Inaccessible form submit links in .NET SDK
Tom Gilder
here too, hopefully to discourage some of you to do this.
You can view the article in question at
http://msdn.microsoft.com/library/en-us/cpguidnf/html/cpcongeneratingclient-sidejavascriptforpostback.asp
------
Hello, I'd like to comment on the very poor and inaccessible scripting
habits the Microsoft .NET documentation is encouraging.
The page entitled "Generating Client-Side ECMAScript for Postback"
instructs users to use a link such as:
<a id="Link" href="javascript:__doPostBack('Link','')">Link</a>
This type of javascript pseudo-URL's are totally non-standard and
will only work in browsers that have scripting support, and have
scripting enabled.
However many, many users do not have this - and
therefore they simply will not be able to submit the form. The entire
page will be broken for them.
A reliable source for internet statistics, thecounter.com, shows that
last month (December 2001) around 12% of users had scripting disabled.
Do you really want .NET-powered web pages not work for that many
people? See http://www.thecounter.com/stats/2001/December/javas.php
I hope you reconsider this example, and change it to use a more accessible
method of submitting forms. I have recently written an article on this
subject, you can read it at http://tom.vpwsys.co.uk/scripting/submit.asp
------
Thanks
Tom
Bertrand Le Roy
take their responsibility. They should know what they are doing.
No modern and non-trivial web site functions without javascript.
And if you want to know who the 12% users who disable javascript are, I'll
tell you: they are people navigating on porn and warez sites and who don't
want to be bothered by popup windows.
So that figure is completely biased and means nothing for serious apps.
"Tom Gilder" <n...@email.ok> wrote in message
news:xsS_7.634$X87....@news2-win.server.ntlworld.com...
Peter Torr (MS)
news:xsS_7.634$X87....@news2-win.server.ntlworld.com...
> instructs users to use a link such as:
>
> <a id="Link" href="javascript:__doPostBack('Link','')">Link</a>
>
> This type of javascript pseudo-URL's are totally non-standard and
> will only work in browsers that have scripting support, and have
> scripting enabled.
Hi Tom,
In general I agree with you -- the javascript pseudo-protocol is bad -- but
I think the reason they do this is because earlier versions of Navigator
don't support the onclick event for anchor tags (only images, I think) and
so you have to use this hack in order to get Navigator to execute code when
you click a link. If the browser has script disabled, then using onlick
rather than href will not buy you anything, so that point is moot.
Probably the best thing to do for people without script is:
<a href="?__EVENTTARGET=Link">Link</a>
so perhaps that should be added to the document. I'll send some feedback to
the doc people them with that in mind.
Thanks,
Peter
--
Peter Torr -- pt...@microsoft.com -- JScript .NET / VSA Runtime
Waiting for the Vengabus? http://www.microsoft.com/info/cpyright.htm
Please post all questions to the group. Thanks.
Tom Gilder
> People who disable scripting support do so at their own risks and should
> take their responsibility. They should know what they are doing.
> No modern and non-trivial web site functions without javascript.
All well-made sites should work without scripting - and many do. Scripting should be viewed as a browser add-on, a luxry. It's nice
to have, but not always there. Some people don't disable scripting - they simply don't have a browsing device capable of it in the
first place.
> And if you want to know who the 12% users who disable javascript are, I'll
> tell you: they are people navigating on porn and warez sites and who don't
> want to be bothered by popup windows.
Or maybe they are people pissed off with annoying script-powered adverts? Or worried about the *five* unpatched (even in IE6) IE
security holes (although some are more major than others...)?
Sites not working without scripting are simply down to developers being lazy.
Thomas Nielsen [AM Multimedia]
living.
Try explaining this to a customer: It will cost you more, you will only lose
12% (which is the 12% least interested in the net anyway - regular surfers
upgrade) - and your site will lose functionality and important design
features.
Now, for arguments sake, lets say you somehow "convinced" the customer, and
did you site with no javascript at all.
Then lets deduct the number of people who will simply leave your site,
because navigation is ancient, uninteressting and boring. And dont give me
any "you can do the same without scripting as you can with" - You cant!!.
Saying scripting is a "luxury" is an obvious proof of someone not
understanding what the powers of client-side functionality is.
How many people do you think your site will lose because of the above? 2%?
12%? 25%?.. Oh, and then lets consider the fact that less client-side
functionality will mean more server side functionality, hence more data
traffic. Then you'll have pissed off modem users aswell. Good choice.
The web matures. Just because we started out with 8088's doesnt mean
applications today has to run on 20 year old PC's, does it?.
/Thomas
"Tom Gilder" <n...@email.ok> wrote in message
news:gY1%7.2018$Hx3.4...@news11-gui.server.ntli.net...
