jPlayer 2.2.0

[Mark Panaghiston]

jPlayer 2.2.0 has been released on http://jplayer.org/

Download the latest version here:
http://jplayer.org/download/

The release notes for the changes from the previous release are here:
http://jplayer.org/latest/release-notes/

Upgrading is seamless. Simply add the new jquery.jplayer.min.js and Jplayer.SWF files to your site.

It is recommended that you update to this version to remove a security vulnerability with the Flash SWF that enabled cookie theft from your domain. Remember to delete any old copies of the Jplayer.swf file you might have on your site to eliminate the vulnerability.

Those wanting to start playing with the new Popcorn jPlayer Player Plugin should also update their CSS to the new skins. They have tweaks that allow the other Popcorn plugins to work properly. NB: Only the CSS file changed in each skin. The HTML structure is unchanged.

The Flash now supports RTMP protocol urls.

This thread continues on from the previous development log for jPlayer 2.1.0, found here:
https://groups.google.com/d/topic/jplayer/qMS66a3EivM/discussion

The development log of jPlayer 2.2.0 will continue in this thread.

Please start a new thread for support requests, as it would be nice to keep this thread relatively clean for the github updates.

[Mark Panaghiston]

jPlayer 2.2.2 dev uploaded to GitHub:

• [2.2.1] Merged Pull Request: Review time problems by Tolia. If there is an hours time value, then the hours are automatically added to the minutes when the showHour option is false. Details in Issue #69.
• [2.2.2] Reviewed Pull Request of [2.2.1] Implemented the same scheme for seconds, where the hours and minutes get added on if they are not being shown. Removed the requirement that the unit is > 0 to be displayed. The show options continue to directly control whether that unit is displayed. The input parameter is now checked that it is truethy and number type, otherwise zero is used.

The options act similar to before, the difference now is that when showHour is false, any actual hours present in the time are added onto the minutes figure. Likewise for showMin being false getting added onto the seconds.

It is assumed that these are the valid option:
showHour = true, showMin = true, showSec = true
showHour = false, showMin = true, showSec = true [default]
showHour = false, showMin = false, showSec = true

[Pau Garcia i Quiles]

Mark,

Could you please tag the patch releases in git (or even better:
provide zipped releases) ? That would make my life as Debian packager
much easier in regards to release tracking

Thankyou

> --
> You received this message because you are subscribed to the Google Groups
> "jPlayer: HTML5 Audio & Video for jQuery" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/jplayer/-/9NCPVtboqAUJ.
>
> To post to this group, send email to jpl...@googlegroups.com.
> To unsubscribe from this group, send email to
> jplayer+u...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/jplayer?hl=en.



--
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)

[Mark Panaghiston]

I tag the major/minor releases:
https://github.com/happyworm/jPlayer/tags

The X.Y.dev version format uses the last number more so it is more obvious when someone has used a development point from GitHub. The official releases are tagged.

[Mark Panaghiston]

jPlayer 2.2.4 dev uploaded to GitHub:

• [2.2.3] Merged Pull Request: DRYed up event settings by FarSeeing. The source and minified code is reduced in size as a result of the Don't Repeat Yourself (DRY) change. No functional effect.
• [2.2.4] (Manually) Merged Pull Request: Fix for IE bug when using tabkey to access the player/document by micha149. Added tabindex="-1" to the object element used by the Flash solution.

[Mark Panaghiston]

jPlayer 2.2.5 dev pushed to GitHub:

[2.2.5] Merged Pull Request: Support AMD by ryanramage. Added AMD support so jPlayer is easy to use with jamjs. The jPlayer Package on jamjs.org. Updated version numbers of package details to jPlayer 2.2.5. (Will update for 2.3.0 release.)

[Pau Garcia i Quiles]

Hi,

That's exactly my problem: only major/minor releases are tagged, patch
releases are not. That means I don't have something I can use as an
"official tarball" when packaging a patch release (e. g. 2.2.5).


On Tue, Oct 9, 2012 at 2:49 PM, Mark Panaghiston

> https://groups.google.com/d/msg/jplayer/-/aPkafAbx0KgJ.

