DOCSLIB.ORG

Using Webkit to Own the Web Nadeem Douba

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Using Webkit to Own the Web Nadeem Douba 1 2015 - 11 - 13 Presented by: burpkit Nadeem Douba using webkit to own the web Introduction 2 BurpKit 2015 - 11 - - 13 Using u Nadeem Douba WebKit to u Founder of Red Canari, Inc. Own the u Based out of Ottawa, ON. Web u I’m a Hacker u Interests: u Exploiting stuff u Building hacking tools u Prior work: u Sploitego (presented at DEF CON XX) u Canari (used by Fortune 100s) u PyMiProxy (used by Internet Archive) Overview 3 BurpKit 2015 - 11 - - 13 Using u WebKit WebKit to u What is it? Own the u Why use it? Web u How can we use it? u BurpKit u Design Considerations u Implementation u Demos! u Conclusion u Questions? The Web Pen-Tester ’s Conundrum 4 BurpKit 2015 - 11 - - 13 Using u Today ’s web applications are complex WebKit to beasts Own the u Heavy use of JavaScript for: Web u Rendering pages u Rendering page elements u Performing web service requests u ¿But our security tools are still scraping HTML!? Our Toolkit 5 BurpKit 2015 - 11 - - 13 Using u Reconnaissance & Scanning: WebKit to u Most tools (nikto, cewl, etc.) just scrape Own HTML the Web u Attack: u BurpSuite Pro/Community u Lobo-based Renderer tab (Burp’s neglected child) L u No JavaScript/HTML5 support u Charles & Zed are just proxies u WebSecurify’s Proxy.app only has a web view BurpKit - Using WebKit to Own the Web 6 2015-11-13 ase C se U Lobo Valid Only The BurpKit - Using WebKit to Own the Web 7 2015-11-13 advanced! too is asdf.com Even We need to move forward 8 BurpKit 2015 - 11 - - 13 Using u Web penetration testing tools that: WebKit to u Have modern web browser capabilities Own the u Parse and interpret JavaScript Web u Dynamically render and inspect content u Most importantly: u Our tools needed to be able to interact with the DOM! BurpKit - Using WebKit to Own the Web 9 2015-11-13 things! of Lots - for? good it is WebKit What What is Webkit? 10 BurpKit 2015 - “WebKit is a layout engine … 11 - - 13 Using It powers Apple's Safari web WebKit to browser, and [is forked] by Own the Google's Chrome ...” Web - Wikipedia Image credit: Smashing Magazine BurpKit - Using WebKit to Own the Web 2015-11-13 11 definition… (Un)official Webkit API 12 BurpKit 2015 - 11 - - 13 Using u Made up of two major components. WebKit to u JavaScriptCore - responsible for everything Own JavaScript: the Web u JavaScript/JSON parsing & execution u Garbage collection u Debugger u Etc. u WebCore – responsible for everything else: u Resource loading u Content parsing & rendering u Web Inspector u Etc. Known implementations & Forks 13 BurpKit 2015 - 11 - - 13 Using Image credit: http://bitergia.com/public/reports/webkit/20 13_ 01/ u Apple’s Safari WebKit to u Android’s web browser Own the u Nokia QT Web u JavaFX WebView u WebKitGTK+ u PhantomJS u Google Chromium u Node WebKit u Many more… (https://trac.webkit.org/wiki/Application s%20using%20WebKit) Why use WebKit? 14 BurpKit 2015 - 11 - - 13 Using + Pros − Cons WebKit to Own ü Widespread adoption ✗ Your code will be susceptible to the same the bugs that plague modern browsers Web ü Lots of language support ✗ Tools will be hungrier for system ü Portable across many platforms resources (i.e. RAM, CPU). ü Can interact with the DOM and JS Engine. How Can You Use WebKit? 15 BurpKit 2015 - 11 - - 13 Using # Language $ Libraries WebKit to Own u JavaScript (NodeJS) u Node WebKit the Web u Python u WebKitGTK+, PyQt u JAVA u FX WebView, Qt Jambi, JxBrowser u Swift/ObjC u UIWebView u Ruby u WebKitGTK+, Qt u C/C++ u Chromium, WebKit BurpKit - Using WebKit to Own the Web 2015-11-13 16 = + webkit kit used we ow burp h What is burpkit? 