HTML5 input tag required and placeholder shim for IE

Two of the nice HTML5 attributes for input tags are required and placeholder.

Unfortunately, IE doesn’t support them. This code snippet allows a the required and placeholder attributes to act the same under IE as they do with browsers that support them. It also allows styling of disabled inputs and textareas under IE.

The only other code is some CSS that defines a class named “required” which is used to highlight the empty inputs.

.invalid {
        color: #800;
.required {
        border: 1px solid #800 !important;
.ie [placeholder] {
        color: #aaa;
.ie [placeholder]:focus {
        color: #000;
.ie [disabled]{
        color: #333;
        background-color: #efefef;

document.body.className += " ie";

if(!String.prototype.trim) {
        String.prototype.trim = function () {
                return this.replace(/^\s+|\s+$/,'');

var form = document.querySelector('form');

if (form !== null) {
        var disabled_inputs = document.querySelectorAll("[disabled]");
        var required_inputs = document.querySelectorAll("[required]");
        var placeholders = document.querySelectorAll("[placeholder]");

        clearPlaceholder = function(evt) {
                var element;
                if ( {
               = "";
                        element = document.getElementById(;
                } else if (evt.srcElement) {
                                evt.srcElement.value = "";
                                element = evt.srcElement;
                        } else {
                element.className = element.className.replace(" required", "");
                if (element.removeEventListener) {
                        element.removeEventListener('focus', clearPlaceholder);
                } else if (element.detachEvent) {
                        element.detachEvent('onfocus', clearPlaceholder);

        var e;
        var l = placeholders.length;
        for (var p = 0; p < l; p++) {
                if (typeof placeholders[p].id !== undefined) {
                        e = document.getElementById(placeholders[p].id);
                        if (e !== null) {
                                e.value = e.getAttribute("placeholder");
                                if (e.addEventListener) {
                                        e.addEventListener('focus', clearPlaceholder);
                                } else if (e.attachEvent) {

        var e;
        var l = disabled_inputs.length;
        for (var d = 0; d < l; d++) {
                if (typeof disabled_inputs[d].id !== undefined) {
                        e = document.getElementById(disabled_inputs[d].id);
                        if (e !== null) {
                                e.className += " disabled";

        form.onsubmit = function() {
                var completed = true;
                var value = "";
                var inputs = document.querySelectorAll("input, textarea");
                var e, l = inputs.length;
                var req = /required/;
                var disabled = /disabled/;
                for (var i = 0; i < l; i++) {
                        e = document.getElementById(inputs[i].id);
                        if (e.hasAttribute("required")) {
                                if (!e.hasAttribute("placeholder")) {
                                        e.setAttribute("placeholder", "");
                                e.value = e.value.trim();
                                if ((e.value === "") || (e.value === e.getAttribute("placeholder"))) {
                                        e.value = e.getAttribute("placeholder");
                                        if (!req.test(e.className)) {
                                                e.className += " required";
                                                if (e.addEventListener) {
                                                        e.addEventListener('focus', clearPlaceholder);
                                                } else if (e.attachEvent) {
                                        completed = false;
                        if (disabled.test(e.className)) {
                                e.className = e.className.replace(" disabled", "");
                return completed;

Constructing targetted CSS

I am working on a page with a responsive design. The page is really two pages, assembled with PHP. This allows the content and functionality to be reduced for smaller mobile devices, and enhanced for tablets and desktops.

In order to provide consistent presentation across all devices, I broke the CSS into several files. All the CSS files are then compressed with the YUI compressor and concatenated into device specific files.

The device specific files are:

  • mobile.css - For devices that are not more than 360px wide
  • desktop_and_tablet.css - For devices that are more than 360px wide. Media queries indicate resolution specific elements.

for F in "$CSSDIR/"*.css; do
        # Compress
        echo -e "\t$F"
        `$YUICOMPRESSOR "$F" > "$TMPDIR/$F"`

echo Concatenating CSS ...
# Construct targeted version
cat "$CSSTMPDIR/reset.css" "$CSSTMPDIR/core.css" "$CSSTMPDIR/mobile.css" > "$MINDIR/mobile.css"
cat "$CSSTMPDIR/reset.css" "$CSSTMPDIR/core.css" "$CSSTMPDIR/color.css" "$CSSTMPDIR/desktop.css" "$CSSTMPDIR/tablet.css" "$CSSTMPDIR/js.css" "$CSSTMPDIR/common.css" > "$MINDIR/desktop_and_tablet.css"