[Mark Panaghiston]

jPlayer 2.2.6 dev pushed to GitHub:

[2.2.6] Bug Fix: IE9 and iOS6 now work with setMedia followed by play(time). Previously, IE9 would jump to time, but not actually play, and iOS would ignore the play(time) and play() from the start.

Additional:
1) iOS continues to require the user gesture to enable the media element.
2) If the first user command given in iOS is play(time) then the media will play from the start for a second or so before the time is corrected to that given in play(time). Only the first command of this type has this quirk.

[Jonathan2]

Fantastic - I like this new burst of activity. You're just the dev that keep on deving and for that we thank you!

[Mark Panaghiston]

Revised jPlayer skins pushed to GitHub.

I noticed that the no-solution CSS rules were wrong after the changes for the popcorn players. Fixed that. The error text now appears below the player.

Added rules for the new audio live-stream demos, for both Blue Monday and Pink Flag skins.

The new demo may be viewed here:
http://jplayer.org/2.2.0/demo-08/

[Mark Panaghiston]

jPlayer 2.2.7 dev pushed to GitHub:

[2.2.7] Bug Fix: Added document mode sniffer to fix Internet Explorer Flash insertion on IE9. Sniffer based on Microsoft Library code. For example, when the following HTML is used to force IE version emulation:
 <meta http-equiv="X-UA-Compatible" content="IE=7" />

Note that in the IE9 dev tools, you can set the browser mode and document mode options in a way that would not occur in practice.
For example, the IE7 browser (mode) could not emulate the IE9 document mode.

[Mark Panaghiston]

jPlayer 2.2.9 dev pushed to GitHub:

• [2.2.8] Bug Fix: IE9 no longer requests the current page url on clearMedia. Solution from GitHub issue clearMedia makes extraneous HTTP request by marcn.
• [2.2.9] Bug Fix: The Flash Plugin Version Sniffer now checks for Flash 10.1.
• [2.2.9] Code Review: The Flash Plugin Version Sniffer code is now influenced by SWFObject 2.2. This enables the granular check of the plugin version using _checkForFlash(version) where version is a string with the form "1.2.3", "1.2", "1" or a number 1.2.

[Mark Panaghiston]

jPlayer 2.2.13 dev pushed to GitHub:

• [2.2.10] New Feature: Added <track> support to setMedia ready for when HTML5 browsers implement the feature. This follows the W3C Media Element Living Standard and the WebVTT Living Standard as of 1st November 2012. A polyfill will be needed to enable this feature in the meantime and for the Flash solution. Could possibly use the WebVTT polyfill in Playr.
• [2.2.11] Option Review: Added iemobile: /iemobile/ to noVolume and noFullScreen blocklist option objects.
• [2.2.12] Code Review: Refactored _checkForFlash(version) to use code prior to 2.2.9 with changes to enable major.minor version number. The version is a number 1.2. This satisfies the need to check for Flash 10.1 while saving over 1k bytes when compared to the 2.2.9 change.
• [2.2.13] Development Bug fix: Removed reserved word usage default, added in 2.2.10, and made jshint.com pass with our options.

Additional:

The change in 2.2.10 is rather pointless for the time being as no HTML5 browser has actually implement the <track> element, which has been in the spec for over a year now. My bad for assuming it was implemented, but I left it in because the code is valid.

The track element change would also require GUI changes to enable changing the subtitles and so on, but put that aside for now while I decide whether to add in a polyfill. A polyfill does make sense, since the Flash solution could use subtitles too... But polyfill is the wrong term there as there would be no <video> element for jPlayer's flash.

I'll stop rambling on about it now.

[Mark Panaghiston]

jPlayer 2.2.15 dev pushed to GitHub.