17 BurpKit 2015 - 11 - - 13 Using u BurpKit = BurpSuite + WebKit WebKit to u Used JavaFX’s implementation of WebKit Own the u WebView & Debugger Web u WebEngine u Provides a real rendering tab (that’s BurpSuite Java-based Rendering right… no more lobo!) Extender API WebKit API engine burpkit Design Decisions 18 BurpKit 2015 - 11 - - 13 Using u Two leading WebKit implementations in WebKit to JAVA – JavaFX WebView and JxBrowser. Own the u Chose to go with JavaFX over JxBrowser Web – why? u Redistribution: u JavaFX comes with Java 1.8+. u JxBrowser needs bundling (>250MB) u Cost: u JavaFX is FREE! u JxBrowser is not! BurpKit - Using WebKit to Own the Web 2015-11-13 19 rage erd Implementation n JavaFX Pros & Cons 20 BurpKit 2015 - 11 - - 13 Using + Pros − Cons WebKit to Own ü Portable across many platforms ✗ API is incomplete – under development the Web ü Easy-to-use & clean API ✗ No GUI components for WebInspector and friends ü Complete JavaScript bridge ✗ Little documentation on advanced ü Leverages the Java URL framework features (must look at code) (hookable) ✗ Still a bit buggy Challenges 21 BurpKit 2015 - 11 - - 13 Using u Burp uses Swing for its GUI WebKit to u JavaFX WebEngine did not have a Own loadContentWithBaseUrl(content, url) the Web Challenge: SWING/FX Interop 22 BurpKit 2015 - 11 - - 13 Using u Solution: WebKit to javafx.embed.swing.JFXPanel Own the u Gotchas: Web u Must avoid interweaving blocking calls u i.e. Swing à JavaFX à Swing = ¡DEADLOCK! u Always check if you’re on the right event loop! u Workarounds: u Eagerly initializing resources sometimes necessary u Lots of wrapping code! Challenge: Repeater (1 of 2) 23 BurpKit 2015 - 11 - - 13 Using u Implement loadContentWithBaseUrl() WebKit to u Why? Own the u Required to render responses for Web repeated requests u Solution: hook java.net.URL protocol handling framework u WebView uses framework to issue HTTP(S) requests u New Challenge: u Our new handlers would have to support both live and repeated requests. Credit: http://media.techtarget.com/tss/static/articles/content/dm_protocolHan dlers/java_protocol.pdf Challenge: Repeater (2 of 2) 24 BurpKit 2015 - 11 - - 13 Using u How do we discern between live and WebKit to repeated requests? Own the u Solution: overrode HTTP(s) handlers and Web used User-Agent to “tag” repeated requests. u If User-Agent contains SHA1 hash, give URL handler fake output stream u Else, continue with live request u See BurpKit Java package com.redcanari.net.http for code. BurpKit - Using WebKit to Own the Web 2015-11-13 25 Product? Final The BurpKit - Using WebKit to Own the Web 2015-11-13 26 Walkthrough GUI set Feature Demo: BurpKit - Using WebKit to Own the Web 2015-11-13 27 Tracker XSS applications Tainting Demo: BurpKit - Using WebKit to Own the Web 2015-11-13 28 department… marketing our from word A BurpKit - Using WebKit to Own the Web 2015-11-13 29 thing… more One JavaScript BurpSuite Plugin Development 30 BurpKit 2015 - 11 - - 13 Using u You can now write plugins in JavaScript WebKit to u Quick-and-dirty plugin development Own the u Imagine writing Burp plugins on steroids: Web u Intruder Payload Generator that pulls the next payload from the DOM u Advanced Spider that sends all external references to Burp Scanner or the Burp Sitemap BurpKit - Using WebKit to Own the Web 2015-11-13 31 emos d see! to kit lots urp b There’s BurpKit - Using WebKit to Own the Web 2015-11-13 32 interaction DOM Followers Twitter Analyzing Demo: BurpKit - Using WebKit to Own the Web 2015-11-13 33 Menus Extensions Context and Editors, Burp Message Listeners, Proxy Demo: Challenge: JavaScript Bridge 34 BurpKit 2015 - 11 - - 13 Using WebKit u Background: need to be able to query and manipulate DOM to Own u Solution: inject JAVA objects into JS engine! the Web u Gotchas: u Funky reflection algorithm in WebEngine prevented straight-forward JAVA object interaction. u Lots of deadlock scenarios u Workarounds: u Wrapper classes galore! u Eager instantiation of Swing components. Conclusion 35 BurpKit 2015 - 11 - - 13 Using u Let’s stop scraping and let’s start WebKit to DOMinating the web! Own the u Our security tools need to evolve just like Web the web. u We have the tools/libraries at our disposal u Please contribute your ideas and code to BurpKit! u We need to make it the standard! Kudos 36 BurpKit 2015 - 11 - - 13 Using WebKit u J My Lovely Wife & Baby to Own u Justin Seitz the Web u http://automatingosint.com/ u Dirk Lemmermann u http://dlsc.com/ u Tomas Mikula u https://github.com/TomasMikula/RichTextFX u Java/JavaFX team u The Noun Project u All the contributors! BurpKit - Using WebKit to Own the Web 2015-11-13 37 ? please… to aim Questions ¿ We Drop me a line! 38 BurpKit 2015 - 11 - - 13 Using % : @ndouba WebKit to Own the Web & : [email protected] ' : https://github.com/allfro/BurpKit ( : http://www.redcanari.com ) : nadeem.douba.
