[Javascript] Serious browser detection.

Tue Mar 16 08:26:24 CST 2004

OOPS, Better take of those tractor tyres then :)

----- Original Message ----- 
From: "Håkan Magnusson" <hakan at backbase.com>
To: "[JavaScript List]" <javascript at LaTech.edu>
Sent: Tuesday, March 16, 2004 2:22 PM
Subject: Re: [Javascript] Serious browser detection.


> Agreed, on all points, but the main issue for us is the fact that Opera7
> (for example) DEFAULTS to IE6/XP userAgent string. Apart from this being
> incomprehensibly(?) stupid it also forces us to get as far away from
> userAgent detection as possible, yet STILL rely on browser specific
> "quirks" to iron out the last unclear information. And Safari, as
> mentioned earlier, can't even stand for its own rendering engine but
> actively tries to fool us that it's really Gecko/Mozilla. Nothing could
> be further from the truth, of course.
>
> This is all the fault of software developers, and it is all sort of
> "hard coded" faults, and we can't blame them on the user. :)
>
> If the user, on the other hand, is stupid enough to personally change
> his userAgent string before launching our web application, he is to
> blame. If you want to drive a car, you can't change the tires into
> tractor tires and expect it to work.
>
> Regards,
> Hakan
>
> David Lovering wrote:
>
> > Another issue to consider is that many of the reserved tokens can be
> > "spoofed" in Javascript (or so the CERT/CIAC security folks maintain).
If
> > my understanding is correct, these are defined shortly after the client
> > connection to the session is initiated, and can (allegedly) be
manipulated
> > subsequently.  Presumably later revs will preclude this, making it
> > impossible to alter reserved tokens unless done in a signed script -- 
and
> > even then with restrictions.  I've already verified that some reserved
> > tokens are protected this way, but the security notices would imply that
not
> > all of them are.  I've not experimented with the browser detection
> > parameters, and couldn't say one way or the other whether they are
> > vulnerable.
> >
> > Anybody have any personal experience with this?  I'd like a second (or
> > third) opinion.
> >
> > -- Dave Lovering
> >
> > ----- Original Message ----- 
> > From: "Håkan Magnusson" <hakan at backbase.com>
> > To: "[JavaScript List]" <javascript at LaTech.edu>
> > Sent: Tuesday, March 16, 2004 2:13 AM
> > Subject: Re: [Javascript] Serious browser detection.
> >
> >
> >
> >>Thanks Andrew, but it has to be client side, the company I work for are
> >>developing a web application framework written in JavaScript. This
> >>framework have no requirements on web server software, and we can't add
> >>it because of the browser detection. ;)
> >>
> >>
> >>>In any case, you might find some useful (and more relevant) information
> >
> > in Apple's Safari developer FAQ:
> >
> >>Thanks again, but to quote someone wittier than me, it seems that Apples
> >>idea of a "reference" is a a couple of pages where they brag about what
> >>their software almost could do if they didn't release the beta version.
> >>
> >><warning:semi-political-views>
> >>It is so obvious that Apple really want people to think that Safari is
> >>just as cool (and standards compliant) as Mozilla/Camino (just have a
> >>look at the userAgent string, "KHTML, like Gecko", geez) when the actual
> >>support for *anything* is close to none. Why, oh why, Apple, didn't you
> >>use a working, accepted, standards compliant, non-beta browser engine
> >>instead of this crap we have to deal with now?
> >></warning:semi-political-views>
> >>
> >>Again, thanks anyway. This is not a critical problem (until people start
> >>spoofing Safaris useragent string...) and I was merely reaching in the
> >>dark for a more comprehensive object reference than I have now.
> >>
> >>Regards,
> >>Hakan
> >>
> >>
> >>Andrew Crawford wrote:
> >>
> >>>Greetings,
> >>>
> >>>I'm curious: is there some particular or common reason to use
JavaScript
> >>>rather than server-side browser detection?
> >>>
> >>>This Open Source solution can do what you describe doing with
JavaScript
> >>>and can handle Safari version detection.  They seem to keep it fairly
> >>>up-to-date and it all runs on the server as a PHP script:
> >>>
> >>>   http://phpsniff.sourceforge.net
> >>>
> >>>In any case, you might find some useful (and more relevant) information
> >>>in Apple's Safari developer FAQ:
> >>>
> >>>   http://developer.apple.com/internet/safari/safari_faq.html
> >>>
> >>>Andrew Crawford
> >>>Javascript at Evermore.com
> >>>
> >>>At 05:29 PM 3/15/2004 +0100, you wrote:
> >>>
> >>>
> >>>>People,
> >>>>
> >>>>I have my browser detection script, completely object based except for
> >>>>a few small issues. These include detecting what VERSION of MacOS the
> >>>>user is running, if using a Mac, and proper detection of Safari
> >>>>(currently detecting by looking at userAgent) and furthermore which
> >>>>Safari version is in use.
> >>>>
> >>>>Basically, I am wondering if anybody know of a good way to detect
> >>>>MacOS version (through any object/property, on all (major) browsers)
> >>>>and Safari/Safari versions (through object based detection instead of
> >>>>looking at userAgent).
> >>>>
> >>>>Ideas?
> >>>>
> >>>>Regards,
> >>>>Hakan
> >>>>_______________________________________________
> >>>>Javascript mailing list
> >>>>Javascript at LaTech.edu
> >>>>https://lists.LaTech.edu/mailman/listinfo/javascript
> >>>
> >>>
> >>>_______________________________________________
> >>>Javascript mailing list
> >>>Javascript at LaTech.edu
> >>>https://lists.LaTech.edu/mailman/listinfo/javascript
> >>>
> >>>
> >>
> >>_______________________________________________
> >>Javascript mailing list
> >>Javascript at LaTech.edu
> >>https://lists.LaTech.edu/mailman/listinfo/javascript
> >>
> >>
> >
> >
> >
> > _______________________________________________
> > Javascript mailing list
> > Javascript at LaTech.edu
> > https://lists.LaTech.edu/mailman/listinfo/javascript
> >
> >
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript