Google Quashes 13 Chrome Bugs, Adds PDF Viewer

CWmike writes "Google on Thursday patched 13 vulnerabilities in Chrome 8 (stable), and debuted Google's built-in PDF viewer, an alternative to the bug-plagued Adobe Reader plug-in, and included support for the still-not-launched Chrome Web Store. The 13 flaws fixed in Chrome 8.0.552.215 are in a variety of components, including the browser's history, its video indexing and the display of SVG (scalable vector graphics) animations. Next up: Adobe and Google have collaborated to put the Flash Player plug-in inside a sandbox within the dev build of Chrome, an effort by the two companies to better protect users from attacks."

-13 +1

[larry+bagina]

so they fixed 13 bugs and added 1 new one?

Re:-13 +1

The problems with pdf security are either due to the latter standards that allow excusable to be imbedded or due to poor security in the adobe and apple readers. You never hear about evince or ocular being a security risk.

Re:-13 +1

You never hear about evince or ocular being a security risk.

You never hear about it because no one uses either of those.

Re:-13 +1

You never hear about evince or ocular being a security risk.

Security through obscurity at its finest!

Re:-13 +1

WTF!

Re:-13 +1

I work at a top 20 law firm in the US. We are testing replacements for Adobe reader. For as big and lumbering as we are, we still see the need to get away from Adobe and get away fast. In the legal field, IT departments collaborate best practices and experience with other law firms on many different levels and is basically monkey see, monkey do. If we are doing it, I know many other big law firms are considering replacements as well.

Re:-13 +1

[CRCulver]

You never hear about evince or ocular being a security risk.

Security patches for poppler, the library that evince is built upon, are issued fairly regularly.

Adobe

[MrEricSir]

So Adobe didn't mind helping Google, even while Google was developing a replacement for Acrobat Reader?

Seems a little odd to me.

Re:Adobe

Adobe doesn't care about competition for reader.

Re:Adobe

[Guillermito]

Adobe makes money with PDF authoring tools, not with reader. Since PDF is marketed as a universal format, I guess it is in Adobe's best interest for end users to have a seamless experience accessing PDF content in every possible platform.

Re:Adobe

The odd part, to me, is that Google makes their own PDF reader to replace Adobe's shitty, bloated, bug-ridden piece of shit (probably good for the security and privacy of Chrome users), yet not too long ago they decided to start bundling Flash with their browser (translation: poorer security by default).

Which pretty much confirms my suspicions that including Flash was a marketing stunt to begin with--even if they would argue that by including it upon install, its updates will be handled automatically by Google Update, making it "safer" than if the user manually installed it and had to keep it up to date themselves.

Because I like being on cutting edge...

[McNihil]

Just tested it with chrome 9.x... the pdf rendering is ridiculously fast.

Re:Because I like being on cutting edge...

Yeah, was just testing that myself. It seems fast but about the same speed as the GNOME viewer so nothing new per se. I'm not sure how that compares to Acrobat because I don't have it installed.

Personally I have never wanted to view a PDF inside the browser so I'm not sure why so many people think it's important. This does seem to work better than the embedded Acrobat in the browser though if you're so inclined.

Re:Because I like being on cutting edge...

[larry+bagina]

Acrobat is slow. Imagine if your computer was unusable for 30 seconds because you accidentally clicked on a pdf link. Acrobat is worse than that.

Re:Because I like being on cutting edge...

[FrootLoops]

Personally I have never wanted to view a PDF inside the browser so I'm not sure why so many people think it's important.

It's nice to have PDFs alongside my other tabs. It reduces the number of windows I have open by 1 per PDF, if I already have at least 1 other tab open. This is a small thing that wouldn't really bother me if it stopped existing one day. Also, some sites display PDFs mixed with HTML on the same page. It's probably not great style, but such is life.

Re:Because I like being on cutting edge...

so I have chrome 9.0.576.0 and xpdf 3.02 and just scrolling through a few PDFs i have lying around i would say that chrome is 2~ to 3~ faster than xpdf.

I wouldn't describe either of them as 'ridiculously fast', my crappy macbook (not pro, core 2 duo era thing) is probably 3~ faster than chrome on my 2-way 3.3GHz xeon.

Re:Because I like being on cutting edge...

[SanityInAnarchy]

Because the alternative, at least in Chrome, is obnoxious -- it doesn't have the option to download something to a temp folder and open it. Instead, if it sees anything it can't handle itself, either internally or with plugins, it's going to download it, automatically and instantly, cluttering my download folder to hell. It's especially bad when people put PDFs in iframes...

Acrobat actually isn't that bad, it's mostly the startup time that's a killer, but this is an improvement all around.

Re:Because I like being on cutting edge...

Agreed. I deal with PDF a lot and the first thing I'd do with any machine where I needed to use them was install something like PDF XChange. That's what I'd be comparing the Chrome viewer to, not the god awful Acrobat Reader.

Re:Because I like being on cutting edge...

[Godskitchen]

Man, this post reeks of Google fanboy-ism.

From "bug-plagued" in the summary to "ridiculously fast" here... sheesh... I use acrobat reader on multiple OS's with multiple browsers and never had a problem. Seriously if a PDF takes 800 ms vs 900 ms to load a document, does it really matter?

Re:Because I like being on cutting edge...

[Bacon+Bits]

It does render very fast, but certain things were just awful when this was present in the Dev channel and convinced me to disable the thing. Last time I played with it, selecting text to copy and paste worked dreadfully. Letters would be dropped or the text would select in unpredictable ways. Additionally, printing the PDF resulted in something that looked exactly nothing like the PDF document I was using. I found the latter particularly silly given the design intent and implementation of the PDF document format (ostensibly a PostScript printer file with extra metadata). I was also particularly annoyed that there was no way in the Dev version to save the PDF to file rather than merely view it. (At least, none that I could discern.) This made it more irritating than not when you wanted to download a PDF to store for later or to distribute to others.

So while it's great for viewing, I found it limited and the inability to save meant that you couldn't easily fall back on a thicker PDF reader when the browser-based version failed.

Re:Because I like being on cutting edge...

[mcrbids]

IT'S ABOUT F!~@#NG TIME!!!

