Jump to content
TNG Community
jeff g

How do I hide mouseover links in the bottom left hand corner of the browser ?

Recommended Posts

jeff g

Hi!

Everywhere in my site seems to show the address to the location on hover.

Is there a way to hide mouseover links in the bottom left hand corner of the browser ?

It seems I saw a TNG site somewhere that did that.

very difficult or not too hard?

 

Thanks!

Jeff

:)

Share this post


Link to post
Share on other sites
jeff g

More readin seems it does not help much with security that the info can be obtained by other methods?

Am I just being paronoid? lol

OH! nevermind,

I see that if i copy and paste any of the links,

it shoots me back to the login page,

it does show some address structure which is all that i was concerned about.

Share this post


Link to post
Share on other sites
JRobison

That is the status bar and your browser places it there.

You can remove it from your browser only.

Others see it on their browser depending on their settings in the .css file.

Share this post


Link to post
Share on other sites
jeff g
16 minutes ago, JRobison said:

That is the status bar and your browser places it there.

You can remove it from your browser only.

Others see it on their browser depending on their settings in the .css file.

Jeff,

Thank you for your response :D

So the .css settings on my site

are not dictating the direction

of what is viewable in the status bar

when they go to my site;

From what you are saying?

Thanks 

Jeff :)

Share this post


Link to post
Share on other sites
XerxX

Jeff, I believe it's a user's browser thing. Your site can't remove the status bar from the visitor's browser.

It's done in a "local" browser css file - at least for Firefox.

 

There is a trick, though, but it's not a simple thing. If you go to my site https://xerxx.se and check the links at the index page, there is no status bar when you hover most of them.

This is because I use <span>s that look like links and then use a JavaScript onclick="a_function(parameter)" that triggers a form (POST) that goes to the selected page (the parameter).

There are very few <a href="... links at that page if you check the HTML source but lots of lines in this format:

<span class='formlenk' onclick="skickaVidare('302818');">Andreas Ramelius</span>

You will also find the function skickaVidare() and the form in the source.

(I do this to stop "curious" bots from leaving the index page - they can't follow onclick="...")

 

Cheers!

Erik

Share this post


Link to post
Share on other sites
jeff g

Eric!

Thanks!  :D

haha, it was your page that I marvelled at the effect.

As well, it is the kind of reasons as well that I wish to do such a thing.

 

1.

so the english version of such a thing is?:

<span class = 'formlink' onclick = "sendfurther ('parameter');">text of link</ span>

"sendfurther" I think is in error in my translation. (submit?) ==>

<span class = 'formlink' onclick = "submit ('parameter');">text of link</ span>

A) As well the parameter refers to the selected page that is numbered? (i.e. 302818) Does that page exist or is it arbitrary?

B) for each link on my index page (except TNG homepage, etc) the code would go within mytngstyles.css?

 

2.

A side note:

I did notice the bad bot code on your (index.php?) page.

Is that more powerful or just as good as the bot-trap mod that i use, or you use it in addition to the mod?

 

Thanks greatly!

Jeff

:)

Share this post


Link to post
Share on other sites
XerxX

Hello Jeff,

1 hour ago, jeff g said:

haha, it was your page that I marvelled at the effect.

I guessed so 😄

"send further" is not wrong, I think, or maybe "dispatch"..?


The numbers-only-parameter is the person ID w/o the "I" (the leading letter).

if ( !isNaN(p1)) {namn = "getperson.php?personID=I" + p1 + "&tree=tredNr2"; p1 = "*";}
...
document.getElementById("sidform").action = namn;
...
document.getElementById("sidform").submit();

The first line above builds the URL using the parameter (p1). The p1="*" is for later (= "don't add '.php' to the URL")

The second line places the namn ("name") variable into the form action (= where to send the form)

The third line submits the form.

 

The looks of the links is in mytngstyle.css = .formlenk { ... } ("formlink").

The links themselves are (mostly) generated by PHP when the persons are fetched from the database but for the menus they are hard-coded (in <div>s):

<div class="formlenk" onclick="skickaVidare('surnames');">List Surnames</div>

In this case, the function builds the namn variable by adding ".php" to the parameter - the p1 is not = "*" (remember above?) nor numeric at this time.

(I may have made this function un-necessarily complicated 😄 )

As a mod for this has to be more or less individually adapted I will not build one. But now you've got the "recipe"...

 

Regarding the bad bots link at the beginning of the <body>; it's a "honeypot trap".

Follow that link and your IP is added to a file that I check in log.php before any page is loaded. If I find your IP in the list, a PHP die(); is executed (= a blank page if you are human).

The link is not available for "normal" humans as it is placed off-screen. And if you read the HTML source-code (you're a "not-normal" human ;) ) you are warned.