• [2.2.14] Feature Change: Renamed options fullScreen to fullWindow and noFullScreen to noFullWindow.
• [2.2.14] New Feature: Enabled HTML5 native fullScreen mode. Desktop functionality verified with Firefox 16, Safari 5.1, Chrome 23 and Opera 12.10. Mobile functionality verified with iOS6 (iPad3) Mobile Safari and Android 4.2 (Nexus 7) Chrome.
• [2.2.15] Bug Fix: Corrected noFullWindow regular expressions for msie, ipad and android_pad. For example, IE10 now allows full window.

Additional:

You may review the native full screen video here:
http://jplayer.org/2.2.15/demos/

For example:
http://jplayer.org/2.2.15/demo-01-video/

Release notes so far:
http://jplayer.org/2.2.15/release-notes/

The native fullscreen works with both the html5 and Flash solutions on compliant browsers.
The Flash itself does not have fullscreen mode added to it, since there is no GUI inside the Flash.

A syntax correction was also pushed to the Blue Monday CSS. Splitting hairs since the last semi-conlon is not required in a {set} but added so that code has same style throughout.

[Mark Panaghiston]

jPlayer 2.2.16 dev pushed to GitHub:

[2.2.16] (Implemented) Pull Request: Be able to define the time format on each jPlayer instance by LeResKP. Functionality of request enabled while maintaining the original method $.jPlayer.convertTime(s) and the $.jPlayer.timeFormat options.

Additional:

Or in other words... Added the jPlayer option timeFormat

[Mark Panaghiston]

jPlayer 2.2.17 dev pushed to GitHub:

[2.2.17] New Feature: Added keyboard controls that effect the jPlayer instance in focus. The last instance played has focus, or the first instanced with the feature enabled. The option keyEnabled (default: false) is used to turn the feature on. The option keyBindings is an object used to define actions with their key and function. The option audioFullScreen (default: false) allows key controls to display audio poster images in full screen, which is useful for media players. eg., A player that has both video and audio media in a playlist. The method jPlayer("focus") may be used on an instance to gain focus without playing.

Additional:

The default keyBindings are:

• SPACE play/pause toggle
• ENTER full screen toggle
• UP/DOWN arrows inc/dec volume by 10%
• BACKSPACE muted toggle
  

By default, the keyboard controls are not enabled. Enable them by setting the option:
keyEnabled: true

The keyBindings are of the form:
{
  actionName: {
    key: keycode,
    fn: function(focus) {}
  }
}

For example, the play/pause toggle is:
{
  play: {
    key: 32, // space
    fn: function(f) {
      if(f.status.paused) {
        f.play();
      } else {
        f.pause();
      }
    }
  }
}

Other keyBindings may be added to an instance. When the instance is in focus, those key bindings will be checked. For example, the playlist code will be revised so that the LEFT and RIGHT keys control changes to the next and previous tracks.

In general, the "focus" will have no effect when there is only 1 jPlayer instance. It comes into effect when there are multiple instances, where we need to know which instance to direct the commands to. So... Whichever instance played last has focus... And during instancing, the 1st instance instanced with the keyEnabled option true will be given focus.

The is a keydown event handler added to the document regardless of whether key controls are used or not. It does nothing unless an instance gains focus, which cannot happen unless an instance has keyEnabled:true. This handler may be removed if you have problems, using:
$.jPlayer.keys(false);

The coding also attempts to distinguish between key commands and when you type into an input field. There is a block list of elements to ignore key events on, and this may be controlled using the variable shown below. Its default is also shown.

// The list of element node names to ignore with key controls.
$.jPlayer.keyIgnoreElementNames = "INPUT TEXTAREA";

If you find you need to add an element name, then add it to the string, separated with a space. For example:
$.jPlayer.keyIgnoreElementNames = "INPUT TEXTAREA BANANA";

Known issue notes:
It is expected that the key controls will not work when Safari has entered full screen.
I need to add in the code to enable keys to work while in full screen. Bit odd that, but maybe there is a reason why safari did it that way, with a code to pass as param on fullscreen command... I know there is general concern with the full screen api that phishers can attempt to steal user data by using full screen dummy screens and videos... The thing is though, the phishers would just slap that code into their page.  I guess you can force the option off in thee Safari options somewhere that only the truly OCD and paranoid venture.