My small company develops document management systems for education. PDF is the standard of choice because it's open and cross platform. The problem is that Adobe sucks so horribly bad that we've actually taken to recommending Foxit as a "better than" solution, even though it has its own set of warts. Sure, Adobe makes its money on Acrobat, and the Adobe reader is a gimme, but why couldn't they make the gimme actually work?!?!?

Rendering a PDF inline works less than 30% of the time among installed base users who have Adobe Reader installed by our own internal survey. Thus, for our needs, Adobe gets this wrong at lesat 70% of the time!

We've actually found it much more useful to render "inline" PDFs as a PNG rendered via ImageMagick (even though it's blurry and adds .2 seconds of rendering time because it actually WORKS in most end user browsers) than to show it as a rendered inline PDF using Adobe among customers with Adobe Reader already installed!

How a multi-billion dollar company can get something so basic (show a vector format as a plugin) so horribly wrong is beyond me, but when they get their asses handed back to them, they will have earned it.

Adobe? Are you listening?!?!? Because I'm telling you: it's easier to find a very second-rate way to display a PDF than it is to use your product because it sucks so badly!

Re:Because I like being on cutting edge...

[Bill,+Shooter+of+Bul]

Adobe Reader isn't just slow at loading a pdf, its slow and crappy searching and browsing the currently loaded pdf. Going from Adobe to Okular was insane. I suddenly went from dreading reading PDF docs, to loving it. Haven't tried it in Chromium yet, but I know how much better PDF viewing can be outside of Adobe. PS the bugs he was referring to are security vulnerabilities, in case you haven't figured that out by reading the 800 other posts talking about the vulnerabilities in Adobe. Now, is Google's auto-magically immune to them ... No idea. Some of the vulnerabilities are somewhat baked into the featureset. You can't support all of the crazy things you can do in PDFs without providing some possibility of some bad PDFs doing dangerous things.

Re:Because I like being on cutting edge...

[tokul]

the pdf rendering is ridiculously fast.

How accurate it is? Any pdf reader can be ridiculously fast, if it dumps half of specification or does not render complex objects.

Re:Because I like being on cutting edge...

[ConaxConax]

This is one of the many reasons I use Foxit pdf reader. Is Chrome's pdf reader fast compared to something like Foxit, or another good reader?

Re:Because I like being on cutting edge...

Ctrl+S to save the PDF file you're viewing.

Re:Because I like being on cutting edge...

[asserted]

It appears that Chrome is using Foxit library.
Can't verify it because the codereview link they provide doesn't work anymore.

Re:Because I like being on cutting edge...

[jbengt]

Adobe Reader is very slow to start up.
But once started, it is much faster than evince, especially on large .pdfs, which evince can't always handle usably (at least on my Fedora laptop). Still, I don't have Reader installed on Fedora anymore.
On my Windows box at work, I have both Adobe Reader 9 and Acrobat 7 Pro (writer) installed. Although I don't particularly like Reader 9, Acrobat 7 is very useful for work. I often need to respond to submitted .pdfs with mark ups, comments, added pages, etc. and it's great to do that without printing and scanning. Especially useful is it's OCR functions which can turn a scanned-image document into a text searchable document.

Re:Because I like being on cutting edge...

[Zaiff+Urgulbunger]

So is this closed-source then? If so, then presumably it won't make it into Chromium.

Re:Because I like being on cutting edge...

[AmiMoJo]

I really hope not. Foxit has had more than it's share of security flaws and, like Adobe Reader, is now using sandboxing.

PDF viewer

[hether]

"The viewer renders PDF documents as HTML-based pages"

I hope it does a better job than the PDF viewer built into Google search...

Re:PDF viewer

"The viewer renders PDF documents as HTML-based pages"

I hope it does a better job than the PDF viewer built into Google search...

I know it's a Slashdot tradition to mod up contentless one liners, but I'm curious why you've been modded +5 insightful... What about the PDF viewer of Google search is bad? Do you have a particular example? I use it regularly and find it to do a fantastic job for the vast majority of documents I view...

Re:PDF viewer

[The_mad_linguist]

It's terrible for anything with diagrams or formulas.

Re:PDF viewer

[Timmmm]

I'm pretty sure the journalist is just confused (I know - surprising right?), and it is actually using Foxit's PDF library:

http://www.foxitsoftware.com/pdf/sdk/dll/

This also means it won't end up in Chromium.

Re:PDF viewer

[jopsen]

"The viewer renders PDF documents as HTML-based pages"

I hope it does a better job than the PDF viewer built into Google search...

I doubt that they convert to HTML... The remark is probably just because PDFs are open in tab, and not because the technology have anything to do with translating PDFs to HTML...

Sandbox

I'm sure it will be just fine, look how well it worked in IE8!

Re:Sandbox

You mean the IE8 Protected Mode which still (AFAIK) hasn't been bypassed? Even that recent Windows elevation vuln was prevented.

Also, TFS mentioned plugin sandboxing, which is different from browser sandboxing. Opt-out plugin sandboxing was tried back in 2009 but taken out because most plugins don't work with it.

And Chromium's sandboxing architecture on Windows isn't only built around Mandatory Integrity Control (like IE8 is) but also on restricted access tokens, which has the benefit of working nearly as well on Windows XP.

Re:Sandbox

I'm an idiot. I didn't hear about http://it.slashdot.org/story/10/12/03/2231205/Researchers-Bypass-IE-Protected-Mode.

Anyway, this isn't a flaw in MIC, or even IE8's implementation of it, but rather its stupid backwards-compatibility zone policy disabling MIC on intranet websites. Hurray, more IE security issues because of flawed business support. At least it can not affect Chromium.

Re:Sandbox

You mean the IE8 Protected Mode which still (AFAIK) hasn't been bypassed?

Maybe you need to read the story two down from this one... The one with the headline "Researchers Bypass IE Protected Mode"...

Re:Sandbox

Fair enough, but this doesn't demonstrate a flaw or weakness within the sandbox mechanism. IE8 chose to display certain webpages outside the sandbox. Chromium doesn't have that issue... not even for extension-spawned tabs.

Re:Sandbox

[metrix007]

Actually it probably does affect Chrome. For some stupid reason the Windows version of Chrome shares it's network settings with Internet Explorer, which makes it lose a great many points.