Bertrand Le Roy
"Tom Gilder" <n...@email.ok> wrote in message
news:gY1%7.2018$Hx3.4...@news11-gui.server.ntli.net...
Bertrand Le Roy
"Thomas Nielsen [AM Multimedia]" <jack_...@hotmail.com> wrote in message
news:eK3u#EVmBHA.2212@tkmsftngp05...
Tom Gilder
> 12% (which is the 12% least interested in the net anyway - regular surfers
> upgrade) - and your site will lose functionality and important design
> features.
People who disable scripting are quite likely to be more advanced surfers - the disable scripting setting in IE isn't exactly easy
to find.
> Now, for arguments sake, lets say you somehow "convinced" the customer, and
> did you site with no javascript at all.
I haven't said that. I've said provide simply, easy-to-do and very, very quick alternatives to people without.
> Then lets deduct the number of people who will simply leave your site,
> because navigation is ancient, uninteressting and boring. And dont give me
> any "you can do the same without scripting as you can with" - You cant!!.
No, you can easily provide a flashy navigation system - but have it work without scripting. Making a list of links within a
<noscript> doesn't take forever.
> Saying scripting is a "luxury" is an obvious proof of someone not
> understanding what the powers of client-side functionality is.
I totally understand the power of client-side scripting. But you can almost always provide alternatives, that don't harm the script.
> How many people do you think your site will lose because of the above? 2%?
> 12%? 25%?.. Oh, and then lets consider the fact that less client-side
> functionality will mean more server side functionality, hence more data
> traffic. Then you'll have pissed off modem users aswell. Good choice.
0%, due to me not doing what you say I'm doing.
> The web matures. Just because we started out with 8088's doesnt mean
> applications today has to run on 20 year old PC's, does it?.
If you can do so easily, without hurting scripts, then why not?
Thor Larholm
> The web matures. Just because we started out with 8088's doesnt mean
> applications today has to run on 20 year old PC's, does it?.
Tom never said anything about NOT using clientside scripting, he merely
pointed out the fact that clientside scripting CAN and SHOULD downgrade
gracefully. There is nothing to stop the form submit links discussed earlier
from downgrading perfectly, if the author had just a grain of sense.
We originally discussed Toms articles in comp.lang.javascript, under the
subject "Accessible Scripting" - which can be viewed at
<URL:
http://groups.google.com/groups?selm=kNLZ7.61828%244x4.8828885%40news2-win.s
erver.ntlworld.com >
--
Thor Larholm
<URL: http://www.jibbering.com/faq/> FAQ for comp.lang.javascript
Thor Larholm
> "Tom Gilder" <n...@email.ok> wrote
> > <a id="Link" href="javascript:__doPostBack('Link','')">Link</a>
> >
but
> I think the reason they do this is because earlier versions of Navigator
> don't support the onclick event for anchor tags (only images, I think) and
> so you have to use this hack in order to get Navigator to execute code
when
> you click a link. If the browser has script disabled, then using onlick
> rather than href will not buy you anything, so that point is moot.
I'm sorry Peter, but you seem to have gotten a bit confused - it's the other
way around.
These earlier versions of Netscape DO support the onclick event on A tags,
and _not_ on IMG tags.
So in reality, there is absolutely no reason for them to use the Javascript:
pseudo-protocol to trigger scripts.
If you take a look at the link Tom posted
<URL: http://tom.vpwsys.co.uk/scripting/submit.asp >
you will notice that it doesn't even require scripting to submit a form by
clicking a link.
We previously discussed the topic "Accessible scripting" in
comp.lang.javascript, you can find the debate on
Jim Ley
"Thomas Nielsen [AM Multimedia]" <jack_...@hotmail.com> wrote in
message news:eK3u#EVmBHA.2212@tkmsftngp05...
> You have obviously never done development for external customers for a
> living.
Ah, I believe the IBM developers did some work for the Sydney Olympic
Commision, you can read what happened to them in
http://scaleplus.law.gov.au/html/ddadec/0/2000/0/DD000120.htm (or any
SOCOG vs Maguire Google search.)
> Try explaining this to a customer: It will cost you more, you will only
lose
> 12% (which is the 12% least interested in the net anyway - regular
surfers
> upgrade) - and your site will lose functionality and important design
> features.
Regular surfers upgrade, a lovely statement, how many people complained
(after using server side browser detection components provided by
Microsoft) Why does my webpage think IE6 is Netscape? The only way to
protect yourself from the future is too use Good techniques, standards
etc. - also of course href="javascript:" has lots of problems (it's
evaluated at a global scope, it is a different protocol, and there are
all sorts of errors about, the comp.lang.javascript people even think
it's important enough to be in their FAQ -
http://jibbering.com/faq/#FAQ4_24
*
> Now, for arguments sake, lets say you somehow "convinced" the customer,
and
> did you site with no javascript at all.
