I'm developing a Django application and I'm trying to make it as accessible as possible.
According to an accessibility expert on my team, when displaying a form error it is best to give it focus, so screen reader software (i.e. JAWS) will read the page starting at that point instead of reading the whole page from the top.
Does Django provide a way to do this? The "errorlist" class renders errors in a bold red font but it doesn't do much else that I can see.
Thanks!
Ultimately, Django can do anything HTML can do--it's always possible to render your page with whatever markup you want.
That said, the default output for errors, as you've mentioned, does not automatically grab focus.
Related
Is there any magic why to do this in admin panel of django?
Let me know
Off the top of my head, you could use JS to grab the popup link and load the HTML in a div on the page. But that means you need to override the admin template. This QA should be helpful.
It also means you need to capture the saving of the new house. So, when someone presses save, depending on the response, the div either closes or shows the errors WITHOUT refreshing th page. I'm not sure but I think you'll also need to override the admin view that does this to send back json responses.
OR
You could use JS to mute that link and call up your own url, which would allow you to create your own view with your own custom form that does this. This would give you a bit more control without having to hack away at the Admin functionality.
e.g /house/ajax_add
You'll need to refresh the options in the House dropdown though. So I don't think you can avoid extending the template, now that I think about it.
It seems like a lot of trouble, really. No magic way that I know of, but it's possible.
To avoid popups, you might want to look at https://github.com/FZambia/django-fm:
Django-fm allows to create AJAX forms for creating, editing, deleting
objects in Django. This is a very personalized approach to quickly
build admin-like interfaces.
A live example can be found on http://djangofm.herokuapp.com/.
I'm not sure how this integrates with the current admin site, but with some changes it should not be hard.
We've been noticing an increase in number of broken links on our sitecore website.
Some it is due to
User Training
Publishing Issues (linked page is not yet published)
Maybe content editor issues
It's been hard to verify some of these but sometimes the link might have the authoring page URL (which means someone didn't follow the SOP), sometimes they have a strange url like /shell/Content Editor/...
So we are trying to proactively fix these before the pages go live.
I had a couple ideas like writing a Handler that would look through all "Rich Text Fields" and looking for inconsistencies (like authoring server URL). Also using a crawler-type of validator could help us (http://home.snafu.de/tilman/xenulink.html#Description) but we were wondering what the community was doing to address this issue.
The "internal link checker" usually works well but doesn't detect many of this erroneous setups (as I believe it sees them as 'external links').
Your input is greatly appreciated!
If you have RichText fields and create internal links, your internal link looks like this in the HTML view: "a href="~/link.aspx?_id=EB3AD128E7BF4F3C9F3812F701D7724E&_z=z" and when you hover with your mouse over it, is show "/Sitecore/Shell/Controls/Rich Text Editor/" before the ~/link.aspx. This is normal behavior. This link is modified to a normal link during rendering of the RTE field.
However, be sure to use the Sitecore controls like to render these RTE fields and to render links. Also using sc:fld() in XSLT instead of sc:field() can create strange links because sc:fld is rendering the raw value of the field.
In all of the Sitecore projects I have been working on, I didn't have much issues with broken links.
There is a known bug with copy-pasting links from a rich text editor, where path info is appended to the link (generating the /shell/Content Editor/ stuff).
Sitecore have a fix for it here:
http://sdn.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%206/ReleaseNotes/KnownIssues%20Recommended/Copying%20and%20pasting%20link%20in%20rt%20fields%20may%20break%20the%20link.aspx
I would suggest a new Validation Action added to the workflow command before the items are finalized. Then you could actively stop them from being published and give immediate feedback. If you're not using workflows, you could add a new item level validator, but those often get ignored in my experience -- too many false positives on the existing validators.
I am running ColdFusion MX, so I don't have the possibility of using the built-in cfimage Captcha functionality in my application, before form submitting.
But the problem is without captcha the bots submit the forms.
What will be best way to prevent automatic submitting?
Captchas don't have to be images!
Try one of the following solutions:
Most bots don't understand CSS. Create two submit buttons, the first with a value that will be rejected by the server, the second with a value that will be accepted by the server. Hide the first one using CSS.
Ask the user to answer a simple math problem. This will require you to create the math problem and store the expected solution somewhere (like the user's session), then compare the user's submitted answer with the stored answer. For extra protection, you can create simple addition, subtraction and multiplication questions. Avoid division, remainders are a pain for some users.
Bots read the names of form elements, and tend to ignore text labels. Try creating a checkbox named "optout" (like a newsletter), checked by default. Next to the checkbox, ask the user to uncheck the checkbox if they are a human. The opposite technique also works (unchecked checkbox that you ask the user to check).
All of these solutions can be done without third party code or API calls.
That being said, reCAPTCHA is pretty good and easy to integrate into almost any environment.
Take a look at cfformprotect - it will work with CFMX 6 and all later engines.
It aims to be fully accessible - and invisible to most users - with an assortment of methods to stop bots and spammers.
Also you might want to look at a CF wrapper for reCaptcha, which is compatible with CFMX 7.
A technique I used with a different technology was to use image buttons. Your POST handler gets the x,y co-ordinates where the images were clicked. I found the bots (which are just generating post requests) were passing 0,0 and by dropping those requests on the floor I brought the spam posts down to less than the real ones. Sorry that I don't know how to do that in CF but I hope the technique is useful to you.