Re:Sandbox

[wampus]

It's a massive pain in the ass to have to reconfigure proxy and PKI on a per application basis. I personally love that Chrome uses the OS settings that Firefox ignores.

Re:Sandbox

I didn't want to get an httpd server running on my Windows box (like that's ever a good idea) so I ran a test webpage from the filesystem on localhost. Chromium wasn't affected. The weird thing is, even after changing the Intranet policy, Internet Explorer ran the browser process at medium IL. I wonder if this is a hardcoded decision (only for fs or 127.0.0.1 pages). Hopefully it will be fixed soon in an update.

But regardless, Chromium following the Internet Options .cpl for proxy/LAN settings doesn't mean it follows all of them (or even most of them). Chromium AFAIK has no 'zones.' It also doesn't have reason to run at looser settings on the local network, unlike IE8 which "absolutely must" run 10 y/o ActiveX controls. And I'm sorry to say, but Google's engineers would have seen through this gaping and obvious security hole.

Re:Sandbox

[metrix007]

It isn't an OS setting, it's the Internet Explorer setting.

Re:Sandbox

PKI aside, you can set up firefox to use your system's proxy settings...

Re:Sandbox

[cbhacking]

Chrome does not, so far as I know, use the "security zones" concept being exploited in that example. Therefore, it should still run at low integrity level. Sharing proy settings has nothing to do with that attack.

Re:Sandbox

[cbhacking]

They're close to the same thing. It's a system setting that IE happens to be the main consumer of, but it's not specific to IE or even to MSHTML. It's not an "OS setting" in the sense that it doesn't force all apps to use the proxy, but generally speaking proxy-aware apps will respect it. Chrome is hardly the only third-party program to do so.

Re:Sandbox

[wampus]

Plenty of third party software uses the setting, and to me it makes perfect sense to only have to set up proxies and trust one time. Zones? Not so much.

Re:Sandbox

[metrix007]

It's an IE setting, that some apps choose to honour. I'm really only aware of MSN messenger that does though. Seriously, it's not an OS setting in any sense. Can you give a list of some popular programs that make use of those settings?

Re:Sandbox

[metrix007]

Like what third party software? Cause, all the programs I use you have to set it manually, which is normal.

Chrome PDF viewer is pretty good

[haruchai]

It's been in the dev or beta channel for a while. Works fine and hasn't choked on any PDFs I've viewed with it yet.

If you don't want to wait, add --safe-plugins

Launch Chromium with --safe-plugins to sandbox all plugins, including Adobe Flash. This will break some plugins or functionality on Windows, e.g. Google's video chat plugin and Silverlight... but simply watching Flash video works great.

Quashes?

So the bugs subpoenaed Google, and Google asked the judge that the motion of discovery be nullified?

Or did they mean squashed?

Re:Quashes?

[Surt]

No, they meant quashed and got it right. The legal definition flows from the standard english one.
http://www.merriam-webster.com/dictionary/quashed?show=0&t=1291432910

Re:Quashes?

[Jurily]

http://en.wiktionary.org/wiki/quash

Re:Quashes?

[Surt]

Or even better, since I misremembered which word they actually used due to AC's error:
http://www.merriam-webster.com/dictionary/quashes

Re:Quashes?

[Bigjeff5]

The word still doesn't fit. Or at least, it isn't the best word for the job, and if you are getting creative with verbiage the point is generally to use the absolute best word for the job.

Quash means to suppress or extinguish, neither of which adequately expresses fixing a bug or a group of bugs. It would be similar to using "quell" there, it just doesn't fit right. Look at the synonyms and it should be more clear why the word just doesn't work.

In this case, the words we usually use - patch or fix - are the words that are most descriptive and most appropriate.

Re:Quashes?

[DRBivens]

Yeah, it's really an awkward usage of the word "quashes". We're not speaking Middle English, so it's probably safe to stick with modern usage. Since one really doesn't "void", "vacate", "suppress", "defeat" or "smash" software bugs, I can only imagine the wording was an attempt to humorously play on the word "bugs", in which case a better word might have been "squashed" or "squished".

Just my $0.02...
 

PDF Viewer, Finally

[htafolla]

The PDF Viewer will be nice. Have had issues on both Windows and Linux.

So did the fix the http:// display bug?

[Daniel+Dvorkin]

I'm guessing not.

Re:So did the fix the http:// display bug?

I know to many this is not a big deal, but it still annoys me that there is not even an option to "fix" this behavior. Why hasn't anyone released an easy-to-apply patch or specific Chromium fork/patch that us non-programmers can easily use?

Re:So did the fix the http:// display bug?

I know to many this is not a big deal, but it still annoys me that there is not even an option to "fix" this behavior. Why hasn't anyone released an easy-to-apply patch or specific Chromium fork/patch that us non-programmers can easily use?

If you want to customize your browser, use Firefox. Firefox is implemented in a way that allows an add-on to customize every aspect of the browser*. This flexibility comes at a price: It is noticeably slower then other browsers. It is harder to maintain, because any change might break an add-on.

Chrome made a decision to make a browser with a feature set that makes most users happy, while being as fast and responsive as possible. Take a look at their bug database: Every feature request ends with "I will use chrome once you fix this one thing, until then I will use firefox." Unfortunately, every user wants a different feature, implemented in a different way. If they ever re-add http:// in the omnibox, expect an army of users to descend on http://crbug.com/ with angry rants about how 'http://' shouldn't be there. If we add an option for everyone, no one will be happy with the slow, buggy, hard-to-change result.

*: Search for "XUL" to see how this is done.

Re:So did the fix the http:// display bug?

Its a "feature", apparently.

If you notice that if you copy the URL, it automatically prepends your copied string with http://.

Re:So did the fix the http:// display bug?

Every feature request ends with "I will use chrome once you fix this one thing, until then I will use firefox." Unfortunately, every user wants a different feature, implemented in a different way.

I want the find-in-page box to stop disappearing whenever I click a link. Who thought that was a good idea?

Re:So did the fix the http:// display bug?

That's not a bug.

