User Agent Detection Logic

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Fotios

    #16
    Re: User Agent Detection Logic

    [color=blue]
    >
    > It would, however, be a useful precaution against appearing to be a
    > person of inadequate sagacity. Of course, that appearance would in that
    > case not be misleading.[/color]

    This is a javascript group doc. If you are looking for sagacity per se maybe
    you are looking in the wrong place. If your way of achieving sagacity is
    reading JS FAQs then maybe you ought to wonder if something is wrong with
    you. Finally, if you wish to rephrase the syntactic and semantic abomination
    you just posted, I'll still read it (although I don't know if I really
    should).

    F.
    --






    Comment

    • Richard Cornford

      #17
      Re: User Agent Detection Logic

      "Fotios" <f_bass@yahoo.c om> wrote in message
      news:3f6e6b22$0 $216$bed64819@n ews.gradwell.ne t...[color=blue][color=green]
      >>So you haven't bothered to read the comp.lang.javas cript
      >>FAQ before posting then:-
      >>
      >><URL: http://jibbering.com/faq/#FAQ4_26 >[/color]
      >
      >I do not need to read the FAQ before or after I post.
      >[color=green]
      >>- as it says essentially the same thing. (Still, I don't
      >>expect you would consider that a document that is subject
      >>the scrutiny and review of all of the regular poster to
      >>this group as having anything accurate to say on the
      >>subject of browser scripting.)[/color][/color]
      [color=blue]
      >I don't know what to answer to you as I have not read
      >the FAQ.[/color]

      You could try to explain why you "do not need to read the FAQ". It
      certainly isn't because you are already familiar with its contents, or
      that you know JavaScript and browser scripting better than its
      collective authors (though it may be because you believe one, or both,
      of those to be the case).

      <snip>[color=blue]
      >Isn't it still a fact that most script that goes around
      >is not cross-browser?[/color]

      Yes, it is also a fact that some scripts do not even manage to be
      multi-browser (which is all that your scripting actually aspires to be,
      judging by your other posts in this thread). But why would
      comp.lang.javas cript promote the lowest common denominator as the
      acceptable standard in a world where the norm is so poor? In fact the
      poverty of the mass of current Internet script authoring is probably the
      best justification for promoting only the highest standards in browser
      scripting: True cross-browser scripting; authoring for any and every
      browser, including the ones that will not execute JavaScript at all. And
      the only strategy that is capable of delivering scripts that function,
      or gracefully degrade (as appropriate), in JavaScript enabled browsers
      is feature detecting to determine browser support for the features
      required by the script.
      [color=blue]
      >I have also heard that no scripter really knows what
      >he/she is doing. What do you think about that?[/color]

      If you did hear that it will have been from the lips of someone who did
      not know what they were doing and was looking to justify their
      unwillingness to find out.
      [color=blue][color=green][color=darkred]
      >>>A detector is about "what is" not about "what ought to be".[/color]
      >>
      >>So test "what is" not "what ought to be" which is what
      >>you are testing by assuming that the navigator.userA gent
      >>string ought to be a discriminating indicator of the type
      >>and version of a web browser. It is not and has not been
      >>for quite some time now.[/color]
      >
      >One can easily write a lynx-like user agent that supplies
      >any user string he/she damn pleases.[/color]

      It appears (from existing web browsers) that it is not too difficult to
      write an IE-like web browser that supplies whatever user agent string
      the user chooses (or its authors prefer). It has been done, many times.
      [color=blue]
      >Why does that shatter the status of things? (The status being
      >that all major browsers have - and should have - distinctive
      >default strings)[/color]

      Of what value is it that some browsers have default user agent string
      that are distinct from each other when they are indistinguishab le from
      the user agent strings of a cluster of other browsers? Of what value is
      it when those strings are only the default values and the user has easy
      access to mechanisms for changing them; mechanisms that (usually) have
      zero impact on the actual abilities of the browser? And why "should
      have"? Because it suites you?

      The status of things is that the navigator.userA gent string is no longer
      a discriminating identifier of web browsers and, if it ever was, it
      never will be again.
      [color=blue][color=green]
      >>As it is your code will identify Konqueror 3 as IE,
      >>Netscape, Opera Konqueror and unknown depending on which
      >>of the userAgent string I choose form the list of 20 odd
      >>provided in the drop-down in the preferences.[/color]
      >
      >Well, if you change the string you are on your own.[/color]

      Web browsers are user configurable software. If the user has the options
      in the software preferences then it is just unrealistic not to expect
      them to configure their browser to reflect their preferences. In all of
      the web site/application specifications I have seen to date I have seen
      requirements to work with only a limited set of named browsers/versions
      and even requirements to work only with JavaScript enabled browsers but
      I have never seen it stated that scripts were only required to work with
      those browsers in their _default_ configurations.