When did anyone suggest that? All that was suggested, was to not use
stupid javascript: constructs, javascript can be authored in such a way
such that it degrades gracefully, this is what competent authors do, in
many countries as you'll note from the SOCOG vs Maguire, such things are
a legal requirement.
> Saying scripting is a "luxury" is an obvious proof of someone not
> understanding what the powers of client-side functionality is.
Script is a luxury, it's hugely powerful and can lead to a massive
increase in usability, but usability is not accessibility, and the
content can be accessible (even if it's down to providing in text the
mechanism to make a calculation, that you do in javascript.)
> The web matures. Just because we started out with 8088's doesnt mean
> applications today has to run on 20 year old PC's, does it?.
Hmm, my 3 newest browsers all have less javascript capability than IE5.5,
yet are all released after, you seem to think computing power increases
regardless - this is true, but we also like to surf on our PDA's and
televisions and stuff - they are 10 year old PC's, and have completely
different needs.
Many organisations (especially corporates) have ethical policies (quite
apart from their legal requirements) that require non-discrimination -
javascript is discriminatory.
Jim.
Tom Gilder
> Could you please cite these 5 unpatched security holes in javascript?
This good enough for you? Some of these have been unpatched for nearly a month...
1) document.open to access any other site
You can access any other site's DOM and cookies using document.open in place of window.open, across domains and security zones -
http://www.securityfocus.com/bid/3721
2) Download dialog file name spoof
The name of a file can be spoofed in the download dialog, to make the user believe he or she is downloading a harmless file -
http://www.securityfocus.com/bid/3578 is not fully patched, see http://jscript.dk/Jumper/xploit/contentspoof.asp - that apparently
tries to download readme.txt, but if you click open it actually runs a HTA with full system access (however it does nothing of harm
in this example).
3) GetObject read local files
You can use a GetObject exploit to read local files - http://www.securityfocus.com/bid/3767 - good example at
http://jscript.dk/Jumper/xploit/GetObject.html
4) XMLHTTP redirect
Simple server-side redirect will allow the XMLHTTP object to read local files - http://www.securityfocus.com/bid/3699
5) Check if local files exist
Quite minor, you can check the existence of local files with script and onload/onerror events -
http://www.securityfocus.com/bid/3779
Peter Torr (MS)
news:upbjhSVmBHA.2484@tkmsftngp07...
> I'm sorry Peter, but you seem to have gotten a bit confused - it's the
other
> way around.
> These earlier versions of Netscape DO support the onclick event on A tags,
> and _not_ on IMG tags.
Oh yes, how silly of me. And it sounded like quite a reasonable explanation
when I wrote it ;-). I did send mail to the doc people asking them to update
the topic though, so now they have both external and internal people
complaining about it.
ObTopicalComment: I don't allow ActiveX controls to run and any site that
consists of a big Flash object immediately gets ignored by me... I cannot
believe that some sites don't have anything on their home page -- not even a
<title> -- and all you see is a blank page if you don't have Flash installed
/ enabled. (Of course I have to put MSDN et al in my "Trusted Sites" zone
because it use MSXML ...grumble... but at least I have Trusted Sites set to
"Prompt" so I can ignore them if I want).
Bertrand Le Roy
enough".
About the second one, how is this javascript related and how disabling
javascript can avoid this issue?
Please note that I was asking this out of curiosity and insterest and not
aggressively. I don't even know you.
I still think that among the 12% (by the way, would it be possible to have
the URL of the document that gives this figure?), there are essentially
people browsing porn and warez sites and not wanting to be bothered by
popups (I'm even surprised at this low figure, I would have expected more
for this effect alone).
In our own experience (which is quite important, thank you, we've been in
this business for 7 years), we have NEVER had a single complaint about any
site not working when javascript is disabled, and we use it quite heavily.
Unless it is an explicit demand from our customer (and this never happened
so far), we just don't bother. Call us lazy if you want.
We have enough work verifying that our javascript works for all major
browsers and platforms and that spiders can access the relevant parts of our
sites.
"Tom Gilder" <n...@email.ok> wrote in message
news:NK2%7.3685$1s6.7...@news6-win.server.ntlworld.com...
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> Thanks very much. I wouldn't say this is "good enough", I would say
"bad
> enough".
> >
have
> the URL of the document that gives this figure?)
http://www.thecounter.com - it was in the original document Tom linked
to.
>, there are essentially
> people browsing porn and warez sites and not wanting to be bothered by
> popups (I'm even surprised at this low figure, I would have expected
more
> for this effect alone).
http://www.thecounter.com - are unlikely to have that many porn sites in
their database...