Flash in PDFs, head-to-head vs Acrobat Reader

[Khopesh]

One of the biggest problems with Adobe Acrobat Reader is that attackers can run exploits via embedded flash ... since Chrome supports flash, does that mean it will support flash in the PDFs it converts to HTML? I hope not, or at least not by default.

I'd like to see Chrome come with a dummy app that pretends to be a PDF reader which merely runs a specialized window holding the document content in a manner akin to your typical PDF viewer. This would help people stop wean themselves off of Acrobat Reader. Maybe it will be better than FoxIt and Evince et al. (though I suspect not; the whole point of PDF is in a perfectly consistent rendering so as to always print the same, while HTML is almost impossible to do that. Google likely has no interest in molding Chrome into something that ideal for paged media, but I can hope...)

(Disclaimer: I word processes in HTML using vim; I know a good amount of page-media CSS, including all those CSS1 and CSS2 bits that still lack implementation in FF and Chrome...)

Re:Flash in PDFs, head-to-head vs Acrobat Reader

I doubt it. It isn't and won't be a fully featured plugin. Chrome's PDF viewer was sandboxed in the dev builds even, so there isn't much risk there. If Adobe fixes the Flash sandbox issues (for one, Mic does not work) then maybe we'd see SWF-in-PDF support.

Re:Flash in PDFs, head-to-head vs Acrobat Reader

[Khopesh]

I doubt it. It isn't and won't be a fully featured plugin. Chrome's PDF viewer was sandboxed in the dev builds even, so there isn't much risk there. If Adobe fixes the Flash sandbox issues (for one, Mic does not work) then maybe we'd see SWF-in-PDF support.

Honestly, I hope we don't. PDF shouldn't have flash support. That 'feature' was merely added by Acrobat because it was trivial for them to do. Anybody seeking that kind of thing should use HTML, Flash itself (which is fully capable of this sort of thing!), or perhaps PPT.

flash on amd64

When can I watch porn in 64 bit linux? I can't sleep at night.

whoop dee doo

[glebovitz]

All this enhancement sounds great, but I wish they would concentrate on compatibility with web sites first. There are too many sites that don't work well with Chrome and I am tired of getting warnings from popular sites that warn me about running an unsupported browser.

Re:whoop dee doo

[onefriedrice]

All this enhancement sounds great, but I wish they would concentrate on compatibility with web sites first. There are too many sites that don't work well with Chrome and I am tired of getting warnings from popular sites that warn me about running an unsupported browser.

Any examples you can come up with, because I have no idea what you're talking about. WebKit is extremely compatible (it's one of the most popular HTML engines out there), and I don't know of any incompatibilities with Chrome's Javascript VM either, so... I guess I'll just have to call BS.

Re:whoop dee doo

[creativeHavoc]

I don't think he knows the difference between a browser being compatible and a website sniffing browsers and sending an unwarranted warning.

Re:whoop dee doo

All this enhancement sounds great, but I wish they would concentrate on compatibility with web sites first. There are too many sites that don't work well with Chrome and I am tired of getting warnings from popular sites that warn me about running an unsupported browser.

Do you want the chrome team to rewrite third party sites to not check the user agent? Or should they lie in their user agent and make being bug-compatible with IE6 a priority?

Poorly written sites are not a problem a browser should fix.

Re:whoop dee doo

maps.google.com is unfortunately one of the sites that works better in IE than in Chrome. Try to plan a road trip with 6+ waypoints and see for yourself.

Re:whoop dee doo

[JonJ]

I just tested this using Chrome and Linux. No problems here.

Re:whoop dee doo

Some news sites, for example the Ottawa Citizen didn't work well in Chrome when I tried it earlier this year. The text at the start of the story was not readable. Just one example. But overall I had very few problems with Chrome.

Re:whoop dee doo

[LoudMusic]

I typically use IE for hardware configuration duties, like HP switches and Cisco wireless access points. Those devices don't get their web interfaces updated particularly often and they were developed as much as a decade ago when IE was the most popular and non-standards-based browser. Trying to view the sites in Firefox, Chrome, Opera, or Safari often results in a broken interface and broken control.

But that's a pretty outlandish thing to use as an example of Chrome not being compatible.

Re:whoop dee doo

The only thing surprising here is that this surprises you. The site is a steaming pile.
That fact that it renders well in *any* browser is a complete fluke.
http://validator.w3.org/check?uri=http://www.ottawacitizen.com/
442 Errors
You can suspect that it was built for and "checked" with Internet Exploder.

gewg_

Re:whoop dee doo

For the uninformed: http://www.rossde.com/internet/sniffing.html

gewg_

Re:whoop dee doo

[scragz]

Netflix streaming said Chrome was incompatible last time I tried to use it. I've also had a lot of warnings on various sites that "all features may not be supported". As Mozilla knows, evangelism with major sites is as important as rendering bugs to the end user (me!). Usually everything just works or would work if they would unblock it.

Quashes bugs, adds pdf support...

[elashish14]

Talk about undoing your own work, huh?

Re:Quashes bugs, adds pdf support...

[Burz]

Talk about undoing your own work, huh?

Indeed. I wonder if the PDF viewer has a sandbox too. If not, then they could be opening up an even bigger can of worms!

Re:Quashes bugs, adds pdf support...

[cbhacking]

As a security tester by profession, I *really* want to run some fuzzing tools over that PDF reader. In fact, I might just do that. Coming up with a proper minset without using the resources at work would take time, though.

Re:Quashes bugs, adds pdf support...

[sl149q]

Who cares ... if there is a problem it will result in some anonymous server in the cloud getting infected :-)

Re:Quashes bugs, adds pdf support...

From what I have read (today) they convert the PDF to HTML, then display the HTML. The converter could be called a sandbox if it does not support any operations that could affect the system.
It would take an exploit in both the converter and the HTML viewer to make a malicious PDF. The converter has a lot more control over what HTML is generated, so viewing PDF's using Chrome should be at least as safe as viewing any other random HTML website, probably even more so.

Paste bug fix?

[PRMan]

Does it fix the "I can't paste into a textarea" bug?

I was using it instead of Firefox, but that one's a dealkiller for me.

Re:Paste bug fix?

[PRMan]

Can't paste my quote...

Nope.

Re:Paste bug fix?

[tyrione]

Does it fix the "I can't paste into a textarea" bug?

