Seamless posting about privly-chrome HOT 7 CLOSED

Good idea, but would it be too frequent of sending requests to update stored content?

from privly-chrome.

Hello, I extended seemless posting idea as the following. Looking forward to receiving further ideas.

A short demo

Design purpose:

• Seemless & easy to use
• Allowing disable/enable this function easily
• Allowing multiline
• Not breaking original posting logic of the website
• Allowing mixed content
• Not too much requests

General design direction:

• When using priv.ly in textarea, the whole content would be encrypted with a default life time (can be changed in config, or a drop down).
• If users want to add plain messages, they can use priv.ly extension button to generate a link.

Details:

• When a textarea get focus, there would be a priv.ly control icon (the same as present), indicates whether this textarea is in "private mode".
• priv.ly control icon (and the textarea) has three status: Public Mode, Private Mode, Permanent Private Mode, can be switched by clicking.
  • Public Mode (default): priv.ly is not working. Textarea works as original.
  • Private Mode: priv.ly is working. if the page is refreshed (more accurately, the textarea is re-generated), the textarea will return to Public Mode.
  • Permanent Private Mode (remember using private mode for this textarea): this textarea will be always in Private Mode after refresh. (use XPath?)
• there could be other stuff help indicate the current status. for example, the background of the textarea could become green when in (Permanent) Private Mode.
• users can drag images to the textbox when it is in (Permanent) Private Mode. priv.ly treat it as data URI inlined images. The whole message to encrypt is an HTML document.

Use cases:

1. Users want to publish public messages

   just don't do anything. the default status of the textarea is Public Mode. If it is in other two modes, just click the icon once or twice.

2. Users want to send a piece of private message

   Click the icon to switch it to (Permanent) Private Mode, write messages, then hit control/command + enter to submit. (for what happens when submitting, see technical details section below)

3. Users want to send private messages in Facebook Chat for the current session

   The same as case 2. Since the textarea wouldn't be regenerated, both Private Mode and Permanent Private Mode is OK.

4. Users want to send one private message in Facebook Chat

   After submitting a private message, click icon to return to Public Mode.

5. Users want to send private messages for all Facebook Chat sessions

   Switch to permanent private mode.
   TODO: How to correctly generate feature for selecting desired textarea? A simple Xpath from document root might work in most of the cases, but not all.

6. Users want to embed image in Public Mode

   Impossible.

7. Users want to embed image in Private Mode

   Drag image to the "Private Mode" textarea (like GitHub).

8. Users want to post private messages mixed with images and texts

   Write texts, then drag images.

9. Users want to have both public and private part in one message

   Switch textarea to public mode if it isn't in. Then click extension button to popup a writing window which will finally generate a privly link and it can be automatically inserted to the textarea (similar to current).

10. Users want to generate a privly link for being used in other applications

    Click extension button.

11. Users want to specify a life time for the private message

    Provide a drop down to change life time when hover on control icon. (see demo)

Technical details:

1. What happens when hitting ctrl/command + enter or enter in Private Mode?

   • On entering private mode:
     • ACTION_INIT
   • On blur:
     • ACTION_UPDATE
   • On Keypress:
     • ACTION_UPDATE (with throttle)
   • On Enter or Ctrl,Command + Enter:
     • insert new line
     • ACTION_UPDATE, when complete: forward the event to original textarea

   Actions:

   • ACTION_INIT:
     • Disable submit button if there is one
     • create a new link
     • insert the new link to textarea/contenteditable div
     • enable submit button
     • onComplete callback
   • ACTION_UPDATE:
     • Disable submit button if there is one
     • update stored content
     • enable submit button
     • onComplete callback

   Expected behaviour: (* = the same with original behavior)

   • stackoverflow:
     enter or ctrl+enter: insert new line (*)
   • Facebook status:
     enter: insert new line ()
     ctrl+enter: publish ()
   • Facebook chat:
     enter: publish (*)
     ctrl+enter: insert new line

2. Content editable or ACE/CodeMirror-like stuff?

   To be discussed.

3. What happens when switching between modes when there are already contents?

   To be discussed.

from privly-chrome.

First thoughts:

• No encrypting whole HTML documents, only their contents. Sandboxing is pretty cool, but its attack surface is still too big.
• You have too many modes/options. I think it would be better to have a toggle for "on" and "off". If it is on, then it should be on for all elements on the domain with the same xpath. We could then also publish a default setting for things like Twitter DMs, FB chats, and gchats.
• When typing into the seamless form, keys should have the same interpretation as if you were typing them into the host page's form. This will require some clever hackery.

from privly-chrome.

@smcgregor

For the third point, I think passing keyboard enter events to inherit potential submiting features (like Facebook Chat) is enough. Other keyboard events might be pretty hard to deal with.

For example, inputing @x in Twitter will popup an at list, while replacing original @x text node to something like <a href="/x">...</a>, which means it won't work while original <div contenteditable> doesn't contain such text nodes. In addition, even though we successfully hacked this that make it work in browsers, it still won't work in server side because the server only receives URI links. Besides, this may leak data to the host site for as far as I know some websites collect all keyboard events.

from privly-chrome.

Regarding the third point: Absolutely. I just had control characters in mind, thanks for clarifying.

from privly-chrome.

@smcgregor LOL, sounds good

from privly-chrome.

This has landed in develop

from privly-chrome.