> In our own experience (which is quite important, thank you, we've been
in
> this business for 7 years), we have NEVER had a single complaint about
any
> site not working when javascript is disabled, and we use it quite
heavily.
Maybe your contact form is only accessible with javascript :-)
People don't complain - they expect sites not to work, and just go
elsewhere, we all have too many competitors...
> Unless it is an explicit demand from our customer (and this never
happened
> so far), we just don't bother. Call us lazy if you want.
I'd use "unprofessional".
> We have enough work verifying that our javascript works for all major
> browsers and platforms and that spiders can access the relevant parts
of our
> sites.
At least that's better than many - do you remember to test in various
configurations aswell.
Jim.
Jim Ley
"Peter Torr (MS)" <pt...@microsoft.com> wrote in message
news:eOT$StXmBHA.2440@tkmsftngp05...
> "Thor Larholm" <use...@jscript.dk> wrote in message
> news:upbjhSVmBHA.2484@tkmsftngp07...
> > I'm sorry Peter, but you seem to have gotten a bit confused - it's
the
> other
> > way around.
> > These earlier versions of Netscape DO support the onclick event on A
tags,
> > and _not_ on IMG tags.
>
> Oh yes, how silly of me. And it sounded like quite a reasonable
explanation
> when I wrote it ;-).
It's annoying when people pick you up on those isn't it :-)
> I did send mail to the doc people asking them to update
> the topic though, so now they have both external and internal people
> complaining about it.
The real problem is the lack of people in the world who care about this
sort of thing, and it's not helped by the major browser developers
continuing to recommend bad techniques (and fair enough obscure bits of
documentation aren't going to be written by the script expert - the
"DHTML/web scripting" articles are...)
> ObTopicalComment: I don't allow ActiveX controls to run and any site
that
> consists of a big Flash object immediately gets ignored by me... I
cannot
> believe that some sites don't have anything on their home page -- not
even a
> <title> -- and all you see is a blank page if you don't have Flash
installed
> / enabled.
It's a very sad state of affairs indeed, to few people care about
accessibility... Mind you if they can't the page right, is it any
surprise they don't get the script.
Jim.
Tom Gilder
> About the second one, how is this javascript related and how
disabling
> javascript can avoid this issue?
It isn't scripting-releated, it is an issue with the way IE deals with
some HTTP headers. You could use a 3rd party download manager, or just
never click the open button.
> I still think that among the 12% (by the way, would it be possible
to have
> the URL of the document that gives this figure?), there are
essentially
> people browsing porn and warez sites and not wanting to be bothered
by
> popups
Have you been around the web recently? Popups have been spreading all
over commerical wesites - and are widespread on free hosting ones. It
isn't just warez and porn, it is a much bigger issue.
> We have enough work verifying that our javascript works for all
major
> browsers and platforms and that spiders can access the relevant
parts of our
> sites.
But, again, you can disable it.
Bertrand Le Roy
> to.
thanks
> Maybe your contact form is only accessible with javascript :-)
Of course not.
> People don't complain - they expect sites not to work, and just go
> elsewhere, we all have too many competitors...
Yes they do when the site is a professional site or extranet that people
need to use on a daily basis.
> > so far), we just don't bother. Call us lazy if you want.
> I'd use "unprofessional".
Oh. Insults? If you only knew how much I care about what you think of me:
none at all. My customer's satisfaction is al I care about.
Oh, and by the way, is http://jibbering.com/ your idea of a professional web
site?
> > We have enough work verifying that our javascript works for all major
> > browsers and platforms and that spiders can access the relevant parts
> of our
> > sites.
>
> At least that's better than many - do you remember to test in various
> configurations aswell.
Oh, thank you so much for your precious advice.
Bertrand Le Roy
> over commerical wesites - and are widespread on free hosting ones. It
> isn't just warez and porn, it is a much bigger issue.
Oh, insults once more? What did I do to deserve this?
Have you been on porn sites recently? The popups on these sites are of a
different nature than the mildly annoying ones you find on commercial sites:
they open at a very high rate and closing a window brings more popups.
That's a real nuisance that justify disabling javascript if you're an adept
of this kind of site. Which I'm no more than you, naturally.
> > We have enough work verifying that our javascript works for all
> major
> > browsers and platforms and that spiders can access the relevant
> parts of our
> > sites.
>
> But, again, you can disable it.
Yes, knowingly. Which means that you're ready to accept the consequences,
which are that some things just won't work.
Bertrand Le Roy
This is sooooo funny!
Thecounter.com is used on virtually every warez and porn site on earth!!!
And they give no information about the real meaning of their javascript
statistics. Do they just reflect the version of javascript the browser has
in store or does it reflect the disabling of it? Are spiders (which don't
have javascript) excluded from the javascript statistics as they are from
the browser stats?
