreadly oft-cited example, it was only due to VIP customer
demand that we rewrote a Web site's stylesheet to deal with Mac IE 5 two
years or so ago. We would not have dreamed of making that adaption at
first, because Microsoft development and support of that version ended in
2005 CE (it appears that the document explaining that even vanished by now,
except for Web archives), and rightly so. Because it was and is not our
job to burn our company's money. Indeed, by complying with that demand we
might have have actually harmed ourself partially, and our customer and
other people in the mid-term without wanting it, and without them knowing
it, because they may have continued to use that outdated insecure piece of
software till today. At least we told them that this is a stupid idea (in
more polite words), and the hardware running it is going to fail some day,
so there is hope yet.

You don't need much investment in supporting FF2-equivalent Gecko-based
clients — not from the client-side scripting point of view.

Then it should be no problem for you at all to solve Csaba's problem.
Shall I count the seconds? Or are you willing to concede that it might not
be that easy to do, and may require considerable expenses to no foreseeable
advantage to *anyone* in the mid-term?

Or they might not even know what "browser" is and what "update" means.

That's another possibility. You can't guard against human stupidity.


PointedEars

 

[Jorge]

(...)
Yes, and I'm not going to tell user to go buy product in someone else's
store, just because he/she is not "smart" enough to know what browser is
(unless the cost of supporting her browser outweighs benefits I get by
doing so).

It's a pity, because that is exactly the reason why there are still so
many IE6s hanging around the web...

 

[Thomas 'PointedEars' Lahn]

Thomas 'PointedEars' Lahn wrote:
kangax wrote:
Thomas 'PointedEars' Lahn wrote:
Csaba Gabor wrote:
[...]
This combination functions nicely, thank you very much.
However, my way of detecting the transition point (of the
image going between tall and short, by virtue of div height
changing), by using window.onresize, does not work nicely
on onlder FF (1.5, for example) because the window's resize
event only fires when the mouse button has been released,
at which point the image will right itself.
JFYI:

Firefox 1.5 met its end-of-life on 2007-04-13 CE with version
1.5.0.12. Firefox 2.0 met its end-of-life on 2008-12-18 CE with
version 2.0.0.20. (Firefox 3.0 is going to meet its end-of-life on
2010-01-31.)

Per Net Applications data as of September 2009 CE, the market share
of Firefox 2.0 rates at 1.24%, of Firefox 1.5 at 0.14%.¹
Looking at stats of my employer website (Sep 11, 09 - Oct 11, 09), I
see that FF2.0.20 constitutes about 1.72% of all Firefox clients.
However, that's 1,475 visitors — a rather large number that would be a
shame to just stop supporting.
No, instead it would be a shame to support them any longer, for the
reasons mentioned above and that you snipped. They can and SHOULD make
the update,

They *can*? And you know that how?

<http://getfirefox.com/>

That much is clear.

However, availability of certain browser upgrade is only part of the
equation. Users *might not have privileges* or *knowledge* to perform
that upgrade. And I will arrogantly tell them to upgrade or go somewhere
else?

In this case, it is not arrogance, but an informed design decision.

No, thanks.

Your problem.

"Stupid enough to still use it"? Well, that's just a gross labeling.

No, and <http://www.mozilla.org/security/known-vulnerabilities/> pp., among
others, tells why. In a nutshell:

| Firefox 1.5 is no longer supported and the last update, Firefox 1.5.0.12,
| is affected by several vulnerabilities fixed in newer versions of the
| program. All users are urged to upgrade to the newest version of Firefox.

These vulnerabilities are listed in the Advisories for Firefox 2.0, 3.0 and
3.5.

In fact, people still using the old versions would probably be bothered now
and then with a built-in dialog that tells them (why) to make the update
(and assist with doing that), for a good reason. Even their default home
page would say so (both in Firefox and IE). Ignoring all those hints and
recommendations, and disabling automatic security update, and not updating
manually then, is stupid at best.

As I understand, the "problem" is that user experience is somewhat
degraded on older FF, due to resize firing once and so images not being
aligned dynamically.

I don't see this as part of base functionality and would leave it
(degraded experience) as is.

Then we do agree after all.

Yes, and I'm not going to tell user to go buy product in someone else's
store, just because he/she is not "smart" enough to know what browser is
(unless the cost of supporting her browser outweighs benefits I get by
doing so).

But the cost for the upgrade is 0 (in words: ZERO) credits in this case
(possible costs for maintaining the Internet connection or to buy a computer
magazine that features the latest versions on its CD aside). They do not
need even need another operating system, let alone a new computer.

