tda2806
Dialled in
Joined 12 years ago
User Profile
User Widgets
Contributions
Re: Not Prompted for Password
I asked AI to analyse the code on the login page WRT Chromebooks here's what is ahs to say: Here's a breakdown of potential issues: 1. Content Security Policy (CSP) and unsafe-eval / Nonce: Code: <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval' 'nonce-CkAsHyTu90SombQV';" /> Issue: While nonce is a good security measure, the presence of 'unsafe-eval' in the script-src directive can be a concern. Chromebooks are often used in educational or enterprise environments where security is paramount. Relying on unsafe-eval means the page is vulnerable to XSS (Cross-Site Scripting) if an attacker can inject code that then uses eval(). Chromebook Context: Chrome OS and its browser are built with strong security in mind. While this CSP is technically valid, unsafe-eval could be flagged in security audits and is generally advised against if possible, especially for critical login pages. A more robust CSP would aim to eliminate unsafe-eval entirely. 2. Older jQuery Version: Code: <script src="assets/scripts/jquery-3.5.1.min.js"></script> Issue: jQuery 3.5.1 was released in May 2020. While it's functional, it's not the latest version. Newer versions of jQuery often include performance improvements, bug fixes, and security patches. Chromebook Context: Modern Chrome browsers are constantly updated. Running older JavaScript libraries might occasionally lead to minor performance inefficiencies or compatibility issues with very new browser features, though it's unlikely to cause a critical failure. Keeping libraries updated is a general best practice. 3. Dynatrace RUM Agent (ruxitagentjs): Code: <script type="text/javascript" src="/ruxitagentjs_ICA7NVfghqrux_10307250124095659.js" ...></script> Issue: This script is for Dynatrace RUM (Real User Monitoring). While not an "issue" per se, it adds an external dependency and can contribute to page load time and resource usage. Chromebook Context: Chromebooks, especially lower-end models, can have limited CPU and RAM. Excessive JavaScript, particularly from monitoring tools, can consume resources and make the page feel less responsive, impacting the user experience. It's essential that such agents are optimized to be as lightweight as possible. 4. Hardcoded URLs and Environment Checks: Code: 'page_location': 'https://oauth.virginmedia.com/oauth/email_entry', "pageUrl": 'https://oauth.virginmedia.com/oauth/email_entry' + window.location.search, "environment": (window.location.hostname.indexOf('.dev.') == -1) ? "prod" : "dev", Issue: While common for analytics and debugging, hardcoding parts of URLs and relying on hostname checks (.dev.) for environment determination makes the code less flexible and potentially brittle if the deployment strategy changes. Chromebook Context: This isn't a direct Chromebook issue, but a general development practice concern. It highlights that the deployment environment is tied into the client-side code, which can be problematic for large-scale or continuously deployed applications. 5. Web Authentication API (WebAuthn) Implementation: Code: window.IsWebAuthnSupported = function IsWebAuthnSupported() { ... }, window.isWebAuthnPlatformAuthenticatorAvailable = function isWebAuthnPlatformAuthenticatorAvailable() { ... } Issue: The page checks for WebAuthn support and platform authenticator availability. Chromebooks generally have excellent WebAuthn support, often utilizing built-in biometric sensors (fingerprint on some models) or security keys (like YubiKey via USB-A/C). Chromebook Context: This is a positive aspect for Chromebook users, as it allows for strong, passwordless authentication. The implementation looks standard. The timeout of 1000ms for isUserVerifyingPlatformAuthenticatorAvailable is a reasonable check to prevent indefinite waits if an authenticator isn't present or responsive. 6. Touch/Mobile Detection for iOS (navigator.userAgent): Code: var iOS = /iPad|iPhone|iPod/.test(navigator.userAgent) && !window.MSStream; if(iOS) { document.getElementById("forgot-email-tag-ios").style.display="inline"; ... } else { document.getElementById("forgot-email-tag").style.display="inline"; ... } Issue: This code specifically targets iOS devices to show different "forgot email" links, potentially to handle iOS-specific browser quirks or deep linking. Chromebook Context: Chromebooks run Chrome OS, which is based on Linux and uses the Chrome browser. They are not iOS devices. This if (iOS) block will always evaluate to false on a Chromebook. Therefore, the else block will always execute, showing the non-iOS links. This is generally expected behavior, as the code is designed to differentiate. The "issue" isn't that it breaks, but that the iOS-specific code paths are irrelevant for a Chromebook. If there were any optimizations or specific UI/UX elements intended only for iOS that differ significantly from the "else" branch, Chromebook users wouldn't benefit from them. 7. Double Click Prevention on Sign-On Button: Code: $(document).ready(function(){ $('.ping-button-username').dblclick(function(e){ e.preventDefault(); }); }); Issue: This prevents double-clicking on the "Continue" button (.ping-button-username). This is a good practice to prevent multiple form submissions if a user clicks rapidly. Chromebook Context: No specific issue. This is a robust web development pattern. 