 

Best regards,

Erik

Share this post


Link to post
Share on other sites
Bill Herndon

Very generally (from a user's security perspective) sites that deliberately try to hide the destination of links, or that disable a browser's hovertext for the destination URL should be avoided.  It used to be that the first step most attackers took when creating a malware download or click-bait site was to prevent a user's ability to determine the destination of links, and that was usually done with Javascript.  These days, there are dozens of more sophisticated ways to inject malware onto a user's machine, but the old advice is still sound:  If you can't see exactly where a link is taking you, on a web-page or in an email, don't click on it.

k/r

Bill Herndon

Lindell-Herndon Genealogy

Share this post


Link to post
Share on other sites
Ken Roy
6 minutes ago, Bill Herndon said:

Very generally (from a user's security perspective) sites that deliberately try to hide the destination of links, or that disable a browser's hovertext for the destination URL should be avoided. ... If you can't see exactly where a link is taking you, on a web-page or in an email, don't click on it.

Very good advice Bill.

Share this post


Link to post
Share on other sites
jeff g
22 minutes ago, Bill Herndon said:

Very generally (from a user's security perspective) sites that deliberately try to hide the destination of links, or that disable a browser's hovertext for the destination URL should be avoided.  It used to be that the first step most attackers took when creating a malware download or click-bait site was to prevent a user's ability to determine the destination of links, and that was usually done with Javascript.  These days, there are dozens of more sophisticated ways to inject malware onto a user's machine, but the old advice is still sound:  If you can't see exactly where a link is taking you, on a web-page or in an email, don't click on it.

k/r

Bill Herndon

Lindell-Herndon Genealogy

As well, Ken and Erik for the detailed explanation,

Thanks everyone for your advice. 

 😄

The view source for my index page, and inspect function:

all seem not as nailed down security-wise,

so that is why I started to worry about the hover-links as well....

If anyone cares to look at the source for my page, and let me know what i could do differently,

that is well appreciated. I know some of the source needs to be read and visible.

When I compare my source to other people who have been here awhile;

my source looks quite open.

 

Jeff  :)

Share this post


Link to post
Share on other sites
Ken Roy

Jeff,

If you disable View Source and figure out how to disable the Inspect Element, then you can forget about asking for help on this forum because we will not be able to help.  Both of those capabilities are needed for other TNG users to be able to help you with problems.

Put your paranoia back in its box :)

Share this post


Link to post
Share on other sites
XerxX

@Bill Herndon,

I think of those links like any kind of button in anything that may or may not look like a form: You never know where you are taken. But you click it.

But I admit I could have made them less cryptic by using the complete link as the parameter, to be viewed in the source.

Cheers! Erik

Share this post


Link to post
Share on other sites
jeff g
31 minutes ago, Ken Roy said:

Jeff,

If you disable View Source and figure out how to disable the Inspect Element, then you can forget about asking for help on this forum because we will not be able to help.  Both of those capabilities are needed for other TNG users to be able to help you with problems.

Put your paranoia back in its box :)

 😣True indeed! 

PaRaN😨iA back in da box.  

😜

Will focus on more constructive issues for my sites development.

Thanks all for you kind responses and help.

Jeff :)

Share this post


Link to post
Share on other sites
Bill Herndon
2 hours ago, XerxX said:

@Bill Herndon,

I think of those links like any kind of button in anything that may or may not look like a form: You never know where you are taken. But you click it.

But I admit I could have made them less cryptic by using the complete link as the parameter, to be viewed in the source.

Cheers! Erik

Erik,

Even buttons and other web-artifacts report their target links when they have not been augmented by Javascript (e.g., "onclick()") or generated using something like Flash.  Browsers are specifically engineered to display the links unless a user turns the facility off (...and I'm not even sure how you'd do that in Firefox or Chrome).

Quite the contrary, many of the best designed websites are very careful not to use Javascript or other technologies to obscure links, even when those links are the target of buttons or other artifacts.  It's one of ways you can tell that a popular site might be compromised:  If all the links are suddenly pointing to one location, or returning no information to the browsers hover facility at all, then there's a chance something bad is happening.  In fact, one technique for detecting tampering on sites is to do source comparisons from one day to the next (...it's actually done with hashes and digests, but that's just the mechanics of the thing).   

This general security issue is one of the reasons Flash has fallen out of the mainstream...too many security problems that couldn't be detected by users or administrators.

I'm not criticizing anybody's choice about how to design or augment their TNG website.  I'm simply providing the perspective of a cybersecurity engineer on the issue.

k/r

Bill Herndon

LIndell-Herndon Genealogy

Share this post


Link to post
Share on other sites
XerxX

Hi Bill,

From a security point I agree that it would be nice if all buttons and links show the destination.

1 hour ago, Bill Herndon said:

Even buttons and other web-artifacts report their target links when they have not been augmented by Javascript (e.g., "onclick()") or generated using something like Flash.

But a HTMLform "Submit" button is coded as:

<input type="submit" value="Go" />

(This is the TNG Login button at login.php) It doesn't show any link. The HTML code doesn't by default, as far as I know. I've checked many buttons in my TNG system now; none shows the destination.

Even the "Submit Reply" button, that I click to submit this reply, below this edit window doesn't show the destination - normal HTML:

<button type="submit" class="ipsButton ipsButton_primary" tabindex="2" accesskey="s" role="button">Submit Reply</button>

Please: How do I code a HTML button (Submit or whatever) to show the destination in the status bar?

Erik

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×