By the way, the correct figure that's given by thecounter is 10% in january.
12% was for december, 13% for november.
Please...
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> > Maybe your contact form is only accessible with javascript :-)
>
> Of course not.
I never thought for a moment it was - Hence the smiley... Many are
though.
> > People don't complain - they expect sites not to work, and just go
> > elsewhere, we all have too many competitors...
>
> Yes they do when the site is a professional site or extranet that
people
> need to use on a daily basis.
>
> > > so far), we just don't bother. Call us lazy if you want.
> > I'd use "unprofessional".
>
> Oh. Insults?
No, criticism, there's a difference.
> If you only knew how much I care about what you think of me:
> none at all. My customer's satisfaction is al I care about.
Does that mean you have no care about legal requirements? or Professional
ethics, or do you not beleive the web deserves a professional group of
developers? Professional organisations which web developers could become
members of (such as the British Computer Society in the UK.) all have
requirements that you code to standards - The W3's Web Accessibiltiy
Initiatives requires accessibility with scripts disabled - do you think
this is wrong - why? do you feel only able bodied people should have web
access?
Jim.
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> > Have you been around the web recently? Popups have been spreading all
> > over commerical wesites - and are widespread on free hosting ones. It
> > isn't just warez and porn, it is a much bigger issue.
>
> Oh, insults once more? What did I do to deserve this?
Where's the insult? There's a question, and a statement...
> Have you been on porn sites recently?
No, yet I still suffer from popups (well need to take steps to stop
them.)
> Yes, knowingly. Which means that you're ready to accept the
consequences,
> which are that some things just won't work.
And if you use a browser which doesn't have scripting at all, or doesn't
support the particular parts your relying on - what happens then?
(assuming changing browsers isn't possible.)
Jim.
Bertrand Le Roy
Legal requirements??? Is there a law that prevents web developers from using
javascript?
> or Professional
> ethics, or do you not beleive the web deserves a professional group of
> developers?
Is professional ethics forcing you to code applications that require endless
roundtrips to the server?
> Professional organisations which web developers could become
> members of (such as the British Computer Society in the UK.)
Oh, and if you're not a member of such an organisation, you're not
professional? Is that it? That's pathetic.
> all have
> requirements that you code to standards - The W3's Web Accessibiltiy
> Initiatives requires accessibility with scripts disabled - do you think
> this is wrong - why?
Script exists. I use it to bring a better experience to my users. My users
are happy about it. You're not. What do I care?
Nothing.
> do you feel only able bodied people should have web
> access?
What has this to do with anything?
Bertrand Le Roy
> support the particular parts your relying on - what happens then?
> (assuming changing browsers isn't possible.)
Either you're using Lynx or you're a spider.
As for my scripts, they're tested on major navigators and platforms. And
when there's a new version, we just test, as we did when Netscape 6 and IE 6
were released. We're paid for it.
Times sites with blue links are not my idea of the web, sorry.
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> > Does that mean you have no care about legal requirements?
>
> Legal requirements??? Is there a law that prevents web developers from
using
> javascript?
If it's unreasonable yes, in both the UK and Australia, "Section 508" the
similar US is more liberal (but has less of a "reasonable" clause in the
administration) but there are still limitations
http://www.webaim.org/standards/508/checklist has some details of the US
law. Other countries are still framing their laws, or I'm not aware of
them, but yes, in general javascript is subject to many laws in many
countries.
> > or Professional
> > ethics, or do you not beleive the web deserves a professional group
of
> > developers?
>
> Is professional ethics forcing you to code applications that require
endless
> roundtrips to the server?
There's no forcing, you can still use javascript to do all the same as
you do now, you just need to also ensure that your script is not
_required_ to access the content/view the service.
> > Professional organisations which web developers could become
> > members of (such as the British Computer Society in the UK.)
>
> Oh, and if you're not a member of such an organisation, you're not
> professional? Is that it? That's pathetic.
No, I was giving an example of what professionalism means in an
industry - do you disagree on what professionalism is?
> > all have
> > requirements that you code to standards - The W3's Web Accessibiltiy
> > Initiatives requires accessibility with scripts disabled - do you
think
> > this is wrong - why?
>
> Script exists. I use it to bring a better experience to my users.
So use it! I know I do.
> > do you feel only able bodied people should have web
> > access?
>
> What has this to do with anything?
Assistive technologies often only work with browsers that aren't
javascript enabled... or cause other variances e.g JawsForWindows when
working in the default installed mode with IE5.5 doesn't fire any
interactive events at all (onchange, onfocus, onkeydown etc.) . (I'm sure
you're aware of this but maybe there's others who aren't.)
Jim.
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> > And if you use a browser which doesn't have scripting at all, or
doesn't
> > support the particular parts your relying on - what happens then?