8. Email Validation Regex: Code: var emailformat = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; Issue: This is a common and generally robust regex for email validation on the client side. Chromebook Context: No specific issue. Client-side validation improves user experience by giving immediate feedback, regardless of the device. Server-side validation is still essential for security. 9. Broken HTML Comments and Legacy JavaScript Comments: Code: `` `` `` (typo "forto") `` Issue: Minor syntax issues in HTML comments (-> instead of --> for Ping Protect jses) and potentially confusing commented-out blocks. Using language="JavaScript" is also an older attribute, though browsers ignore it now. Chromebook Context: Purely cosmetic/code hygiene issues. Will not affect functionality on a Chromebook. 10. onformchange Attribute (Deprecated/Non-Standard): Code: <input id="identifierInput" type="text" ... onformchange="inputfieldEmail();"/> Issue: The onformchange event is not a standard HTML event and is generally not supported across browsers. While some frameworks or custom implementations might polyfill it, relying on it directly is unreliable. It's likely intended to react when the form's state changes, but it's much safer to use standard oninput or onchange events on the input field itself, or to delegate events. Chromebook Context: Chrome browsers will likely ignore onformchange. The inputfieldEmail() function is therefore probably never called via this attribute. The blur event listener added later (identifierInput.addEventListener('blur', function(event) { return errorValidation(event); });) handles validation when the input loses focus, which is a more standard approach. This indicates potentially redundant or ignored code paths.Re: Can't login to my virgin media account
From what I have been able to determine after I kept getting this message on my Chromebook, it is an issue that VM are having with the enhanced security of a Chromebook. I cannot use my Chromebook to access the VM website. I use my Chromebook to remotely access a Windows computer and I get the infamous "oops" message when trying to access the VM website. If I access the Windows machine locally the message goes away and I can log in. This is a VM created problem for their apps and website, as I can use my VM credentials to log into SkySports without issue on any device including my Chromebook.Re: Unable to access My Virgin Media account via Chromebook
I have posted about this elsewhere. This is definitely related to Chromebook, I can even make it happen if I remote into a Windows computer from my Chromebook. I am unable to log into any VirginMedia app on my Chromebook or into the VM website, bizarrely I am able to log into the Sky Sports app on my Chromebook using my VM credentials. My best guess is that VM are trying something which breaks the Chromebook security as it still happens if I use Opera on my Chromebook. BTW VM support gets stuck in a loop as well, in 2 hours yesterday I was passed between 2nd line support and the gadget team 3 times!Not Prompted for Password
I am unable to access My Account on virginmedia.com. I enter my email address and after a short delay this is displayed: I never get an opportunity to enter my password. I have tried from multiple computers, multiple browsers and multiple ISPs (including Virgin) always with the same message above being displayed. My TV package includes SkySports and I am able to use my Virgin customer details to log into Sky Sports on the same computers that I am unable to access my account on the Virgin Media website. Customer support are blaming my configuration without giving any indication how I might resolve it, perhaps someone here can help?Re: New 1 Gb install - upload limited to ~85 Mbps
Some of us have had no upload speed increase at all, you're the first person who seems to be getting close to 104Mbps upload. my email said *We estimate that at peak times, the upload speed to the Virgin Media Hub, if you have Gig1 Fibre Broadband, will increase to 104Mbps. Download speeds will range between 565Mbps and 1072Mbps." no mention of a range up to just "will increase to 104Mbps." note the period after the 104Mbps seems like a definitive value to me!