I was using it instead of Firefox, but that one's a dealkiller for me.

Nope. It's a joke that even 9.0.597.0 dev still can't manage this simple behavior.

Re:Paste bug fix?

Try to paste at the beginning of the textarea without writing anything in it before, or moving the cursor. This works for comment quotes in /. textareas. Of course, one can't paste again after a single edit so a multi paste can be made using an external text editor.. The room of /.-postings has often had the familiar fuck-fuck-fuckityfuck, echoing in despair, as if the moneyshot was approaching with no results.

Re:Paste bug fix?

[Qzukk]

The bug report has a workaround: create a bookmark for javascript:document.body.appendChild(document.createElement('div')); and click it whenever you want to paste into slashdot. No idea why adding an empty div to the end of the page makes it work, it probably forces chrome to re-parse slashdot's flaming pile of broken html to something that will actually work in the browser.

Re:Paste bug fix?

[Omestes]

Does it fix the "I can't paste into a textarea" bug?

It was still in the dev version, so I'm guessing not. I am using Chromium, and I did paste that; but it has always allowed me to paste in a fresh form, just not one that has text (sometimes), and never one that has characters before the paste (i.e. pasting after HTML tags).

Oddly I mostly only notice this on Slashdot, it seems to work fine on most other sites; this might be because I mostly paste to Slashdot though.

I keep on considering going back to Firefox, but every time I run it now it feels slower and more clunky (not rendering, but the UI and software itself). Firefox 4 also seems a bit off, and I wanted to be completely off of Firefox before I have to use it.

I do wonder why they haven't done anything about it yet. It is a well known, and prevalent bug, and seems to be heavily reported and documented.

PDF viewer has been in unstable for Months

[tyrione]

Just download the unstable branch. It's as close to WebKit Nightly as you get for Chrome.

Damn. It's all downhill for now.

[CFD339]

You start with something small and fast.

Soon you're all about embedding this and that and everything else. Now you're all about bloat.

See, I use foxit. I like foxit. I don't install the embedded reader because I don't like it to be embedded. That's my choice. You may not agree, but that's cool because that's what choice means.

Now, Chrome embeds its own viewer. There goes my choice. There goes the lightweight browser. Hello monoculture software. Hello exploits.

bah.

indeed

a pdf viewer is sweet

Re:indeed

not as sweet as a tight wet pussy.

Re:indeed

The difference is, you'll actually see a PDF viewer in your life.

Re:indeed

I saw a PDF of a pussy once.

Not a joke

[AmigaHeretic]

At first I thought you were joking when you said you were testing it with Chrome 9.x I didn't even know Chrome 8.x was out.

Am I just getting old or are these releases abnormally fast?

Re:Not a joke

[aztracker1]

How else were they going to get a release of Chrome 9, before IE9 comes out?

Re:Not a joke

[asserted]

Here's how it works: when Chrome 8 is branched to beta, trunk becomes Chrome 9. At first the difference is purely cosmetic.
But yes, Chrome N+1 is born at the same instant Chrome N goes to beta. From the next canary or dev release on you will see Chrome N+1 versions, though differences between them and Chrome N (already in beta) may be very small.

Websites don't support browsers

[Zero__Kelvin]

Any website that warns about unsupported browsers is by definition designed by someone who doesn't know how to design websites. Properly designed websites follow standards, and web browsers comply with those standards. When a web developer speaks in terms of which browsers they do and don't support that is a direct indication that they don't understand even the most basic and fundamental concepts of website design.

Re:Websites don't support browsers

[catbutt]

When a web developer speaks in terms of which browsers they do and don't support that is a direct indication that they don't understand even the most basic and fundamental concepts of website design.

Well, with the exception of IE6. I wouldn't fault a site for not caring anymore if their site looks crappy on IE6.

Re:Websites don't support browsers

[tepples]

I wouldn't fault a site for not caring anymore if their site looks crappy on IE6.

But I would fault such a site for not including a (tasteful) ad for Google Chrome Frame at the top of pages served to IE <= 7. Chrome Frame is a browser helper object that uses the Chrome engine for pages that opt in to Chrome rendering using a <meta> element.

Re:Websites don't support browsers

[aztracker1]

I'd love to push chome frame for browsers = ie10... how about supporting linear gradients for backrounds, or any number of other features far more widely useful ocer canvas... css3pie breaks in ie9, and the dx based gradient filter doesn't support stop points, or work with their border radius implementation.

Re:Websites don't support browsers

[Kjella]

The kind that says "We haven't tested it on your browser, we don't guarantee it'll work and if it doesn't we don't guarantee we'll fix it but here's our site anyway" is quite legitimate if you ask me. Even when I've had a site work properly on IE (with IE-specific hacks), Firefox and Opera - this was before Chrome - and the W3C validator, I got reports about a rendering bug in Safari. And I have spotted rendering differences between Firefox and Opera too, so this "create once to standards and it'll work everywhere" is overrated. The only way to really be sure is to have actually tested it with the browser in question, and if nobody ever did it's fair to call it unsupported.

Re:Websites don't support browsers

[Zero__Kelvin]

I totally agree with you. What you are talking about is completely different from supporting browsers. This site supports HTML5 and CSS, and has been tested with IE7, IE8, Chrome, and Firefox is completely different from saying that we support a particular browser or a few select ones.

Re:Websites don't support browsers

[Bigjeff5]

Exactly.

It's pretty simple really, if someone bitches about X browser not working, and you aren't going to fix the site when that's the only browser that has a problem, then that browser is unsupported.

If someone bitches about Y browser not working, and you are going to fix the site so that particular browser works correctly, then that browser is supported.

It doesn't matter if anybody ever actually bitches about the browser not working, if you never plan on fixing problems specific to that browser then it is an unsupported browser. All it means is that if you aren't using X, Y, or Z browser they aren't going to listen to your complaints. It doesn't mean your browser of choice doesn't work (in fact, given today's state of browsers, it is rare that your browser won't work).

People don't seem to understand that "Unsupported" simply means they aren't going to support it. It doesn't mean it won't work.

Re:Websites don't support browsers

[m50d]

I could write a site to the CSS spec, and have it work in no browsers. (IIRC there is not a single extant implementation of CSS2). But in the real world, users tend to be unhappy with that. So you pick browsers to "support", which means "work around the bugs of".