Load more

Recommended publications
  • Netscape 6.2.3 Software for Solaris Operating Environment
    What’s New in Netscape 6.2 Netscape 6.2 builds on the successful release of Netscape 6.1 and allows you to do more online with power, efficiency and safety. New is this release are: Support for the latest operating systems ¨ BETTER INTEGRATION WITH WINDOWS XP q Netscape 6.2 is now only one click away within the Windows XP Start menu if you choose Netscape as your default browser and mail applications. Also, you can view the number of incoming email messages you have from your Windows XP login screen. ¨ FULL SUPPORT FOR MACINTOSH OS X Other enhancements Netscape 6.2 offers a more seamless experience between Netscape Mail and other applications on the Windows platform. For example, you can now easily send documents from within Microsoft Word, Excel or Power Point without leaving that application. Simply choose File, “Send To” to invoke the Netscape Mail client to send the document. What follows is a more comprehensive list of the enhancements delivered in Netscape 6.1 CONFIDENTIAL UNTIL AUGUST 8, 2001 Netscape 6.1 Highlights PR Contact: Catherine Corre – (650) 937-4046 CONFIDENTIAL UNTIL AUGUST 8, 2001 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to this document (the "Document"). Use of the Document is governed by applicable copyright law. Netscape may revise this Document from time to time without notice. THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN NO EVENT SHALL NETSCAPE BE LIABLE FOR INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM ANY ERROR IN THIS DOCUMENT, INCLUDING WITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS, PROFITS, USE OR DATA.
    [Show full text]
  • Automated Testing Clinic Follow-Up: Capybara-Webkit Vs. Poltergeist/Phantomjs | Engineering in Focus
    Automated Testing Clinic follow-up: capybara-webkit vs. polter... https://behindthefandoor.wordpress.com/2014/03/02/automated-... Engineering in Focus the Fandor engineering blog Automated Testing Clinic follow-up: capybara-webkit vs. poltergeist/PhantomJS with 2 comments In my presentation at the February Automated Testing SF meetup I (Dave Schweisguth) noted some problems with Fandor’s testing setup and that we were working to fix them. Here’s an update on our progress. The root cause of several of our problems was that some of the almost 100 @javascript scenarios in our Cucumber test suite weren’t running reliably. They failed occasionally regardless of environment, they failed more on slower CPUs (e.g. MacBook Pros only a couple of years old), when they failed they sometimes hung forever, and when we killed them they left behind webkit-server processes (we were using the capybara-webkit driver) which, if not cleaned up, would poison subsequent runs. Although we’ve gotten pretty good at fixing flaky Cucumber scenarios, we’d been stumped on this little handful. We gave up, tagged them @non_ci and excluded them from our build. But they were important scenarios, so we had to run them manually before deploying. (We weren’t going to just not run them: some of those scenarios tested our subscription process, and we would be fools to deploy a build that for all we knew wouldn’t allow new users to subscribe to Fandor!) That made our release process slower and more error-prone. It occurred to me that I could patch the patch and change our deployment process to require that the @non_ci scenarios had been run (by adding a git tag when those scenarios were run and checking for it when deploying), but before I could put that in to play a new problem appeared.