The case is fundamentally different, for example, with Netscape 4 or IE 6.


PointedEars

 

[Csaba Gabor]

kangax wrote:
Thomas 'PointedEars' Lahn wrote:
kangax wrote:
Thomas 'PointedEars' Lahn wrote:
Csaba Gabor wrote:
[...]
This combination functions nicely, thank you very much.
However, my way of detecting the transition point (of the
image going between tall and short, by virtue of div height
changing), by using window.onresize, does not work nicely
on onlder FF (1.5, for example) because the window's resize
event only fires when the mouse button has been released,
at which point the image will right itself.
JFYI:
Firefox 1.5 met its end-of-life on 2007-04-13 CE with version
1.5.0.12. Firefox 2.0 met its end-of-life on 2008-12-18 CE with
version 2.0.0.20. (Firefox 3.0 is going to meet its end-of-life on
2010-01-31.)
Per Net Applications data as of September 2009 CE, the market share
of Firefox 2.0 rates at 1.24%, of Firefox 1.5 at 0.14%.¹
Looking at stats of my employer website (Sep 11, 09 - Oct 11, 09), I
see that FF2.0.20 constitutes about 1.72% of all Firefox clients.
However, that's 1,475 visitors — a rather large number that
would be a shame to just stop supporting.
No, instead it would be a shame to support them any longer, for the
reasons mentioned above and that you snipped.

Let's just list those 'reasons':
Earlier Thomification: >
This is very hand wavy without a link to the specific issues.
Security issues is sort of a cousin to terrorism in that
when people cite it, they expect others to bow down in
front of them and solemnly nod in agreement. But it turns
out [citation: personal research] that most people who cite
security without stating (a) specific concern(s) are
unaware of the issues themselves.

Critical in most situations is taken to mean that if
something is not done, harm (bad consequences) will follow.
So let's consider the class of people who still have FF1.5.
These are people who have lived with this browser, one
way or another, without suffering bad consequences (or if
they did, they have put up with the consequences). In
short, these changes are self evidently NOT CRITICAL to
this class of people.

How can this be? After all, FF and other vendors are
making 'critical' fixes all the time. Generally, for a
malicious agent to take advantage of insecurities requires
that one actively navigate to a specific site for the
exploit to be applied. For conservative users, the risk
is therefore small. In addition, if one makes it past
a certain time, just as there is a decline in support of
the older browsers, so will malicious agents also target
obsolete browsers less and less, since their success
ratio/profit would be commensurately lessened.

'Critical security issues' may be a valid reason for an
arbitrary user of a current browser to upgrade, but it is
a false reason for a user of a long time obsolete browser.
For my own part, I have not suffered any infestation as a
result of my use of FF 1.5 (that I am aware of).

This, of course, is not a reason.

Oh, yes yes yes! Thomas, Thomas, Thomas, how can I thank you
for pointing this out to me? I will change my behaviour right
away, just on the strength of your (non) argument and command.

Do you really think that somehow I have escaped noticing that
FF 1.5 is obsolete, and that your dogmatic telling me not to
use it is going to change my behaviour? You do not know my
circumstances (I say that with surety as your past assertions
have a dismal track record) nor my reasons. In fact, there
is good reason for change, but it is not for what you cited.

In point of fact, I am not developing for FF 1.5 per se, but
I am developing on a machine that has FF 1.5 (which I do use
for my everyday browsing), and therefore would like to be
able to see the pages with that browser.

Secondly, though there have been many changes from FF1.5
to FF3, I was pretty happy with web sites in general at
the time that FF1.5 was current. What I am saying was
that already at that time, the web was well developed. The
conclusion is that for the vast majority of presentation,
THERE IS NO COMPELLING (ie. business) REASON NOT TO DEVELOP
FOR FF1.5. The post FF1.5 model is warranted if there is
a business reason to cut off obsolete users. Fiddling
with bits and image presentation might be such a reason.
Cross domain window communication (that is coming back!)
between cooperating pages might be another.

Indeed. There are many reasons why *can* might not be possible/
practical. In my case there are two driving forces against. First,
my machine with FF1.5 is maxed out on hard drive space, and there is
no amelioration prospect till the end of the year. I do not have the
liberty of installing additional (or even replacement, which always
increase in size) apps. Secondly, I have a GM app which turns
textareas into emacs buffers (so that emacs editing commands are
available for each textarea) which will not work on FF3.5 (without
significant porting).