Re:Damn. It's all downhill for now.

about:plugins -> Chrome PDF Viewer -> Disable.

or

Options -> Under the Hood -> Content settings -> Plug-ins -> Block all.

Also it's weird to say a plugin is causing bloat, when the plugin resides in a shared library, it only registers one embed handler, and is entered only when a PDF is viewed. It has zero runtime overhead and its .text section is shared between processes (iirc... loadlibrary on win32 does copy-on-write).

Where's the bug?

[SanityInAnarchy]

This has been annoying me for awhile now. Where's a bug we can all vote for and Slashdot?

Re:Where's the bug?

[Tynin]

This has been annoying me for awhile now. Where's a bug we can all vote for and Slashdot?

If I were to guess, it would be due to the two buffers X Windows uses (and since it is X Windows, most Linux OS's suffer the same issue), the clipboard buffer, and the primary buffer, have been an ongoing train wreck for years. It is like a few developers don't want to change the way they do things, and don't share best practices for which buffer to use and when.

Even the current Ubuntu LTS 10.4 suffers from it (not tried it again in the current release, but it has been a problem for a long time on several distros), generally it's the same work around each time, which is to paste into a text program that when you do a copy, it copies it into both buffers (I think I'm using gedit, but I'm not at my workstation). Then when you paste, it should display since regardless of which buffer gets called, it will have your copy.

Re:Where's the bug?

[EvanED]

Fun fact: there's actually a second X selection buffer. It's not used very much at all, but it does mean that there are three separate clipboard-type entities that are available on most X systems.

If you know what's going on, the separate X selection and X clipboard can be occasionally useful (it essentially gives you two clipboards if you can manage to use them with accidentally overwriting stuff), but is mostly just annoying. Way better (both more useful and more predictable) would be to have just one clipboard entity, but have a global kill ring. I'm not sure exactly the best method here that makes both modern-style copy/paste and Unix-style select/middle-click interactions kind, but I feel almost certain you could come up with one that is better than the small mess that is present now.

Re:Where's the bug?

[SanityInAnarchy]

That doesn't seem to work in this case -- I've tried Kate.

What I don't get is when one of the buffers is clearly empty -- it's not pasting garbage, it's pasting nothing -- why wouldn't it check another? And why is this even an issue? On my system, I use Firefox or Chrome, depending on the situation. Both use GTK+. Why would this bug only affect Chrome, and only on certain websites, under certain conditions? Why do I never see this issue anywhere else? Why will it paste into other locations in Chrome, like the address bar or even other textboxes, just not a Slashdot comment box?

Even if it's X-related, the fact that other browsers get it right suggests that it's Chrome's bug, so again, where's the bug we can all vote up till someone actually fixes it?

Re:Where's the bug?

This issue is OS independent. The same behavior occurs with Windows.

Re:Where's the bug?

[aztracker1]

Happens in the beta channel builds on some of my win 7 machines too, not just linux... really annoying. I use it as my main browser now, but tempted to go back to firefox... chrome works better ovia my employer's proxy than FF, annoying..

Re:Where's the bug?

[pclminion]

If I were to guess, it would be due to the two buffers X windows uses

How does that explain the fact that I had to manually type in the above quote, and I'm running Windows 7?

It's fucking ridiculous, it happens with no other site but this one, and the fact that Slashdot has done nothing to fix it in the past MONTH that it's been going on, is absolutely incomprehensible to me. What. The. Fuck. Find the problem and fix it.

Even if it's somehow a bug in Chrome, I laugh out loud at the prospect of switching away from my preferred browser because one site on the Internet can't be assed to worked around the problem. I'd rather abandon Slashdot than abandon Chrome, and that's saying something.

Re:Where's the bug?

Ha! I actually thought it was silly feature of Slashdot, you know, to stop copy pasting full articles and such to posts.

Re:Where's the bug?

[tebee]

How does that explain the fact that I had to manually type in the above quote, and I'm running Windows 7?

And how do you explain that copy/pasting your comment just worked for me on XP? ( Chrome 9.0.597.0)

Re:Where's the bug?

just tried pasting... i have chrome 4 on kubuntu.

worked like a charm. since you all are talking about this I wonder what the bug actually is.

Re:Where's the bug?

Mouse select and middle click for paste works across all applications in Debian, but Chrome. For some reason Chrome gets confused. Sometimes it'll work, like now, 10 minutes later it won't. Being inconsistent makes it pretty obvious Google has a copy/paste bug with the Linux builds.

Re:Where's the bug?

[Qzukk]

Because pasting into a completely empty box works. Try typing <a href=" and pasting a link.

If it works for you it's because it's fixed in Chrome 9 now.

Re:Where's the bug?

If I were to guess, it would be due to the two buffers X windows uses

How does that explain the fact that I had to manually type in the above quote, and I'm running Windows 7?

WTH are you talking about? Everything here works well for me both in W7 and Xubuntu 10.04.

Re:Where's the bug?

[tebee]

test

  Because pasting into a completely empty box works. Try typing a href=" and pasting a link.

Yep that seems to work - so this is fixed in Chrome 9 then? One more bug quashed !

Re:Where's the bug?

[smurfsurf]

Testing a link

Yep, works just fine in Chrome 8.0.552.215 on Windows 7.

Re:Where's the bug?

[smurfsurf]

How does that explain the fact that I had to manually type in the above quote, and I'm running Windows 7?

Pasting in an empty textbox. Typing first, then pasting. All works just fine for me. Chrome 8.0.552.215 on Windows 7 64-bit.

Re:Where's the bug?

Maybe I am just clueless, but I don't think it would have anything to do with X since Chrome has the same problem on MS Windows. It looks like they just don't know how to implement paste properly.

Re:Where's the bug?

[Buelldozer]

Unless Windows 7 64 Bit is using X Windows the problem is not contained to *nix. It's happening on all three Win 7 stations that I have too, so it's not exactly a rare glitch. Oddly it only started happening after the upgrade to 8.

I really like Chrome for its speed but this copy/paste bug is killing me.

Re:Where's the bug?