      Of course your "browser detecting" followed by the assumption that
      everything is then going to be the way that you are expecting it is
      going to fall down with many non-default configurations even on IE.
      [color=blue][color=green]
      >>While the same script will be absolutely convinced that
      >>my Palm OS web browser is IE 6, but a script that treats
      >>it as IE 6 will fail horribly. To qualify as a "detector"
      >>a script should be expected to produce discriminating
      >>results. The navigator.userA gent string just cannot provide
      >>that.[/color]
      >
      >Only because you were naughty and you changed the string.[/color]

      No I did not. Pals OS web browser is just one of a number of browsers
      that use a user agent string that is indistinguishab le from an IE user
      agent string, and it doesn’t give the user any direct access to
      alternatives. And indistinguishab le means indistinguishab le, there is no
      telling substring that can be used to distinguish them from IE versions
      (on the Palm even the reported OS is fictional).
      [color=blue]
      >What is the motivation in coding for the miniscule percentage
      >of users who not only use virtually non-existent browsers
      >but also play with their user agent strings?[/color]

      Because feature detecting does not have any interest in the type or
      version of the web browser so there is no extra effort or work involved
      in coping with any minority browser. (assuming of course that these
      browsers that are indistinguishab le from IE are actually minority
      browsers. It is impossible to tell if they always appear in the browser
      statistics as IE). You just write the script and if the browser supports
      the required features then you are in business and if not its time to
      gracefully degrade.
      [color=blue][color=green]
      >>But, as I said, it is almost never necessary to know the
      >>browser type or version. Feature detection ...[/color][/color]
      <snip>
      [color=blue]
      >1. Detecting a browser type is not necessarily for scripting
      >purposes. For instance, you may not like the way something
      >renders in gecko.[/color]

      Rendering is presentation, so CSS. Use CSS solutions for CSS problems,
      involving scripting is unnecessary (and unreliable) but you cannot make
      a discriminating identification of a Gecko browser from its user agent
      string anyway as several Gecko variants (most notably Gostzill) are ser
      up to report any of a range of preference settable userAgent strings
      (including spoofing IE 100%) and a few even provide the user with the
      option to type in anything they want as a user agent string. (these are
      normal GUI configuration settings available under preferences not some
      devious hack. However, all Gecko userAgent strings are amenable to
      alteration by devious hack as well).
      [color=blue]
      >2. I don't want to build a detector every time depending
      >on what I want to use.[/color]

      You are still thinking in terms of browser detecting. Feature detecting
      is an integral part of scripting; there is no distinct "detector" at
      all.
      [color=blue]
      >3. A generic feature based browser detector seems to be
      >much more work than the one I posted. If you build one
      >let me know and I will give it a try.[/color]

      The reason that I use the term "feature detecting" as opposed to the
      more common term "object detecting" (apart from the fact that you also
      have to be testing functions, properties with primitive values and
      sometimes language implementation characteristics ) is that "object
      detecting" is associated with attempts to detect browser types and
      versions based on objects present in their DOMs. That technique was
      widely adopted when it initially became clear that browser detecting
      based on userAgent strings was no longer viable and initially produced
      code like:-

      var isIE = document.all?tr ue:false;
      var isNet4 = document.layers ?true:false;

      The response to this type of browser detecting (attempts at a generic
      object detecting based browser detector) was that other browser
      manufacturers started implementing document.all collections, or
      document.layers collections or any other object/feature that someone had
      hit upon as a discriminating indicator of a particular browser. And they
      did this for exactly the same reasons that they started spoofing each
      other’s user agent strings in the first palace. We now live in a world
      where as many browsers have a document.all collection as don’t and the
      last thing that its presence in a DOM means is that the browser is IE.

      And it goes on; someone hits upon the idea of using the ActiveXObject
      constructor as a discriminating indicator of IE 5+ and then uses that to
      exclude non-IE 5+ browsers, and then we find that IceBrowser 5 has an
      ActiveXObject constructor.