> > (assuming changing browsers isn't possible.)
>
> Either you're using Lynx or you're a spider.
What? All spiders I have use IE5.5 and are script enabled, yet I use
lots of browsers which aren't script enabled or are certainly weak in
scripting. How do you deal with the ~10million Fresco browsers in the
UK?
> As for my scripts, they're tested on major navigators and platforms.
And
> when there's a new version, we just test, as we did when Netscape 6 and
IE 6
> were released. We're paid for it.
Ah, you mean you charge your clients for upgrading your sites for new
browsers - yes that's always a good revenue stream, charging people for
what you should've done in the first place... (well at least done as much
as you can with respect to futurability of your code.)
Jim.
Bertrand Le Roy
> similar US is more liberal (but has less of a "reasonable" clause in the
> administration) but there are still limitations
> http://www.webaim.org/standards/508/checklist has some details of the US
> law. Other countries are still framing their laws, or I'm not aware of
> them, but yes, in general javascript is subject to many laws in many
> countries.
Wow! Very interesting reference.
Still, it doesn't prevent you from using javascript, it just enforces rules
that should be applied everywhere, like providing alternative text
representations and keyboard access.
> No, I was giving an example of what professionalism means in an
> industry - do you disagree on what professionalism is?
I would certainly not define it as belonging to a professional association.
Bertrand Le Roy
> browsers - yes that's always a good revenue stream, charging people for
> what you should've done in the first place... (well at least done as much
> as you can with respect to futurability of your code.)
This is getting more and more stupid. Of course I charge my customers for
ensuring that my work is compatible. I charge my customers for my work.
And please stop your insinuations: "what you should have done in the first
place"???
What??? Should I have known in advance what the mad programmers at Netscape
would put in NS6???
You're really being insultant. Personnally, I've been very careful not to
be, as this is a public place. Apologies for annoying everyone here.
I just realized something (and I'll agree on the fact that I was quite slow
to realize this): this thread is completely useless.
I won't convince you, you won't convince me.
Let's get back to work, please.
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> > If it's unreasonable yes, in both the UK and Australia, "Section 508"
the
> > similar US is more liberal (but has less of a "reasonable" clause in
the
> > administration) but there are still limitations
> > http://www.webaim.org/standards/508/checklist has some details of
the US
> > law. Other countries are still framing their laws, or I'm not aware
of
> > them, but yes, in general javascript is subject to many laws in many
> > countries.
>
> Wow! Very interesting reference.
> Still, it doesn't prevent you from using javascript,
I've never it does! No law anywhere does, some do require sites work
without javascript enabled though.
> it just enforces rules
> that should be applied everywhere, like providing alternative text
> representations and keyboard access.
Yes, as I said the US (interpretation?) law is more lenient than the UK
and Australia one - so if you're providing services in those markets.
The WAI guidelines WCAG 1.0 and WCAG 2.0 are more explicit and state
sites must work with script disabled 6.3 in WCAG 1.0 (wcag 2 is still
being drafted.) see http://www.w3.org/TR/WAI-WEBCONTENT/#tech-scripts
(also an interesting read!)
> > No, I was giving an example of what professionalism means in an
> > industry - do you disagree on what professionalism is?
>
> I would certainly not define it as belonging to a professional
association.
Neither would I! but many of their requirements of members are similar to
my own idea of how professionals should conduct themselves.
Jim.
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> This is getting more and more stupid. Of course I charge my customers
for
> ensuring that my work is compatible. I charge my customers for my work.
> And please stop your insinuations: "what you should have done in the
first
> place"???
Yes, You should code to standards, if you had there would be virtually no
problems with IE6 for example (indeed NS6 support could've well come free
with your standards based IE5.5 script.) Lots of developers charge users
for reviewing sites so they "work" in IE6, which is something they
should've already done, there may be new bugs in browsers which you have
to deal with, but there's not that many.
> I just realized something (and I'll agree on the fact that I was quite
slow
> to realize this): this thread is completely useless.
> I won't convince you, you won't convince me.
Ah, you seem to think I'm trying to convince you - no (although that
would be nice.) what I'm trying to do is ensure that other readers don't
fall into the same traps you have.
Jim.
Bertrand Le Roy
> problems with IE6 for example (indeed NS6 support could've well come free
You know very well that you can't code to standards with NS4 or IE4.
And you're right on one point: most of the adaptation to NS6 was sending the
IE5.5 code to NS6 instead of the NS4 code, with no other modification.
> with your standards based IE5.5 script.) Lots of developers charge users
> for reviewing sites so they "work" in IE6, which is something they
> should've already done, there may be new bugs in browsers which you have
> to deal with, but there's not that many.
