« New Firewall in Production at Fourmilab | Main | Reading List: The New Paradigm »

Friday, December 16, 2005

JavaScrypt Compatibility Fix for Mozilla Firefox 1.5

The recent release of the Mozilla Firefox 1.5 browser broke the JavaScrypt browser-based cryptography package due to an obscure change in the handling of a String method when applied to an object which is actually an array of Numbers. The reason JavaScrypt (or, more precisely, the AES encryption code upon which it is based) was doing such an odd thing is that the straightforward way to make such a test, the instanceof operator, does not work in browsers prior to Internet Explorer 5 and Netscape 6, so what amounts to a dirty trick ("heuristic", to be polite) was used instead.

While I'll admit I was tempted to rewrite the code in question to use instanceof, I strongly dislike torpedoing older hardware and software unless there is absolutely no alternative. In this case, a simple, albeit ugly, fix sufficed, and the new version runs on every browser with which I've tested it, from Netscape 4.7 through current versions of Firefox, Internet Explorer, and Opera.

I've also moved the Web pages associated with JavaScrypt closer to HTML 4.01 (Transitional) compliance, but we're not all the way there yet. The problem is that several of the pages use the wrap="off" specification in <textbox> fields to keep long lines (for example, lengthy pass phrases) from being wrapped. You should be able to achieve the same effect with the CSS 2.1 "white-space: pre" specification but, alas, it doesn't seem to work within a <textbox> on most current browsers, so we're stuck with the non-compliant wrap attribute for the time being.

Posted at December 16, 2005 23:24