      Pick a feature as a discriminating indicator of a browser and implement
      your browser detecting based on that and the next thing you know a
      couple of other browsers will have implemented that feature, or faked
      it, and your browser detecting script is no longer doing what it was
      designed to do.

      The recurring theme here is that the purpose that you, and most others,
      put browser detecting to motivates the browser manufacturers (including
      Microsoft; witness the "Mozilla 4.0" that its userAgent string starts
      with) to do what ever it takes to sidestep that browser detection.

      The result is that browser detection as a practice has resulted in its
      own invalidity.

      The solution is to abandon browser detection as an idea and concentrate
      on detecting the specific features that a script actually needs in order
      to run. Never interested in the type of version of the browser, never
      assuming that the existence of on feature implies the presence of
      another and resulting in scripts that do what they can when they can and
      fail cleanly when they can't, even on the browsers that will not be
      released until next year and whose names are as yet unknown.

      Richard.



      Comment

      • Fotios

        #18
        Re: User Agent Detection Logic

        [color=blue]
        > You could try to explain why you "do not need to read the FAQ".[/color]

        Sure. For the same reason I do not need to read the bible in order to be a
        good Christian.
        I suppose one can find many similar ways to explain what you asked.

        I'll tell you the truth tho. I have read the FAQ about 2 years back.
        Since then so much has happened that I do not even remember what was in
        there and what not.
        [color=blue]
        > It
        > certainly isn't because you are already familiar with its contents, or
        > that you know JavaScript and browser scripting better than its
        > collective authors
        > (though it may be because you believe one, or both,
        > of those to be the case).[/color]

        I don't even ponder over such questions. It is just that I like solving
        problems on my own. I am in this business strictly for the fun that this
        entails.
        [color=blue]
        >
        > <snip>[color=green]
        > >Isn't it still a fact that most script that goes around
        > >is not cross-browser?[/color]
        >
        > Yes, it is also a fact that some scripts do not even manage to be
        > multi-browser (which is all that your scripting actually aspires to be,
        > judging by your other posts in this thread).[/color]

        Well, the scripts that I have posted are certainly multi-browser so what you
        say here is obviously wrong.
        [color=blue]
        > True cross-browser scripting; authoring for any and every
        > browser, including the ones that will not execute JavaScript at all. And
        > the only strategy that is capable of delivering scripts that function,
        > or gracefully degrade (as appropriate), in JavaScript enabled browsers
        > is feature detecting to determine browser support for the features
        > required by the script.[/color]

        Read below for an answer to that.
        [color=blue]
        >[color=green]
        > >I have also heard that no scripter really knows what
        > >he/she is doing. What do you think about that?[/color]
        >
        > If you did hear that it will have been from the lips of someone who did
        > not know what they were doing and was looking to justify their
        > unwillingness to find out.[/color]

        You sound hurt. Why don't you tell us what else you do well except scripting
        (if we assume that you even do that well).
        Maybe you can prove that you don't have any ego-related reason in making
        this claim.

        [color=blue]
        >
        > Of what value is it that some browsers have default user agent string
        > that are distinct from each other when they are indistinguishab le from
        > the user agent strings of a cluster of other browsers? Of what value is
        > it when those strings are only the default values and the user has easy
        > access to mechanisms for changing them; mechanisms that (usually) have
        > zero impact on the actual abilities of the browser? And why "should
        > have"? Because it suites you?[/color]

        Have you ever wondered why the user agent string is there at all? Why was it
        introduced and kept in countless versions and builds?

        I quote from RFC 2616:
        ----
        14.43 User-Agent

        The User-Agent request-header field contains information about the
        user agent originating the request. This is for statistical purposes,
        the tracing of protocol violations, and automated recognition of user
        agents for the sake of tailoring responses to avoid particular user
        agent limitations. User agents SHOULD include this field with
        requests. The field can contain multiple product tokens (section 3.8)
        and comments identifying the agent and any subproducts which form a
        significant part of the user agent. By convention, the product tokens
        are listed in order of their significance for identifying the
        application.

        User-Agent = "User-Agent" ":" 1*( product | comment )

        Example:

        User-Agent: CERN-LineMode/2.15 libwww/2.17b3
        ----

        After all the computer world only revolves because there are standards that
        are followed by majorities.