In this case, it is not arrogance, but an informed design decision.

I haven't ever heard someone admit to being arrogant (at the time).
Though I have known a few people who commented that they were arrogant
when they were younger.

Your problem.



No, and <http://www.mozilla.org/security/known-vulnerabilities/> pp., among
others, tells why. In a nutshell:

Ah, there it is, the reference to the original
critical security issues mentioned at the outset.
Specific references are always appreciated, thanks.

| Firefox 1.5 is no longer supported and the last update, Firefox 1.5.0.12,
| is affected by several vulnerabilities fixed in newer versions of the
| program. All users are urged to upgrade to the newest version of Firefox.

These vulnerabilities are listed in the Advisories for Firefox 2.0, 3.0 and
3.5.

In fact, people still using the old versions would probably be bothered now
and then with a built-in dialog that tells them (why) to make the update
(and assist with doing that), for a good reason. Even their default home
page would say so (both in Firefox and IE). Ignoring all those hints and
recommendations, and disabling automatic security update, and not updating
manually then, is stupid at best.

Besides the reasons I've given above, there is a general reason
not to switch which is that things tend to break when you switch.
And if you have something that is evidently sufficiently working,
you have to make a pretty strong argument for change. And "It
will be better for you" is a weak argument along with "you'll
have security issues" when both have been shown to be consistently
false based on personal experience over the course of many years
and upgrades. In short, false claims of smooth upgrades in the
past and crying wolf causes some to be skittish about change.

I can say all the above because I know myself and my behaviour
with regards to web surfing. If my machines are used by others,
whose behaviour I would of course not know, in that case I am
obliged to have the latest upgrades.

The advantage would be to me.

Indeed. I hooked all the event handlers I could
think of to the image, containing div, window, and body,
and none of them fired while the window was being
resized on FF1.5. Furthermore, I didn't detect
mousedown.

I also came to this conclusion, that I could implement
the desired functionality with a window.setInterval (polling),
but I figure that it's not worth the effort, as this
was a minor detour in the first place.

Then we do agree after all.

That's not my read. In any case, it's
not what one says, it's how one says it.

Here's what I read (ie. It's roughly what filtered through to me):
I don't know the answer to your question, but since you're using
FF1.5+ maybe you're not aware that it has been obsolete for a long
time, and for good reason. Nobody should be using it. Don't you
use it, either. You are stupid (beacuse you have been using it).
Thus, I'm telling you to not fix the problem you asked about.

Here's what filtered through to me from kangax:
I don't know the answer to your question, but the number of people
using FF1.5 is small, though possibly significant to you. On
second thought, you might be able to address your problem via
polling (ie. timer) if you really want, but isn't the
functionality as it stands sufficient?
Thus, I suggest not fixing the problem you asked about.


Oh, I would say there is a huge amount of
effort to guard against exactly that.

But the cost for the upgrade is 0 (in words: ZERO) credits in this case

Not at all, as discussed above. There is always a potential
liability with an upgrade including data loss and app compatibility

There is however one (eventually) compelling reason for upgrading.
More and more sites will remove support for older browsers. For
example,
FF 1.5 as of about two weeks ago is no longer able to see facebook
messages, nor search for persons on facebook. This is functionality
that was there. It seems strange to me to remove functionality that
was earlier working - I have to wonder if it's an accident of not
testing an upgrade or a conscious descision, but it happens. Facebook
is just the most recent example that I noticed. The more FF1.5
degrades, the less I will be using it. But it's not a bad idea to
keep
a copy around so that I can avoid these types of situations, where
practicable.

 

[Richard Cornford]

It's a pity, because that is exactly the reason why there
are still so many IE6s hanging around the web...

No it isn't. The most significant reason for IE 6's continuing to be
relatively common is that during the time when it was not updated many
businesses invested in internal/Intranet web applications that were
written on the basis that their sole environment would be IE 6, and so
may not work (at all or properly) with later IE versions. These
businesses then become reluctant to upgrade their internal desktop
browsers because the correct/predictable operation of those web
applications are important (or even critical) to their business
activity.

Even before the question of whether some internal web application will
need work in order to become compatible with an updated desktop
browser there is the question of testing it with that browser in order
to verify whether it works (correctly). This testing process consumes
resources (personnel to do the testing and time), and it isn't
necessarily just a matter of loading the application into the new
browser and seeing if it looks like it works OK. If it is business
software it becomes important to verify that it actually is doing what
it is supposed to do in every regard.