The component CSS files are:

  • color.css - All color definitions
  • common.css - CSS that is common to both tablet and desktop devices
  • core.css - CSS that is common to all devices. Examples include setting the font, some common padding and margins.
  • desktop.css - Styles targeted for desktop browsers
  • js.css - Styles for pages which rely on JavaScript. These styles are applied if the body has the ‘js’ class applied, which indicates the client supports JavaScript.
  • mobile.css - The CSS for the smallest supported browsers
  • reset.css - The reset.css, thanks to:
  • tablet.css - Styles for devices between 361px and 980px wide, inclusive

The advantages of this approach is that the style settings are not duplicated, they need only be maintained in one place. The content delivered to the mobile device includes only the styles and content which will be used, ensuring the leanest pages possible. The tablets and desktops, receive the CSS for tablets and desktops, but display the same content. This allows those pages to adjust dynamically to width changes.

All devices include a small JavaScript file which handles the page reload if the width of the device is modified outside the target bounds of the loaded page.

This is the JavaScript that detects and responds to the width change for mobile devices. It does require JavaScript, the page does not use media queries, since that would require more CSS and content to be loaded to support transitions.

function widthCheck() {
        if ((document.body.scrollWidth && document.body.scrollWidth > 360) ||
                (innerWidth && innerWidth > 360) ||
                (document.body.clientWidth && document.body.clientWidth > 360)) {
                        location.href = "index.php?notmobile";

window.onload = widthCheck;
window.onresize = widthCheck;

The ?notmobile overrides the mobile device detection code.

On the tablets and desktops, jQuery is used and the code to detect and react to width changes is:

        $(window).resize(function() {
                if ($(window).width() < 360) {

PHP is used on initial page load to identify mobile devices therefore, mobile.php is used for devices which are classified as mobile, index.php is used for all others. A query string parameter is used to override the detection, which allows the viewer to switch between the pages to best suit their needs.

eZ Publish - LiteSpeed - Conditional header

I have an eZ Publish site, running in host access mode, with three subdomains, admin, mobile and down.

I don’t want the subdomains to be indexed by search engines, and I especially want to keep the admin interface out of the search engines.

Somehow, the admin interface got into Google. I updated the robots.txt file, but that only prevents further scans, it won’t cause pages to be removed (

To prevent the subdomains from being listed in Google search results, I tried to use these directives on a LiteSpeed server:

SetEnvIfNoCase Host ^(admin|mobile|down).*$ NO_INDEX=true
Header set X-Robots-Tag "noindex" env=NO_INDEX

It seems that the conditional always evaluates to true (or is ignored).

In that case, placing the Header directive in a VirtualHost section would be the best approach, but I don’t have access to the server configuration. I sent a ticket in to the hosting company, but they’re really busy. That’s a nice way of saying they didn’t fix it quickly.

One of the nicest features of eZ is its robust configuration, which includes HTTP headers. Adding these settings in siteaccess/admin/site.ini.append.php worked.

X-Robots-Tag[/]=noindex, nofollow

To remove the admin interface from Google, I’ll send them a request, just to be sure.

Deny Access Based on Accept-Language Header

It can be difficult to determine the source of a request to a server. You can use geolocation to lookup an IP address, one excellent service is IP2Location.

However, if the goal is to deny access to servers from outside the country, language may be an effective identifier.

Whether the language is sent in the headers is an unknown, however, if it is sent, and it isn’t the language of the site, access can be denied with these commands:

In this case, if ‘en’ (English) is not one of the languages the client will accept, the request will be denied.

        RewriteCond %{HTTP:Accept-Language} !(en) [NC]
        RewriteRule ^.*  - [F]

This should be part of a layered strategy, with other rules ensuring additional protection.

A word of caution. If the Accept-Language header is missing, access will also be denied. Search engine bots often omit the Accept-Language header.

eZ Publish Workflow - electronic media delivery

I’m helping on a site that sells music.

I wanted a way to bundle a person’s purchases into a single file that could be downloaded once. There are two types of electronic media, mp3_product and album. Each may have an image associated with it. An mp3_product is an .mp3 files, an album is a .zip file, containing .mp3s.