    [Show full text]
  • Casperjs Documentation Release 1.1.0-DEV Nicolas Perriault
    CasperJs Documentation Release 1.1.0-DEV Nicolas Perriault February 04, 2016 Contents 1 Installation 3 1.1 Prerequisites...............................................3 1.2 Installing from Homebrew (OSX)....................................3 1.3 Installing from npm...........................................4 1.4 Installing from git............................................4 1.5 Installing from an archive........................................4 1.6 CasperJS on Windows..........................................5 1.7 Known Bugs & Limitations.......................................5 2 Quickstart 7 2.1 A minimal scraping script........................................7 2.2 Now let’s scrape Google!........................................8 2.3 CoffeeScript version...........................................9 2.4 A minimal testing script......................................... 10 3 Using the command line 11 3.1 casperjs native options.......................................... 12 3.2 Raw parameter values.......................................... 13 4 Selectors 15 4.1 CSS3................................................... 15 4.2 XPath................................................... 16 5 Testing 17 5.1 Unit testing................................................ 17 5.2 Browser tests............................................... 18 5.3 Setting Casper options in the test environment............................. 19 5.4 Advanced techniques........................................... 20 5.5 Test command args and options....................................
    [Show full text]
  • Webassembly a New World of Native Exploits on the Web Agenda
    WebAssembly A New World Of Native Exploits On The Web Agenda • Introduction • The WebAssembly Platform • Emscripten • Possible Exploit Scenarios • Conclusion Wasm: What is it good for? ● Archive.org web emulators ● Image/processing ● Video Games ● 3D Modeling ● Cryptography Libraries ● Desktop Application Ports Wasm: Crazy Incoming ● Browsix, jslinux ● Runtime.js (Node), Nebulet ● Cervus ● eWASM Java Applet Joke Slide ● Sandboxed ● Virtual Machine, runs its own instruction set ● Runs in your browser ● Write once, run anywhere ● In the future, will be embedded in other targets What Is WebAssembly? ● A relatively small set of low-level instructions ○ Instructions are executed by browsers ● Native code can be compiled into WebAssembly ○ Allows web developers to take their native C/C++ code to the browser ■ Or Rust, or Go, or anything else that can compile to Wasm ○ Improved Performance Over JavaScript ● Already widely supported in the latest versions of all major browsers ○ Not limited to running in browsers, Wasm could be anywhere Wasm: A Stack Machine Text Format Example Linear Memory Model Subtitle Function Pointers Wasm in the Browser ● Wasm doesn’t have access to memory, DOM, etc. ● Wasm functions can be exported to be callable from JS ● JS functions can be imported into Wasm ● Wasm’s linear memory is a JS resizable ArrayBuffer ● Memory can be shared across instances of Wasm ● Tables are accessible via JS, or can be shared to other instances of Wasm Demo: Wasm in a nutshell Emscripten ● Emscripten is an SDK that compiles C/C++ into .wasm binaries ● LLVM/Clang derivative ● Includes built-in C libraries, etc. ● Also produces JS and HTML code to allow easy integration into a site.