Its always a good idea to do data validation on the server side before processing no matter which solution you use.
This post may help: http://www.bennadel.com/blog/405-Fully-Accessible-Spam-Form-Submission-Blocking-Using-ColdFusion-And-X-HTML-Version-III-.htm
How about using calculation method? Just like 8 + 5 = ?
OR
how about using ColdFusion.Ajax.submitForm?
A company I'm looking at claims to have made the website for an airline and a furniture store using Django, but when I look at the sites, there is no indication what the underlying web technology is. How can you tell?
This is quite an old question, but I don't see any canonical answers. As the other answers have noted though, there's no sure-fire way to know, and if someone wanted to hide the fact that they're using Django, they can. That said, you can always do a little detective-work and determine with some confidence whether it uses Django or not. If that's your goal, here are some strong indicators you can look out for:
Admin Panel
First and foremost, check if the site has a /admin/ page. If it does, and it gives that familiar Django admin login page, you're 99% sure (unless someone went through a lot of trouble to make it look like Django).
Forms
There are a number of things you can look out for in forms:
Form fields with id attributes starting with id_
Check for a hidden field with the name csrfmiddlewaretoken
If the site has a formset, check for -TOTAL-FORMS and -DELETE hidden inputs.
Cookies
If the site uses the contrib.auth package for authentication, you will probably see a cookie called sessionid being set when you log in.
Forms will also probably set a cookie called csrftoken.
Trailing Slashes
Trailing slashes after URLs, and/or redirecting you to the page with a trailing slash if you try to go to one without it. This is Django's default behavior, and to my knowledge not extremely common in other frameworks. Note, though, that it can be easily deactivated in Django.
Error Pages
Failing all this, or still not being convinced, you can try to force error pages, and try to learn something from that. Go to an unmapped URL with a 404 page, and see if DEBUG still happens to be true (in which case you should probably notify the owner that they're not being very secure about their site).
You can try a few things, such as attempting to find error pages, and checking the default location of the administration panel that Django creates, but overall there's no way to determine what technologies a given site is using.
See also: https://stackoverflow.com/questions/563316/is-there-a-generic-way-to-see-what-is-a-website-running-on/563335#563335
Look for the csrf input box. This is present on any forms. But this can be turned off though not very recommended. Also if it's an old version of django this may not exist. But if it's there it's a strong indicator.
This is present on any page that have a post form. And it looks like this:
<input type='hidden' name='csrfmiddlewaretoken' value='3b3975ab79cec7ac3a2b9adaccff7572' />
Navigate to a page with a formset, and check if there are *-TOTAL_FORMS or *-DELETE hidden inputs.
That doesn't prove that they are using Django, but might be a clue that they are (with the mentioned model formsets).
Try to navigate to some 404 error page, or something of that sort. Chances are slim, but try to find a default django error page.
You can also try to login to www.website.com/admin and see if you get the default django admin page.
Other than that, if that didn't work, then you just can't.
There are no reliable indicators to my knowledge but you could check the /admin/ URL to see if you get the standard admin app or sometimes the feed-URLs use a common prefix compared to a common suffix (although this might not be an indicator at all but just a preference of the developers).
Trying to trigger a debug page (either via a 404 or using some broken input that might case an internal error) might also be a good way (although this acts more as a test of competency of the original developers and admin than anything else :-) )
Could you ask the airline and / or the furniture store? I'm guessing that you want to know if this company has good experience in django, I think it is reasonable to ask for references if you are considering working with them.
The other companies may be quite happy to discuss what technologies were used - some are and some aren't, but it's worth asking.
As the title says on a website is it possible to tell if a user has viewed a portion of the page?
Will moving that portion to a separate iframe work? then if they scroll to the bottom, issue a get request for a small image file..forgot the name of the technique..
Update: It is called Web Bug..A Web bug is an object that is embedded in a web page or e-mail and is usually invisible to the user but allows checking that a user has viewed the page or e-mail. One common use is in e-mail tracking. Alternative names are Web beacon, tracking bug, tracking pixel, pixel tag, 1×1 gif, and clear gif.
If you are talking about to check if the user has actually viewed some part of the page you would need to install a web camera and track his eye-movement.
If you are talking about detecting how far the user has scrolled down the page, you can use Javascript to detect this in the OnScroll event. You can then fire some ajax to the server if you need to record this.
I'm not sure this would be ethical - but technically if you use javascript, you could detect the mouseover event of each paragraph tag in the document, and then AJAX that information back to the server. As the user scrolls down the page, they're likely to mouse over the paragraphs, and then you know at least approximately where they've read to.
Not reliably, no.
Simple example: I middle-click on a link, which opens it in a new background tab. I then decide against it, and close the tab without ever looking at it. Any JavaScript trick is going to report that I viewed everything above the fold.
More complicated example: A newbie user doesn't have the browser window maximised, and a portion of the browser window is off-screen. Any JavaScript trick is going to report as if the entire viewport is being viewed, so even restricting your query to only the cases where scrolling occurs will not help.
Unless you require a user action of some kind, all you will be able to tell is that they downloaded some portion, not that they actually looked at it.
Sure. Put that content inside a div, then in your html, with some javascript, capture the onmouseover event and do your work there. If they've put their mouse over something, it's a pretty safe bet that they've seen it, I'd say...
Hope this helps.