As a matter of fact, we had no problem when IE 6 came out. But we checked
anyway, relying on facts more than self confidence (which is part of being a
"professional developer").
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> > Yes, You should code to standards, if you had there would be
virtually no
> > problems with IE6 for example (indeed NS6 support could've well come
free
>
> You know very well that you can't code to standards with NS4 or IE4.
I do, I also know that if I ensure my pages work without scripting I only
have to ensure that my script doesn't error in those minority browsers
which aren't standard.
> And you're right on one point: most of the adaptation to NS6 was
sending the
> IE5.5 code to NS6 instead of the NS4 code, with no other modification.
Sending? Please don't tell me you use Browser Detection? What do you
send Fresco, Oregano, MSN TV, Pocket IE, AvantGo, Snufkin etc. etc. etc.
http://www.mozilla.org/docs/web-developer/upgrade_2.html
Jim.
Bertrand Le Roy
> I do, I also know that if I ensure my pages work without scripting I only
> have to ensure that my script doesn't error in those minority browsers
> which aren't standard.
What if you want to provide a good experience also for these browsers? We
make javascript that's compatible with these browsers.
> > And you're right on one point: most of the adaptation to NS6 was
> sending the
> > IE5.5 code to NS6 instead of the NS4 code, with no other modification.
>
> Sending? Please don't tell me you use Browser Detection? What do you
Yes, I do in some cases, because there's a difference between pretending to
support standards and supporting them. And NS6.0 has some very strange
behaviors in some cases, that you had to cope with.
> send Fresco, Oregano, MSN TV, Pocket IE, AvantGo, Snufkin etc. etc. etc.
It depends on the target of the application. For example, on many
professional applications, we just don't support them because absolutely no
one will use them or we don't address the public that would. On others, we
provide different pages that are fully adapted to the media: you don't
navigate on a computer like you do on a cell phone, webtv or pocket
organizer, hence we organize the contents differently for these.
And on some applications, we are compatible with all within the same page.
> http://www.mozilla.org/docs/web-developer/upgrade_2.html
Thank you very much for all the documentation you provided. Especially the
thecounter stats which were quite funny.
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> > > You know very well that you can't code to standards with NS4 or
IE4.
> > I do, I also know that if I ensure my pages work without scripting I
only
> > have to ensure that my script doesn't error in those minority
browsers
> > which aren't standard.
>
> What if you want to provide a good experience also for these browsers?
We
> make javascript that's compatible with these browsers.
Then go ahead, it still doesn't mean you need to use browser detection,
and you can compromise on standards if you like IE 4 almost certainly
leaves little compromise (in the standards that matter - HTML since
script standards we have object detection.) NN4 requires some standards
compromise, but you can do it if you want, Again from statistics 4% NN4
12% js disabled - I know of a number of corporates who disable
javascript - they also filter porn, I can believe the 12% and can
certainly believe it's greater than NN4.
> > Sending? Please don't tell me you use Browser Detection? What do you
>
> Yes, I do in some cases, because there's a difference between
pretending to
> support standards and supporting them. And NS6.0 has some very strange
> behaviors in some cases, that you had to cope with.
How do you overcome the huge problems it introduces - do you know what
standards Snufkin or Oregano support?
> It depends on the target of the application. For example, on many
> professional applications, we just don't support them because
absolutely no
> one will use them or we don't address the public that would.
Ah, you know everyone of your users - right so this isn't a
world-wide-web project, fair enough do what you want.
> On others, we
> provide different pages that are fully adapted to the media: you don't
> navigate on a computer like you do on a cell phone, webtv or pocket
> organizer, hence we organize the contents differently for these.
Snufkin, Konquerer, Opera, Oregano, Fresco, iCab, MSIE Solaris all
Desktop browsers what do you deliver to those?
Jim.
Bertrand Le Roy
> javascript - they also filter porn, I can believe the 12% and can
> certainly believe it's greater than NN4.
You'll have to find more serious statistics than those from thecounter.
> > Yes, I do in some cases, because there's a difference between
> pretending to
> > support standards and supporting them. And NS6.0 has some very strange
> > behaviors in some cases, that you had to cope with.
> How do you overcome the huge problems it introduces - do you know what
> standards Snufkin or Oregano support?
No, but my scripts run on NS6. And I don't have a single hit from these on
the concerned websites. The day I get some, I'll begin investigating them.
> > It depends on the target of the application. For example, on many
> > professional applications, we just don't support them because
> absolutely no
> > one will use them or we don't address the public that would.
> Ah, you know everyone of your users - right so this isn't a
> world-wide-web project, fair enough do what you want.
So you think that everything on the web is targeted to the general public?
Interesting point of view.
> > On others, we
> > provide different pages that are fully adapted to the media: you don't
> > navigate on a computer like you do on a cell phone, webtv or pocket
> > organizer, hence we organize the contents differently for these.