    [Show full text]
  • Web Browser a C-Class Article from Wikipedia, the Free Encyclopedia
    Web browser A C-class article from Wikipedia, the free encyclopedia A web browser or Internet browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier (URI) and may be a web page, image, video, or other piece of content.[1] Hyperlinks present in resources enable users to easily navigate their browsers to related resources. Although browsers are primarily intended to access the World Wide Web, they can also be used to access information provided by Web servers in private networks or files in file systems. Some browsers can also be used to save information resources to file systems. Contents 1 History 2 Function 3 Features 3.1 User interface 3.2 Privacy and security 3.3 Standards support 4 See also 5 References 6 External links History Main article: History of the web browser The history of the Web browser dates back in to the late 1980s, when a variety of technologies laid the foundation for the first Web browser, WorldWideWeb, by Tim Berners-Lee in 1991. That browser brought together a variety of existing and new software and hardware technologies. Ted Nelson and Douglas Engelbart developed the concept of hypertext long before Berners-Lee and CERN. It became the core of the World Wide Web. Berners-Lee does acknowledge Engelbart's contribution. The introduction of the NCSA Mosaic Web browser in 1993 – one of the first graphical Web browsers – led to an explosion in Web use. Marc Andreessen, the leader of the Mosaic team at NCSA, soon started his own company, named Netscape, and released the Mosaic-influenced Netscape Navigator in 1994, which quickly became the world's most popular browser, accounting for 90% of all Web use at its peak (see usage share of web browsers).
    [Show full text]
  • Our Journey from Java to Pyqt and Web for Cern Accelerator Control Guis I
    17th Int. Conf. on Acc. and Large Exp. Physics Control Systems ICALEPCS2019, New York, NY, USA JACoW Publishing ISBN: 978-3-95450-209-7 ISSN: 2226-0358 doi:10.18429/JACoW-ICALEPCS2019-TUCPR03 OUR JOURNEY FROM JAVA TO PYQT AND WEB FOR CERN ACCELERATOR CONTROL GUIS I. Sinkarenko, S. Zanzottera, V. Baggiolini, BE-CO-APS, CERN, Geneva, Switzerland Abstract technology choices for GUI, even at the cost of not using Java – our core technology – for GUIs anymore. For more than 15 years, operational GUIs for accelerator controls and some lab applications for equipment experts have been developed in Java, first with Swing and more CRITERIA FOR SELECTING A NEW GUI recently with JavaFX. In March 2018, Oracle announced that Java GUIs were not part of their strategy anymore [1]. TECHNOLOGY They will not ship JavaFX after Java 8 and there are hints In our evaluation of GUI technologies, we considered that they would like to get rid of Swing as well. the following criteria: This was a wakeup call for us. We took the opportunity • Technical match: suitability for Desktop GUI to reconsider all technical options for developing development and good integration with the existing operational GUIs. Our options ranged from sticking with controls environment (Linux, Java, C/C++) and the JavaFX, over using the Qt framework (either using PyQt APIs to the control system; or developing our own Java Bindings to Qt), to using Web • Popularity among our current and future developers: technology both in a browser and in native desktop little (additional) learning effort, attractiveness for new applications.
    [Show full text]
  • Casperjs Documentation Release 1.1.0-DEV
    CasperJs Documentation Release 1.1.0-DEV Nicolas Perriault Sep 13, 2018 Contents 1 Installation 3 1.1 Prerequisites...............................................3 1.2 Installing from Homebrew (OSX)....................................4 1.3 Installing from npm...........................................4 1.4 Installing from git............................................4 1.5 Installing from an archive........................................5 1.6 CasperJS on Windows..........................................5 1.7 Known Bugs & Limitations.......................................6 2 Quickstart 7 2.1 A minimal scraping script........................................7 2.2 Now let’s scrape Google!........................................8 2.3 CoffeeScript version...........................................9 2.4 A minimal testing script......................................... 10 3 Using the command line 11 3.1 casperjs native options.......................................... 12 3.2 Raw parameter values.......................................... 13 4 Selectors 15 4.1 CSS3................................................... 15 4.2 XPath................................................... 16 5 Testing 17 5.1 Unit testing................................................ 17 5.2 Browser tests............................................... 18 5.3 Setting Casper options in the test environment............................. 19 5.4 Advanced techniques........................................... 20 5.5 Test command args and options....................................