The link above is a great resource. Using it, I created a custom workflow:

class CreateDownloadFileType extends eZWorkflowEventType
    const WORKFLOW_TYPE_STRING = "createdownloadfile";
    public function __construct()
        parent::__construct( CreateDownloadFileType::WORKFLOW_TYPE_STRING, 'Create Download File');
    public function execute( $process, $event )
        $parameters = $process->attribute( 'parameter_list' );

	$order_id = $parameters['order_id'];
	$user_id = $parameters['user_id'];

	$order = eZShopFunctionCollection::fetchOrder ($order_id);

	$items = eZProductCollectionItem::fetchList( array( 'productcollection_id' => $order['result']->ProductCollectionID ) );

	$order_number = $order['result']->OrderNr;

	$zip = new ZipArchive();
	if ($zip->open($zip_file,ZIPARCHIVE::CREATE)!==true) {
		eZDebug::writeError('Order: '.$order_id.' - could not create zip file '.$zip_file);

	$storageDir = eZSys::storageDirectory();
	$attributes_to_include = array('file','image');

	foreach ($items as $item)
		$product = eZContentObject::fetch($item->ContentObjectID);

		if (in_array($product->ClassIdentifier,array('mp3_product','album')))
			$product_data = $product->dataMap();
			$name = preg_replace('/[^\w]/','_',trim($product_data['name']->DataText));

			foreach ($attributes_to_include as $v)
				if ($product_data[$v]!==null)
					$attribute_data = $product_data[$v]->Content();
					$file = $attribute_data->Filename;
					$mime_type = $attribute_data->MimeType;
				        list( $group, $type ) = explode( '/', $mime_type );
					$filePath = $storageDir . '/original/' . $group . '/' . $file;
					$pathInfo = pathinfo($filePath);
					if ($zip->addFile($filePath,$name.'.'.$pathInfo['extension'])!==true) {
						eZDebug::writeError('Order: '.$order_id.' - failed to add '.$filePath.' to '.$zip_file);

        return eZWorkflowType::STATUS_ACCEPTED;
eZWorkflowEventType::registerEventType( CreateDownloadFileType::WORKFLOW_TYPE_STRING, 'createdownloadfiletype' );

The zip file created is named with an md5 of the order number and user id, and placed in a download directory. It’s probably not the most secure approach, but I think it is okay for this application, and it can be changed later.

This triggers on shop/checkout/after, which means the person has paid.

The download link for the zip file is placed in both the order view and order email templates.

    {def $current_user=fetch( 'user', 'current_user' )}
    {if $current_user.is_logged_in}
    <p><a href="/download/{concat($order.order_nr,$current_user.contentobject_id)|md5()}.zip">{"Click to download"|i18n("design/base/shop")}</
    {undef $current_user}

You may need an Alias and a RewriteRule:

Alias download /home/account/www/download
RewriteRule ^download/.*\.zip - [L]

The final step was to create a mechanism to delete the files after they are downloaded. There are at least two ways to do this. The first approach is to use an Apache filter, with a bash script:

Apache configuration code:

ExtFilterDefine delete mode=output

<Directory /home/account/www/download>
SetOutputFilter delete

cat -
if [ -e $FILENAME ]; then
        rm $FILENAME;

The Apache filter code is courtesy of Lyrix, Inc..

If you can’t use a filter - which is likely if you are using shared hosting, you can also use a PHP script. This uses a RewriteRule to route the request through PHP.

Options -Indexes
<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^(.*\.zip)$ zip.php?path=$1 [L]

Finally, this is the PHP code that will deliver the file, then delete it.

// downloading a file and then deleting it
$filename = $_GET['path'];
if (is_file($filename))
        // fix for IE catching or PHP bug issue
        header("Pragma: public");
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: public");
        header("Content-Description: File Transfer");
        // browser must download file from server instead of cache

        // force download dialog
        header("Content-Type: application/zip");

        // use the Content-Disposition header to supply a recommended filename and
        // force the browser to display the save dialog.
        header("Content-Disposition: attachment; filename=".basename($filename).";");

        The Content-transfer-encoding header should be binary, since the file will be read
        directly from the disk and the raw bytes passed to the downloading computer.
        The Content-length header is useful to set for downloads. The browser will be able to
        show a progress meter as a file downloads. The content-lenght can be determines by
        filesize function returns the size of a file.
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: ".filesize($filename));

<!DOCTYPE html>
<html lang="en">
<title>Requested Content Not Available</title>
<h1>Requested Content Not Available</h1>
<p>The content you requested is not available.</p>
<p>If you were unable to download your purchases, please contact us for assistance.</p>