[nine-times]

I've also seen the bug in Safari on OSX. Intermittent, but I've seen it. I could even see that the text was pasted in and then immediately cleared out. I assumed it was some kind of JavaScript bug on Slashdot itself.

Re:Where's the bug?

[Omestes]

It still is a problem, although not as common, on Window's Chrome. So I doubt X is the complete problem. The Linux (or at least Ubuntu, haven't ran out and ran it on every distro) implementation seems a bit worse than the Windows one.

Re:Where's the bug?

Opera has a method for dealing with this. 'Help -> Report a Site Problem...' This opens a handy dialog form. From Opera's own explanation,

Report a site problem

Some Web sites and services may not function exactly as you would expect in Opera. This could be caused by Web site authors tailoring their services for one particular Web browser.

If a site is not displaying or behaving correctly in Opera, let us know by using this dialog while the site in question is your active page. Specify how severe you think the problem is, and add a comment if you think it is called for.

Some information about your computer and browser settings will be sent to Opera to help find the cause of the site problem. Click the "details" button on the dialog to see this information.

If you are convinced you have found a defect related to the browser itself and not a particular Web site, please report it as a bug.

They don't say specifically what they do with the reports, but I imagine they try to contact the site admin, and perhaps offer advice to fix the site code. Has any webdev here received such a contact? And does Chrome has such a feature?

Re:Where's the bug?

http://crbug.com/60057

It's hard to believe it only has 10 votes. Come on, Slashdot, are you all talk?! Or is everyone just using Firefox?

Re:Where's the bug?

"The X Window System", not "X Windows", please.

Crome still disappoints me...

[bogaboga]

...and here's why:

The fact that after all these releases, Google still does not see it prudent to had 'print preview' added to Chrome as one of its features.

Folks, this feature is a killer for me...and I am not alone. Trust me on this.

Re:Crome still disappoints me...

[Alzheimers]

Agreed. Lack of the ability to change even the most basic page layout options strictly keeps Chrome in the "Nice Toy" category.

Re:Crome still disappoints me...

Seriously? You must print a lot of web pages.

Re:Crome still disappoints me...

[martas]

meh, just print it to a pdf, then preview all you want...

Re:Crome still disappoints me...

Use an operating system that provides a decent underlying platform for printing. I have print preview and all sorts of print options here, all provided for free by the printing framework of the system. (OS X)

Re:Crome still disappoints me...

[whoop]

Computer screens aren't good on your eyes. It's better to print everything out and read them by the light of a fireplace, smoking a pipe, and wearing a nice smoking jacket.

Re:Crome still disappoints me...

[Clovert+Agent]

Keep your print preview. Give me a master password already, damnit.

Re:Crome still disappoints me...

For making hardcopy backups of teh internets?

Re:Crome still disappoints me...

[asserted]

here's the bug. star it.

Re:Crome still disappoints me...

please stop printing stuff you don't need printed.
i'm not at all an eco-freak, it's just plain stupid.

Re:Crome still disappoints me...

[Xarius]

Go to about:flags and enable the Print Preview option.

Re:Crome still disappoints me...

I've been using Chrome for months and never noticed this. Of course I never tried to print anything out, so that's probably why. I agree though, they should definitely add a print preview capability.

Re:Crome still disappoints me...

[theantipop]

I think this is only available in the 9.0 dev release. So it seems to be on the way, but not definitely not ready for primetime.

Re:Crome still disappoints me...

http://peter.sh/2010/10/indexeddb-milestone-8-es5-strict-mode-and-progress-on-print-preview/

Re:Damn. It's all downhill for now.

[CFD339]

Ok, good information. Not sure you'll know I said that, because its an AC post, but what the hell. Thanks.

Finally!

[93+Escort+Wagon]

I'm not a fan of PDF at all - but if you want to use a browser for work, decent PDF handling is a necessary evil. The old "solution" - pulling the PDF into Google Apps - couldn't handle PDF files accessed through https. That made it a non-starter in my work environment.

All you young'uns are free to bitch and moan about PDF itself; but in the real world you usually have to be pragmatic.

Re:Finally!

[devent]

So your work environment don't have a PDF viewer installed? Furthermore, there is a Firefox and a IE plugin/addon to see PDF files inside a browser, no need for Google Apps.

Re:Finally!

[93+Escort+Wagon]

So your work environment don't have a PDF viewer installed? Furthermore, there is a Firefox and a IE plugin/addon to see PDF files inside a browser, no need for Google Apps.

We're talking about Chrome, not Firefox or Internet Explorer.

Working with or against Adobe?

[Quick+Reply]

So they are working with Adobe to get Flash Player in, but against Adobe to get Adobe Reader out?

Do no evil?

Adobe and Google have collaborated

NOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!

Re:Damn. It's all downhill for now.

Don't be ridiculous. Of course you have a choice. Since the PDF viewer is implemented in a nice, modular way, it is also a plug-in. You can go to about:plugins and disable it using the nice UI just like any other plugin. If the (small by modern standards) disk space taken up offends you, go and delete the pdf.dll or libpdf.so or whatever it's called on your system.

More important features still missing

3 years after the request was made they still can't offer a universal zoom level. I'll not read a single PDF on Chrome so long as I have to zoom in to every single bloody one of them separately. I hate IE, but I still have to use it on a daily basis as it's the only browser that offers a default zoom level for websites.

Re:Damn. It's all downhill for now.

Hello monoculture software. Hello exploits.

We embedded a viewer so that we could sandbox it. This makes exploits much harder to pull off. If you do manage to get a user to open a PDF that exploits a bug, the sandbox ensures that the process you now control is unable to access the filesystem or open network connections, and will be killed if it tries.

99% of users don't know what a plugin is, and won't keep them up to date unless the process is totally automatic. Chrome got this right: Updates are silently downloaded and applied unless you go out of your way to disabling them. Making the PDF plugin a part of Chrome allows chrome updates to update the plugin. Chrome's track record fixing security bugs fast is far better than the record of the PDF plugin that virtually all Windows users most user have.

If you don't want to use the fast, small, sandboxed PDF viewer that gets security updates, go to about:plugins and click disable. Nothing stops you from using other plugin if you want to.

Using lack of compliance to sell Windows 7

[tepples]

web browsers comply with those standards.