    [Show full text]
  • Comparing Javascript Engines
    Comparing Javascript Engines Xiang Pan, Shaker Islam, Connor Schnaith Background: Drive-by Downloads 1. Visiting a malicious website 2. Executing malicious javascript 3. Spraying the heap 4. Exploiting a certain vulnerability 5. Downloading malware 6. Executing malware Background: Drive-by Downloads 1. Visiting a malicious website 2. Executing malicious javascript 3. Spraying the heap 4. Exploiting a certain vulnerability 5. Downloading malware 6. Executing malware Background: Drive-by Downloads Background: Drive-by Downloads Setup: Making the prototype null while in the prototype creates a pointer to something random in the heap. Background: Drive-by Downloads Environment: gc( ) is a function call specific to Firefox, so the attacker would want to spray the heap with an exploit specific to firefox. Background: Drive-by Downloads Obfuscation: If the browser executing the javascript it firefox,the code will proceed to the return statement. Any other browser will exit with an error due to an unrecognized call to gc( ). Background: Drive-by Downloads Download: The return will be to a random location in the heap and due to heap-spraying it will cause shell code to be executed. Background: Goal of Our Project ● The goal is to decode obfuscated scripts by triggering javascript events ● The problem is when triggering events, some errors, resulting from disparity of different engines or some other reasons, may occur and terminate the progress ● We need to find ways to eliminate the errors and Ex 1therefore generate more de-obfuscated scripts <script> function f(){ //some codes gc(); var x=unescape(‘%u4149%u1982%u90 […]’)); eval(x); } </script> Ex 2 <script type="text/javascript" src="/includes/jquery/jquery.js"></script> Project Overview - Part One ● Modify WebKit engine so that it can generate error informations.
    [Show full text]
  • Sabre Red Apps
    Sabre Red Apps Developer Toolkit Overview Red Apps are optional, authorized applications that extend the capabilities of Sabre® Red™ Workspace. Red Apps are Sabre’s branded version of an Eclipse plug-in. They plug into and become part of the Red Workspace. A Red App can be something as simple as a script, an app that intelligently integrates mapping information to help agencies better serve their customers, or a pre- populated form that helps agencies improve customer service. Sabre Red App Certified Developers design and code these applications, and then wrap them as plug-ins for integration into Sabre Red Workspace. Red Apps leverage the technical capabilities of the Eclipse Rich Client Platform, the open source software upon which the Red Workspace platform is built and operates. Red Apps are developed by Sabre teams and Sabre Red App Certified Developers. They are marketed and deployed through the Sabre® Red™ App Centre using Sabre Red Workspace’s provisioning technology. Red Apps are visually and physically integrated within the Red Workspace and share data with other elements of the Red Workspace, thereby providing a whole new level of integration. By choosing Red Apps that meet specific business needs, and even the specific needs of each agent in an office, certified developers will be able to create a truly custom Red Workspace environment for optimal agent productivity and customer service. Learn more: Sabre Red Workspace Sabre Red App Centre Sabre Dev Studio Sabre Red Workspace Developer Toolkit. Read about the types of Red Apps that Sabre Red App Certified Developers can build, the functionality in the Sabre Red Workspace Developer Toolkit, and skills for developers.
    [Show full text]
  • Hooray, I Found the Bug
    FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Hooray, I found the bug João Nadais Mestrado Integrado em Engenharia Informática e Computação Supervisor: Rui Maranhão July 22, 2016 Hooray, I found the bug João Nadais Mestrado Integrado em Engenharia Informática e Computação Approved in oral examination by the committee: Chair: Professor Ana Cristina Ramada Paiva External Examiner: Professor João Paulo de Sousa Ferreira Fernandes Supervisor: Professor Rui Filipe de Lima Maranhão Abreu July 22, 2016 Resumo O processo de verificação de erros tem causado várias dores de cabeça a um grande número de programadores ao longo do tempo. Por vezes, o erro é encontrado numa fase muito tardia do desenvolvimento, levando a elevados custos para a sua correção. Algumas ferramentas dão nos a possibilidade de, a partir de um conjunto de testes, ter uma perceção mais visual do projeto que está a ser analisado, assim como a probabilidade de encontrar o erro em certas partes do código. No entanto, ainda não é possível confirmar o impacto real do uso destas ferramentas no desempenho dos programadores. Tendo isto em atenção, as atuais ferramentas existentes no mercado com este propósito foram analisadas e uma (Crowbar) foi escolhida para desenvolvimento continuado. Usando uma análise baseada no espetro de código, conseguindo uma maior eficiência do que os restantes métodos, e estando integrado no IDE, o utilizador pode assim utilizar uma nova abordagem para o problema de localização de falhas. Novos tipos de visualizações foram adicionados, bem como opções para filtrar o que é visto para facilitar o foco do utilizador. O impacto destas adições foi avaliado num estudo de utilização que visava comparar não só o facto destas alterações constituirem uma melhoria no desempenho dos utilizadores a localizar falhas, bem como a importância de ter esta ferramenta integrada no IDE e a facilidade de uso da mesma.
