[Javascript] Serious browser detection.

Håkan Magnusson hakan at backbase.com
Tue Mar 16 08:22:34 CST 2004 

Agreed, on all points, but the main issue for us is the fact that Opera7 
(for example) DEFAULTS to IE6/XP userAgent string. Apart from this being 
incomprehensibly(?) stupid it also forces us to get as far away from 
userAgent detection as possible, yet STILL rely on browser specific 
"quirks" to iron out the last unclear information. And Safari, as 
mentioned earlier, can't even stand for its own rendering engine but 
actively tries to fool us that it's really Gecko/Mozilla. Nothing could 
be further from the truth, of course.

This is all the fault of software developers, and it is all sort of 
"hard coded" faults, and we can't blame them on the user. :)

If the user, on the other hand, is stupid enough to personally change 
his userAgent string before launching our web application, he is to 
blame. If you want to drive a car, you can't change the tires into 
tractor tires and expect it to work.

Regards,
Hakan

David Lovering wrote:

> Another issue to consider is that many of the reserved tokens can be
> "spoofed" in Javascript (or so the CERT/CIAC security folks maintain).  If
> my understanding is correct, these are defined shortly after the client
> connection to the session is initiated, and can (allegedly) be manipulated
> subsequently.  Presumably later revs will preclude this, making it
> impossible to alter reserved tokens unless done in a signed script -- and
> even then with restrictions.  I've already verified that some reserved
> tokens are protected this way, but the security notices would imply that not
> all of them are.  I've not experimented with the browser detection
> parameters, and couldn't say one way or the other whether they are
> vulnerable.
> 
> Anybody have any personal experience with this?  I'd like a second (or
> third) opinion.
> 
> -- Dave Lovering
> 
> ----- Original Message ----- 
> From: "Håkan Magnusson" <hakan at backbase.com>
> To: "[JavaScript List]" <javascript at LaTech.edu>
> Sent: Tuesday, March 16, 2004 2:13 AM
> Subject: Re: [Javascript] Serious browser detection.
> 
> 
> 
>>Thanks Andrew, but it has to be client side, the company I work for are
>>developing a web application framework written in JavaScript. This
>>framework have no requirements on web server software, and we can't add
>>it because of the browser detection. ;)
>>
>>
>>>In any case, you might find some useful (and more relevant) information
> 
> in Apple's Safari developer FAQ:
> 
>>Thanks again, but to quote someone wittier than me, it seems that Apples
>>idea of a "reference" is a a couple of pages where they brag about what
>>their software almost could do if they didn't release the beta version.
>>
>><warning:semi-political-views>
>>It is so obvious that Apple really want people to think that Safari is
>>just as cool (and standards compliant) as Mozilla/Camino (just have a
>>look at the userAgent string, "KHTML, like Gecko", geez) when the actual
>>support for *anything* is close to none. Why, oh why, Apple, didn't you
>>use a working, accepted, standards compliant, non-beta browser engine
>>instead of this crap we have to deal with now?
>></warning:semi-political-views>
>>
>>Again, thanks anyway. This is not a critical problem (until people start
>>spoofing Safaris useragent string...) and I was merely reaching in the
>>dark for a more comprehensive object reference than I have now.
>>
>>Regards,
>>Hakan
>>
>>
>>Andrew Crawford wrote:
>>
>>>Greetings,
>>>
>>>I'm curious: is there some particular or common reason to use JavaScript
>>>rather than server-side browser detection?
>>>
>>>This Open Source solution can do what you describe doing with JavaScript
>>>and can handle Safari version detection.  They seem to keep it fairly
>>>up-to-date and it all runs on the server as a PHP script:
>>>
>>>   http://phpsniff.sourceforge.net
>>>
>>>In any case, you might find some useful (and more relevant) information
>>>in Apple's Safari developer FAQ:
>>>
>>>   http://developer.apple.com/internet/safari/safari_faq.html
>>>
>>>Andrew Crawford
>>>Javascript at Evermore.com
>>>
>>>At 05:29 PM 3/15/2004 +0100, you wrote:
>>>
>>>
>>>>People,
>>>>
>>>>I have my browser detection script, completely object based except for
>>>>a few small issues. These include detecting what VERSION of MacOS the
>>>>user is running, if using a Mac, and proper detection of Safari
>>>>(currently detecting by looking at userAgent) and furthermore which
>>>>Safari version is in use.
>>>>
>>>>Basically, I am wondering if anybody know of a good way to detect
>>>>MacOS version (through any object/property, on all (major) browsers)
>>>>and Safari/Safari versions (through object based detection instead of
>>>>looking at userAgent).
>>>>
>>>>Ideas?
>>>>
>>>>Regards,
>>>>Hakan
>>>>_______________________________________________
>>>>Javascript mailing list
>>>>Javascript at LaTech.edu
>>>>https://lists.LaTech.edu/mailman/listinfo/javascript
>>>
>>>
>>>_______________________________________________
>>>Javascript mailing list
>>>Javascript at LaTech.edu
>>>https://lists.LaTech.edu/mailman/listinfo/javascript
>>>
>>>
>>
>>_______________________________________________
>>Javascript mailing list
>>Javascript at LaTech.edu
>>https://lists.LaTech.edu/mailman/listinfo/javascript
>>
>>
> 
> 
> 
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
> 
>

More information about the Javascript mailing list