Unless, of course, the maker of the web browser is using the lack of compliance with standards in older versions of the browser as a tool to sell another product that the web browser requires. I routinely get banner ads for IE 9 when browsing with Chrome under Ubuntu 10.10 or Firefox under Windows XP; I click them and they end up being ads for Windows 7.

Re:Using lack of compliance to sell Windows 7

[Bigjeff5]

You know IE8 passes acid2 (the test for the current web standards) just fine with the default settings, and IE9 gets a 95 on the acid3 test. It's not 100%, like Webkit, but then again acid3 has been strongly criticized for cherry-picking elements that are still in the working draft (i.e. not even finalized).

In other words, Internet Explorer is 100% standards compliant, and will likely comply with the new standards as soon as we actually have a new set of standards.

Cut the FUD please, it doesn't help.

Is copy/paste fixed?

[stimpleton]

For months, the basic ability to copy and paste text in chrome has been broken. Its not just me, others have noted it, even bloggers noting it.

To read and comment on slashdot I *have to * use firefox. to do the basic task of quoting someone. ctrl-c gets it to the clipboard and I can paste to notepad, but cant to the reply form field.

To quote from the film 300: This is madness.

Re:Is copy/paste fixed?

[Qzukk]

Have you had the problem anywhere other than slashdot?

Anyway, some guy figured out that you can fix pasting in slashdot by adding a div to the end of it. Just create a bookmark on the bookmark bar for javascript:document.body.appendChild(document.createElement('div')); and click it whenever you open a slashdot story.

Re:Damn. It's all downhill for now.

[Guspaz]

FYI, Google's using Foxit for the built-in PDF viewer. So, you know, this is kind of like you using Foxit, but with less bloat, since you don't need a completely separate application and UI to get the Foxit PDF rendering engine.

page breaks

[mestar]

Oh finally those annoying page breaks in pdf are gone. I mean, time after time i switch to "continuous" mode, but, always, they were coming back. You click the scrolling arrows, but pdf shows the page it wants to show, not the one I want, so annoying it was.

But it is gone now!

Still doesn't honor --geometry directive

[Psicopatico]

As per subject. It threats that like an URL to be opened.
To be honest, it's not mentioned in the help either.

Speed of Development

[vanOorschot]

Looking at the speed of new developments by Google and Apple, i can not help but wonder how far we would have come since the Alto/Lisa had it not been for the stifling influence of first IBM and then Microsoft. OK, maybe the newbies stand on the shoulders of giants, but damn aren't they a couple of feisty dwarfs.

Re:Damn. It's all downhill for now.

[asserted]

> See, I use foxit. I like foxit.

you may be interested to know that Chrome seems to be using Foxit for their plugin:
http://googlesystem.blogspot.com/2010/08/google-chromes-pdf-plugin-uses-foxit.html

plus additional sandboxing, for extra security.

PDF for Chromium?

[david.given]

I'll admit to not being terribly interested in PDF for niche OSs like Windows --- although on the few occasions I have to boot Windows I admit that I find myself actively enjoying not loading Acrobat Reader --- so I'm more interested in whether PDF viewing is available for Chromium yet. PDFs are hateful, but sometimes I have to read the damned things, and even apps like evince are cumbersome and slow. Chrome's inline PDF viewer is awesome, fast and slick and best of all, largely invisible; PDFs just work, without needing to faff around with downloads and spawning external apps. It doesn't make PDFs any less hateful but it does minimise the pain.

But inline PDF doesn't seem to be available for Linux, and there's very little information about why. I have heard rumours that the PDF code isn't open source. It would be really nice if there was some communication on this...

Re:PDF for Chromium?

[Qzukk]

The reason is that the PDF support is actually Foxit reader being distributed as a plugin.

Re:PDF for Chromium?

[Zaiff+Urgulbunger]

PDF in Chrome is working for me with Ubuntu 9.10 / Chrome 8.0.552.215. However it doesn't work in Chromium 9.0.597.0 (67679)

Compatibility

I've seen Chrome choke on a few sites that work fine in Firefox and Opera. It's generally an issue with JavaScript and/or the way forms are handled. Just because you haven't run into the problem doesn't mean it doesn't exist.

Argh. Quit separating the subject and the verb!

[gottabeme]

Try this: "On Thursday, Google patched..."

It is a bagillion times better than "Google on Thursday patched..."

Yes, I know every single stupid press release there is uses the latter form, but it's incredibly stupid.

What are these "standards" you speak of?

Properly designed websites follow standards, and web browsers comply with those standards.

Spoken like someone who's never built a (complex) website.

Trying to support IE+Gecko+WebKit+Opera (and several versions each) you quickly learn that many (most?) web "standards" either aren't strict enough or are simply ignored.

You either program around all the quirks of the different browsers, or you program to the lowest common denominator (which results in HTML3).

Foxit status

[Jim+Efaw]

So is this closed-source then? If so, then presumably it won't make it into Chromium.

I think Foxit is proprietary, but it's really, really fast; display speed between Foxit PDF Reader and Adobe Reader isn't even a contest. Last I checked it leaves Ghostscript in the dust too. I haven't used anything but Foxit for Windows PDF reading for a while now. Now, Poppler (which uses Cairo) is a different story: those libraries are pretty fast. Chromium might be able to do something interesting with a Poppler-based reader instead of Foxit.

Built-in PDF viewer?

[Yvan256]

Okay so that's a (very) nice addition for Windows users, but what about Mac OS X, which handles basic PDF files just fine? Is the built-in PDF viewer only in the Windows version of Chrome? If not, can we disable it?

Adobe Buggy?

"bug-plagued Adobe Reader plug-in"

Given the reputation of Flash Player & Adobe Reader - is Adobe just plain incompetent? Can't they get it right? Perhaps they should just opensource them so they can be done right.

XP still outnumbers Vista + 7

[tepples]

You know IE8 passes acid2

Which is why I still test on IE >= 8.

IE9 gets a 95 on the acid3 test.

Which is comparable to Firefox. But there are more copies of Windows on which IE 9 doesn't run than on which IE 9 does run. The first result from Google windows market share states that as of November 2010, Windows Vista and Windows 7 combined make about 32 percent to Windows XP's 58 percent.