Whoops, started rambling there.

[Mark Panaghiston]

jPlayer 2.2.18 dev pushed to GitHub.

[2.2.18] (Manually) Merged Pull Request: Fix issues with incorrect RTMP video size by danbrianwhite. The solution was similar to Fix for RTMP videos not sizing properly by davidortinau. Both the original pull requests were 100% file differences. Investigated and found that JplayerRtmp.as had the incorrect line ending format. It had MAC format on a Windows machine, then GitBash assumed Windows format. This has been corrected and the change highlighted to preserve GitHub commit history visibility.

Additional:

The size of RTMP video should now display correctly.

The GitHub repo no longer has a corrupted line endings version of JplayerRtmp.as and future pull requests should behave in the expected manner.

Most modern text editors make the line ending corruption pretty difficult to spot. Not sure how it crept in, but it is fixed now and only effected that GitHub repo and the SWF did not care.

[Mark Panaghiston]

jPlayer 2.2.19 pushed to GitHub.

Added videoWidth and videoHeight to status for HTML5 and Flash.

[2.2.19] New Feature: The videoWidth and videoHeight information is now maintained on the status. These are the intrinsic width and height values of the video in pixels. The default is zero before it is known or if it is audio media.

Additional:

This information is particularly useful for making responsive interfaces. You may now know the intrinsic size of the video and then externally control the size options of jPlayer.

While making this change, there were 2 other ActionScript files that had incorrect line endings, which have now been corrected.
(Corrected ConnectManager.as and TraceOut.as line endings.) Spotted this while updating the headers in the AS files, since they had not changed for a long time and had the old jplayer site url in them.

The jPlayer Inspector has been added to the repo as an add-on. It has also been updated to show the new video width/height info so that I could test it was working.

[Mark Panaghiston]

jPlayerPlaylist add-on 2.2.2 dev pushed to GitHub.

• [jPlayerPlaylist 2.2.0 add-on] Merged Pull Request: Use .on() and .off() instead of .live() and .die() by bistory. The playlist add-on is now using .on() and .off() instead of the deprecated .live() and .die() jQuery methods. The add-on now requires jQuery 1.7+ and enables jQuery 1.9+ which dropped support of the deprecated code.
• [jPlayerPlaylist 2.2.1 add-on] New Feature: Added default keyBindings options that enable next/previous track through the LEFT and RIGHT arrow keys.
• [jPlayerPlaylist 2.2.2 add-on] Code Review: Updated jshint.com options to those used by jPlayer and made it pass.

[Mark Panaghiston]

jPlayer 2.2.22 dev pushed to GitHub:

• [2.2.20] Security Fix: The Flash SWF had a security vulnerability that enabled XSS (Cross Site Scripting). Reported by Malte Batram.
• [2.2.21] Bug Fix: The GUI's cssSelector elements click propagation was being disabled due to using return false;.
  Corrected to use event.preventDefault();.
• [2.2.22] New Feature: Added the smoothPlayBar option (Default: true), which enables the animation of the play bar. Changes to its value are now animated over 250ms in a linear manner.

Additional:

2.2.20 fix added extra paranoid characters to the Flash URL parameter check.
Protects from attacks such as:
Jplayer.swf?id=%3Cimg%20src=x%20onerror=alert\u0028\u0027moin\u0027\u0029%3E&jQuery=document.write

Due to lobbying by security professionals, I will be raising a CVE and submitting it accordingly so that said pros can know that they need to update their jplayer versions. Will synch the CVE with official release of jPlater 2.3.0 expected in the next few weeks.

2.2.21 lets you now do stuff like move the duration over the play bar and not have the problem that a click on the duration does not go through to the play control.

2.2.22 Is of particular benefit with short duration media. Rather than the play bar increment in large chunks, it will animate to the new value over 250ms, which is the approximate time between timeupdate events.

[Piper LeMoine]

Mark, how do I suggest options for Drupal 7? What's the best way to submit them?

