
Don't Hijack Browser Keyboard Shortcuts - hypertexthero
http://hypertexthero.com/logbook/2014/04/dont-hijack-browsers-keyboard-shortcuts/
======
jwr
Blogger is notorious for "reimplementing the web experience". Just try opening
a Blogger page on an iOS device. You'll get an empty page, then spinning
gears, then after a while the page will finally land. Then you'll have a page
which won't scroll properly. Because someone just _had_ to reimplement
scrolling. Better.

Let's take the horrible Onswipe themes as another example. They not only break
functionality and make the page slower, but also break zooming in and show
buttons that _pretend_ to be iOS buttons, but aren't.

I could rant about this for hours. It's all the same basic problem: people
trying to redefine/hijack basic browsing functionality. I interpret this as
extreme hubris ("I know how to design this better!") or arrogance (" _this_ is
how you will view my site, period!").

~~~
aestra
Urban Dictionary's scrolling was for a while completely and totally broken on
my Android phone. I couldn't scroll at all.

------
hyperpape
The advice of this article is good, but I don't think it should be up to
individual website authors to behave well. Ideally, there ought to be a
standardized javascript API for binding control keys. Then the browser could
prohibit rebinding if desired (while giving feedback to the webapp as to
whether rebinding was allowed), and provide an accompanying UI for the user to
see which controls are enabled/disabled, to whitelist or blacklist websites,
and so on.

~~~
blueskin_
Yes please. Especially if it has a single browser option to disable all key
rebinding.

------
pessimizer
One of the dumbest I've run into is to jack ctrl-f and send it to a site
search box. If I use ctrl-f, it's because I meant to do an entirely different
thing, or by accident. In no case is it because I want to search your article
archives.

~~~
dllthomas
Likewise slash. I appreciate the nod to vim, but Firefox is already nodding
there.

~~~
pessimizer
If by nodding, you mean nodding out. For some reason, they've specially
crippled the '/' search, and removed the configuration variable to make it
identical to ctrl-f (next/last arrows mostly.)

If you happen to read this and are irritated by the same thing: I was saved by
"Findbar Tweak." New essential plugin for me.

~~~
dllthomas
I've no objection to configurability, but I don't _want_ slash to behave the
same as ctrl-f. In particular, when my /-search matches part of a link,
hitting return follows the link. Ctrl-f searches for next, which functionality
I already have access to with ctrl-g.

Edited to add - how can you stand the lack of next/last arrows in vim?

------
emsy
Far worse are websites like Battle.net that hijack the onpaste events to
prevent pasting passwords. Hijacking keyboard shortcuts may cause
inconveniences but prohibiting password pasting is a security flaw.

~~~
67726e
Do tell, how is that a "security flaw"?

~~~
mnutt
It could be that some people use password managers that require pasting.
(though many don't) It could lead to people using passwords that are easier to
remember if their password manager doesn't work.

~~~
67726e
I guess that _is_ something of a double-edged sword then. You might force
someone to use a weaker password, but then hopefully they wouldn't be keeping
it in a place where they could simply copy/paste it. This really starts to
delve into the whole "security is a gradient with tradeoffs" situation.

~~~
aestra
>hopefully they wouldn't be keeping it in a place where they could simply
copy/paste it.

???

Passwords can be simple copy/pasted from.

Encrypted files can be simply copy/pasted from.

~~~
67726e
I'm assuming in this scenario that they would be keeping passwords in a
plaintext file. If they kept passwords in an encrypted file, wouldn't they
need to decrypt it? Wouldn't you presumably have a strong password to decrypt
it? Where is that kept? How strong must one's password be when that password
is keeping _other_ passwords secure? If they can remember that password, why
can they not remember others?

~~~
maxerickson
Remembering 1 password is easier than remembering dozens of them. Reusing
passwords is not a great idea, so dozens of passwords is a real concern.

It's also the case that disabling paste doesn't do anything to stop a user
from storing their passwords in an unencrypted file.

------
mwexler
Yahoo Mail hijacked the down arrow: Looking in the preview pain, press down
arrow to scroll... and you jump to a new mail. Very, very jarring and
frustrating. I recall they also hijacked a bunch of other keys, none of which
made much sense, which is sad... mostly because it shows that they don't use
their own products enough to see how this can affect users.

~~~
npsimons
Google+ appears to do the same thing with C-PgUp and C-PgDown; if I had wanted
those keys to stop working properly, I would have used some ass-backwards
browser like IE. If I've got a Google+ post open and I'm scrolling brisking
through tabs, it's like hitting a brick wall.