A client of my employer's, a US bank (who will not be named for
confidentially reasons) started the process of updating their internal
desktop browsers from IE 6 at the beginning of this year, by starting
to test their Intranet applications, and do not expect to finish
before the end of the year. The process takes this long because they
have a large number of Intranet applications to test and are testing
them rigorously, which is understandable given that these applications
handle very large quantities of money (often other people's money) and
so even small unnoticed inconsistencies could prove very expensive. (I
have seen (at a UK bank and years ago in this case) one stray mouse
click combined with one ill thought out line of javascript cost a
business 48,000 pounds in an instance.)

After the testing comes the question of what to do if the business's
Intranet applications do not work (or do not work properly) with the
new browser version. The odds are that they were created in accordance
with their specification/requirements and that those did not require
compatibility with unreleased browsers so the expense of midification/
repalcement will fall on the business wanting to update its browsers.

Under the circumstances (and given a recession) it is not at all
surprising to see a general reticence to set about upgrading internal
desktop browsers in business. After all, they are unlikely to see any
side effects of forcing their employees to use an 'outdated' browser,
when they want to browse the Internet while at work, as their
problem.

On the other hand, people involved in e-commerce on the Internet are
likely to consider the employees of large business such as banks and
the like as being in their "target audience" (even while at work), as
for most the real definition of a "target audience" is 'anyone who has
the money to pay for our products and services', and employees of
large businesses stand a reasonable chance of having enough money to
qualify.

Richard.

 

[Jorge]

(...)
(I
have seen (at a UK bank and years ago in this case) one stray mouse
click combined with one ill thought out line of javascript cost a
business 48,000 pounds in an instance.)

How was that ?

(...)

They could use IE6 just for the intranet app, and a current up-to-date
browser to surf the web. But they won't until they find their IE6s to
be incompatible with a substantial part of the web. In order to help
that happen you should not support it anymore.

 

[Richard Cornford]

How was that ?

It was a share trading system; the stray mouse click turned one
agreement to purchase n shares into two agreements to purchase n
shares, but the trader was only shown one confirmation. Granted the
server-side code could (and should) have been in a position to reject
the second request (on both the purchaser's side and the seller's
side), but the javascript was supposed to be there to stop that, and
it did fail.

Fortunately my responsibility did not extend beyond investigating what
had happened, because heads rolled.

They could use IE6 just for the intranet app, and a current
up-to-date browser to surf the web.

No, because you cannot give the users an alternative web browser and
then rely on them not using it for the Intranet applications, which
may well appear to work with that browser but actually exhibit
precisely the sort of subtle issues that the extensive testing is
supposed to identify.

But they won't until they find their IE6s to
be incompatible with a substantial part of the web.

Employers probably won't care in the slightest how well the web in
general works with the desktop browser they use internally. For them
their employee's facility to access the Internet at work is largely a
privilege, at least wherever it goes beyond things like business
related research and the like.

If the staff cannot spend their time making purchases through Amazon,
watching videos on youtube, or messing about with facebook then maybe
there is something more productive they could be doing instead.

In order to help
that happen you should not support it anymore.

I can assure you that my employers are not going to be turning down
customers for no better reason than the desktop browser they elect to
use. We are in the business of selling software to businesses, and at
this time IE 6 only set-ups are in the majority among our existing
client by a very wide margin.

Richard.

 

[Jorge]

It was a share trading system; the stray mouse click turned one
agreement to purchase n shares into two agreements to purchase n
shares, but the trader was only shown one confirmation. Granted the
server-side code could (and should) have been in a position to reject
the second request (on both the purchaser's side and the seller's
side), but the javascript was supposed to be there to stop that, and
it did fail.

Fortunately my responsibility did not extend beyond investigating what
had happened, because heads rolled.

Oops

No, because you cannot give the users an alternative web browser and
then rely on them not using it for the Intranet applications, which
may well appear to work with that browser but actually exhibit
precisely the sort of subtle issues that the extensive testing is
supposed to identify.


Employers probably won't care in the slightest how well the web in
general works with the desktop browser they use internally. For them
their employee's facility to access the Internet at work is largely a
privilege, at least wherever it goes beyond things like business
related research and the like.

If the staff cannot spend their time making purchases through Amazon,
watching videos on youtube, or messing about with facebook then maybe
there is something more productive they could be doing instead.
Right.


I can assure you that my employers are not going to be turning down
customers for no better reason than the desktop browser they elect to
use. We are in the business of selling software to businesses, and at
this time IE 6 only set-ups are in the majority among our existing
client by a very wide margin.

Ok.