[Mark Panaghiston]

jPlayer 2.2.24 dev on GitHub:

• [2.2.23] Security Fix: The Flash SWF had a security vulnerability that enabled XSS (Cross Site Scripting). Reported by Eugene Dokukin.
• [2.2.24] Development Default Change: The smoothPlayBar option (Default: false), had its default value changed from true to false.

Additional:

The security issue fix by the previous 2.2.20 patch has been named as:
Security reference CVE-2013-1942.

Patch 2.2.23 fixes a minor issue where XSS could be used to create an alert that displays a simple string.
For example:
Jplayer.swf?jQuery=alert&id=XSS
Produces an alert that says: #XSS

Due to the other paranoid character checks on all the parameters, you could not use it maliciously, but we cleaned it up since it is still XSS.

Patch 2.2.24 is one of those do we, don't we situations... We decided that the extra CPU requirement for the animation should be a choice rather than by default.
In many cases, where the media is longer than a minute, the animation is hardly noticeable anyway - except for when you click on the progress bar and it snoothly moves to the new value.

We expect that all our demos for 2.3 will have the smoothPlayBar option set since we do tend to have short pieces. Especially the video we use.

[Pau Garcia i Quiles]

Hello,

actionscript/Jplayer.as still says Version is 2.2.23

jplayer.jquery/jplayer.jquery.js says Version is 2.2.24

package.json says Version is 2.2.5 (!!!)

Maybe the version number should be kept in a single place and a very simple build system could then replace some string (e. g. @VERSION@) in Jplayer.as, jplayer.jquery.js and package.json with the version number.

Also, could you please tag releases? And use branches for 2.0, 2.1, 2.2, etc so that providing security fixes is easier? As the Debian packager of jPlayer, I am finding serious trouble tracking releases and providing unofficial security patches due to the no-branches, no-tags, new features in patch releases, etc development policy :-(

--

You received this message because you are subscribed to the Google Groups "jPlayer: HTML5 Audio & Video for jQuery" group.

To unsubscribe from this group and stop receiving emails from it, send an email to jplayer+u...@googlegroups.com.

To post to this group, send email to jpl...@googlegroups.com.

Visit this group at http://groups.google.com/group/jplayer?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Mark Panaghiston]

When 2.3 goes live, all the old tags are going to be deleted and the jplayer.org site will have all old version removed as well. This is due to the security fixes and all versions that have problems should be removed.

The SWF and JS can have different versions during development. Only on major and minor releases will I line them up on purpose.

The package.json... Ah yes, that is something for JAM and I planed to update that on 2.3 as well.

A build system would be nice... I have been playing about with node.js and grunt and all that... Maybe I'll get something worked out in the future... I remember wondering if the package.json would clash since grunt uses the same file naming... But I will see, I am still a novice in that area.

[Pau Garcia i Quiles]

Hello,

So how should I package the current HEAD? As jPlayer 2.2.23 or as jPlayer 2.2.24? It's not clear to me from your answer :-(

Instead of removing all the old versions, I would really prefer if they got the proper security patches. Branching is a must to do this.

As for the build system, nothing too fancy is requited. On Unix platforms (i. e. non-Windows), a simple shell script that runs "sed -i s,@VERSION@,`cat version.txt`,g Jplayer.as" would do. On Windows, something a somewhat more complex "for" would work, or even better, just include gnuwin32's sed in git and add a .bat which runs sed.

[Mark Panaghiston]

The jquery.jplayer.js file is the latest development: 2.2.24

The SWF may and usually will be older during development, hence why you see it as 2.2.23.

Branches... I'll think about it...

[Mark Panaghiston]

jPlayer 2.3.0 is now live on http://jplayer.org and on GitHub.

The development log of jPlayer will continue in this thread:
https://groups.google.com/d/topic/jplayer/oGNS234o8CA/discussion

[Jonathan2]

On Saturday, 20 April 2013 18:05:04 UTC+1, Mark Panaghiston wrote:

jPlayer 2.3.0 is now live on http://jplayer.org and on GitHub.

Oooh, lovely! Thanks, jplayer team!