------
valevk
Well, I don't think it's a bad idea to have specific shortcuts which disable
the normal behaviour of a browser, and improve the UX of a website. If they
exists:

* they should be explicitly enabled (i.e. RES for reddit)

* you should be notified if they are changing browser behaviour, and an option to disable shall be provided.

~~~
aestra
In practice the only way users are going to discover these "features" is by
accident. How would someone be notified the behaviour is changing? The About
page nobody reads?

~~~
valevk
Visual feedback when user executes a short cut.

------
choult
My personal pet peeve is the hijacking of / for in page search...

------
oftenwrong
The problem is not that sites are choosing to override browser shortcuts, but
that they can do so at all. The browser should not allow its shortcuts to be
overridden. In Vimperator you have to enter a pass-through mode, so this kind
of overlap never happens.

~~~
3JPLW
I agree. But unfortunately many of the browser creators want to support full-
fledged apps within a browser, which in their minds necessitates the rebinding
of core shortcuts. A great example is command/control-s in Google Drive
Documents.

Conflicting interests.

~~~
dllthomas
That's not a conflict, if you're using vimperator. In one mode, you pass
whatever. In the other, you pass nothing. The only conflict would be around a
site wanting to bind escape...

------
npsimons
_I’m talking to you, Blogger._

Is this the same Blogger that _requires_ JavaScript to view plain text? Or
maybe I'm getting it confused with blogspot, I can never keep them all
straight. In any case, I don't think it's a coincidence . . .

------
dllthomas
This speaks to a broader issue with trying to keep every hotkey at the top
level when you have multiple, nested containers. There is a fantastic solution
to this: have a leader key that says "I am talking to my browser", where one
of the sub-commands is "pass a literal leader key through". This is the way
screen/tmux and ratpoison handle key bindings, and it means there is literally
zero chance of a collision that I can't trivially resolve by slightly
modifying my interaction.

------
unexistance
it sure is annoying, and let's not mention blogger's hyper-dependencies on
javascript in order to display the page. No javascript, no content

anyway, well what can be done is \- prompt for user agreement to allow these
shortcuts, then save it as user preference / cookie / etc..

------
paulojreis
Ever tried the "Metro" version of Outlook Web Access, the one used with Office
365? It hijacks "Ctrl/Command + R" as a shortcut to "Reply". How oblivious is
this?

------
zokier
This is just the result of transitioning HTML to an applications framework.
Now the application you use to view articles is not your browser, but Blogger
(or WP etc).

------
waterfowl
Yeah this is big to me. Even for system utilities. I use an OS X volume
booster called
"Boom"([http://www.globaldelight.com/boom/](http://www.globaldelight.com/boom/))
(which is nonfree but worth the $7) and it, by default, hijacks cmd + +/\- for
zooming in chrome. Please don't do this!

------
threepipeproblm
I have noticed issues with Firefox shortcuts while on YouTube, and have
wondered if this sort of skulduggery was going on.

------
keeperofdakeys
Big examples would be PgUp and PgDn in Google+, and (at least on the old
design), F5 on Twitter.

~~~
coldpie
Google itself hijacks / (forward slash) which I use in Firefox for quick
search. Super annoying.

------
freestyler
I’m talking to you, Stackoverflow. I use Ctrl-k, Ctrl-b quite often.

------
Pxtl
but what about things like ctrl-s and ctrl-b in Google Docs? Those are handy
and I rarely save a page or create a bookmark by hotkey.

~~~
netmare
This is an inherent problem with web apps, since they're an app within an app.
There are two different contexts fighting each other. Who's to say that Ctrl+S
should save the app state or the page? Whatever we choose as the default, the
non-default scenario would feel awkward when we need it.

I can think of two ways to solve this: (1) decouple apps from the browser
frame or (2) use a special modifier key for app shortcuts (perhaps re-use the
Windows key, e.g. Win+Ctrl+S).

~~~
oneeyedpigeon
(2) That was attempted (sort of)[1] and it failed pretty badly due to poor
browser support and lack of understanding amongst users.

[1]
[http://en.wikipedia.org/wiki/Access_key](http://en.wikipedia.org/wiki/Access_key)

~~~
netmare
Yeah, that's pretty messy. As an Opera user I had no idea that other browsers
used Ctrl or Alt for access keys. That's just a recipe for disaster. Opera's
Shift+Esc combo guaranteed no clashes with browser shortcuts, but it was
really kludgy to use.

------
qwerta
NoScript with whitelist works well enough.

------
blueskin_
So fucking true. Obnoxious javascript masturbation pattern #47,601 that will
make me blacklist scripts from your site. Same for single-key shortcuts (I'm
looking at you there, JIRA...).