    [Show full text]
  • HTML Tips and Tricks
    Here are some common HTML/JavaScript codes to use in your survey building. To use these codes click on the purple drop down to the left of a question. Then click on “add java script”. Replace the part that says” /*Place Your Javascript Here*/” with the codes below. Some codes are to be used in the source view or answer choices. Again these codes should be pasted into your question when you have accessed the “code view” in the upper right of the questions text box or if you’re in the rich text editor click on the “source” button in the upper right corner of the rich text editor. Below you will find 18 codes. The blue text specifies where the code should be placed (java script editor or source view). To customize the codes you will need to change the red text in the codes below. 1. Append text to the right of text entry choices (ex. TE Form) This allows you to ask questions such as "Approx how many hours a day do you watch TV? [TEXT ENTRY SHORT] hrs" (Java script editor) var questionId = this.questionId; var choiceInputs = $$('#'+this.questionId + ' .ChoiceStructure input'); for (var i=0; i < choiceInputs.length; i++) {var choiceInput = choiceInputs[i]; try {if (choiceInput && choiceInput.parentNode) {choiceInput.parentNode.appendChild(QBuilder('span',{},'hrs')); } } catch(e) { } } 2. Puts a calendar into the question (This code only works when placed in the source view. Or use the question saved in the Qualtrics Library. ) <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.7.0/build/calendar/assets/skins/sam/calendar.css">
    [Show full text]
  • Multiplatformní GUI Toolkity GTK+ a Qt
    Multiplatformní GUI toolkity GTK+ a Qt Jan Outrata KATEDRA INFORMATIKY UNIVERZITA PALACKÉHO V OLOMOUCI GUI toolkit (widget toolkit) (1) = programová knihovna (nebo kolekce knihoven) implementující prvky GUI = widgety (tlačítka, seznamy, menu, posuvník, bary, dialog, okno atd.) a umožňující tvorbu GUI (grafického uživatelského rozhraní) aplikace vlastní jednotný nebo nativní (pro platformu/systém) vzhled widgetů, možnost stylování nízkoúrovňové (Xt a Xlib v X Windows System a libwayland ve Waylandu na unixových systémech, GDI Windows API, Quartz a Carbon v Apple Mac OS) a vysokoúrovňové (MFC, WTL, WPF a Windows Forms v MS Windows, Cocoa v Apple Mac OS X, Motif/Lesstif, Xaw a XForms na unixových systémech) multiplatformní = pro více platforem (MS Windows, GNU/Linux, Apple Mac OS X, mobilní) nebo platformově nezávislé (Java) – aplikace může být také (většinou) událostmi řízené programování (event-driven programming) – toolkit v hlavní smyčce zachytává události (uživatelské od myši nebo klávesnice, od časovače, systému, aplikace samotné atd.) a umožňuje implementaci vlastních obsluh (even handler, callback function), objektově orientované programování (objekty = widgety aj.) – nevyžaduje OO programovací jazyk! Jan Outrata (Univerzita Palackého v Olomouci) Multiplatformní GUI toolkity duben 2015 1 / 10 GUI toolkit (widget toolkit) (2) language binding = API (aplikační programové rozhraní) toolkitu v jiném prog. jazyce než původní API a toolkit samotný GUI designer/builder = WYSIWYG nástroj pro tvorbu GUI s využitím toolkitu, hierarchicky skládáním prvků, z uloženého XML pak generuje kód nebo GUI vytvoří za běhu aplikace nekomerční (GNU (L)GPL, MIT, open source) i komerční licence např. GTK+ (C), Qt (C++), wxWidgets (C++), FLTK (C++), CEGUI (C++), Swing/JFC (Java), SWT (Java), JavaFX (Java), Tcl/Tk (Tcl), XUL (XML) aj.
    [Show full text]