> Snufkin, Konquerer, Opera, Oregano, Fresco, iCab, MSIE Solaris all
> Desktop browsers what do you deliver to those?
It depends on who the project targets. Opera and Konqueror usually pose no
big problem as they are pretty standard.
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> No, but my scripts run on NS6. And I don't have a single hit from these
on
> the concerned websites. The day I get some, I'll begin investigating
them.
Snufkin Identifies itself as IE5.5 (or 6, or 5) so maybe you're already
getting some - how would you know?
> > > On others, we
> > > provide different pages that are fully adapted to the media: you
don't
> > > navigate on a computer like you do on a cell phone, webtv or pocket
> > > organizer, hence we organize the contents differently for these.
> > Snufkin, Konquerer, Opera, Oregano, Fresco, iCab, MSIE Solaris all
> > Desktop browsers what do you deliver to those?
>
> It depends on who the project targets. Opera and Konqueror usually pose
no
> big problem as they are pretty standard.
Could you give an example or two about what you mean by "project targets"
Jim.
Tom Gilder
> > Have you been around the web recently? Popups have been spreading
all
> > over commerical wesites - and are widespread on free hosting ones.
It
> > isn't just warez and porn, it is a much bigger issue.
>
> Oh, insults once more? What did I do to deserve this?
"Once more"? How have I insulted you? It *is* a much bigger problem
than these sorts of sites.
> Have you been on porn sites recently? The popups on these sites are
of a
> different nature than the mildly annoying ones you find on
commercial sites:
> they open at a very high rate and closing a window brings more
popups.
> That's a real nuisance that justify disabling javascript if you're
an adept
> of this kind of site. Which I'm no more than you, naturally.
I have seen this type of popup on more tasteful sites. More and more I
have also seen the use of chromeless windows - sometimes with no close
button.
Tom Gilder
> You'll have to find more serious statistics than those from
thecounter.
So 483984042 user agents (last month) from a massive range of sites
isn't good enough for you?
Bertrand Le Roy
> getting some - how would you know?
So does Konqueror, but it still leaves a recognizable signature in my web
site's log files. It's a good point anyway. I don't know if Snufkin leaves
exactly the same trace as IE in the logs. Perhaps you can tell me.
> Could you give an example or two about what you mean by "project targets"
Yes, take for example a syndicate of professional organizations that I won't
name and that wants to communicate syndical news and provide access to
specialized applications.
The news target a more general audience and is thus made available in all
kinds of formats (including raw xml for exchange with other organizations).
The specialized applications target a much narrower public that we know for
sure uses recent versions of NS or IE.
The backoffice targets an even narrower public that we know uses exclusively
IE>5.
We use different precautions at each level.
Bertrand Le Roy
There's a very popular free version of thecounter that is used on a vast
majority of the porn and warez sites.
As you know, these sites represent a very substantial part of the traffic on
the web, and it's enough to bias the statistics, as more users of these
sites disable javascript.
It's a very common practice to use two different browsers, one configured
without javascript for these kinds of sites, and the other with javascript.
"Tom Gilder" <n...@email.ok> wrote in message
news:Yzj%7.8118$Hx3.1...@news11-gui.server.ntli.net...
Bertrand Le Roy
I'm not interested in amateur sites statistics.
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
news:eeZQrofmBHA.956@tkmsftngp05...
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> > Snufkin Identifies itself as IE5.5 (or 6, or 5) so maybe you're
already
> > getting some - how would you know?
>
> So does Konqueror, but it still leaves a recognizable signature in my
web
> site's log files. It's a good point anyway. I don't know if Snufkin
leaves
> exactly the same trace as IE in the logs. Perhaps you can tell me.
I told you it uses exactly what IE5.5 (or 5 or 6) sends, nothing
different at all, you cannot identify it on the server (and you'll
struggle to identify it on the client for that matter.)
Jim.
Bertrand Le Roy
Do you have an idea how many people in the world use Snufkin?
"Jim Ley" <j...@jibbering.com> wrote in message
news:eV76FrfmBHA.2596@tkmsftngp05...
Jim Ley
"Bertrand Le Roy" <bleroy at magnit dot com> wrote in message
> Well, after all, deep down, isn't snufkin Internet Explorer?
Only the rendering engine and the script engine, the DOM is different -
which surely matters!
> Do you have an idea how many people in the world use Snufkin?
Nope, there's no way to identify them is there :-)
Maybe we could conduct a poll ?
Jim.
Bertrand Le Roy
OK. Why not stop here? Sorry about the very long thread.
"Jim Ley" <j...@jibbering.com> wrote in message
news:esq944fmBHA.2480@tkmsftngp05...