        [color=blue]
        >
        > The status of things is that the navigator.userA gent string is no longer
        > a discriminating identifier of web browsers and, if it ever was, it
        > never will be again.[/color]

        The point is that it should be.On the other hand perhaps your faith that
        object/property testing will remain a good way to test is overly inflated.

        [color=blue]
        > Web browsers are user configurable software. If the user has the options
        > in the software preferences then it is just unrealistic not to expect
        > them to configure their browser to reflect their preferences. In all of
        > the web site/application specifications I have seen to date I have seen
        > requirements to work with only a limited set of named browsers/versions
        > and even requirements to work only with JavaScript enabled browsers but
        > I have never seen it stated that scripts were only required to work with
        > those browsers in their _default_ configurations.[/color]

        You are not supposed to fake user agent strings. Period.
        This feature has only become available in various browsers and only because
        it is very easily implementable.

        [color=blue]
        >
        > Of course your "browser detecting" followed by the assumption that
        > everything is then going to be the way that you are expecting it is
        > going to fall down with many non-default configurations even on IE.[/color]

        What percentage do you think? I say it works 99%.
        [color=blue]
        >
        > No I did not. Pals OS web browser is just one of a number of browsers
        > that use a user agent string that is indistinguishab le from an IE user
        > agent string, and it doesn't give the user any direct access to
        > alternatives. And indistinguishab le means indistinguishab le, there is no
        > telling substring that can be used to distinguish them from IE versions
        > (on the Palm even the reported OS is fictional).[/color]

        Too bad. I think Opera also had the unfortunate idea of defaulting to
        completely faking the IE ua string a few versions back. It seems they did
        not keep it up for long.

        [color=blue]
        >
        > (assuming of course that these
        > browsers that are indistinguishab le from IE are actually minority
        > browsers. It is impossible to tell if they always appear in the browser
        > statistics as IE).[/color]

        Heh, sorry but this reminds me of comical Ali.

        [color=blue]
        >[color=green]
        > >1. Detecting a browser type is not necessarily for scripting
        > >purposes. For instance, you may not like the way something
        > >renders in gecko.[/color]
        >
        > Rendering is presentation, so CSS. Use CSS solutions for CSS problems,[/color]

        Yeah but CSS does not always work the way one wants and the detection is
        done in JS not CSS.

        [color=blue]
        >
        > You are still thinking in terms of browser detecting. Feature detecting
        > is an integral part of scripting; there is no distinct "detector" at
        > all.[/color]

        wow, that is tew kewl (and deep).

        A few points to keep you busy:

        * Should every browser preferably have a distinctive user agent string or
        not? Don't read the RFC just use your common sense.

        * You are trying to make a rule out of the exception (exception being the
        faked strings)

        * I can write a user agent that fakes the existence of certain JS objects
        but provides others while for the faked ones has Shakespeare quotes as the
        return value of various methods. I could name this product Fudgilla (create
        say 10 variants of it under different names like Geekzilla), make it freely
        available to the geek crowds and then argue that because these products
        exist the feature detection method is no good anymore for deciding what kind
        of browser we got.

        Don't scratch your head too hard.

        F.


        Comment

        • Lasse Reichstein Nielsen

          #19
          Re: User Agent Detection Logic

          "Fotios" <f_bass@yahoo.c om> writes:
          [color=blue][color=green]
          > > Yes, it is also a fact that some scripts do not even manage to be
          > > multi-browser (which is all that your scripting actually aspires to be,
          > > judging by your other posts in this thread).[/color]
          >
          > Well, the scripts that I have posted are certainly multi-browser so what you
          > say here is obviously wrong.[/color]

          Uhm, no. He said that it is multi-browser, but not cross-browser, so
          you agree with him.
          [color=blue]
          > Have you ever wondered why the user agent string is there at all? Why was it
          > introduced and kept in countless versions and builds?[/color]
          ....[color=blue]
          >
          > User-Agent = "User-Agent" ":" 1*( product | comment )
          >
          > Example:
          >
          > User-Agent: CERN-LineMode/2.15 libwww/2.17b3
          > ----
          >
          > After all the computer world only revolves because there are standards that
          > are followed by majorities.[/color]

          It is *not* followed by the majorities. Internet Explorer doesn't follow it!

          IE claims to be Mozilla/4.0 and then adds a comment saying that it is really
          (Compatible; MSIE 6,0;...).

          Every time someone makes a page that restricts access to some
          browsers, most likely including IE, a browser will change, or allow
          the user to change, how it identifiers itself. It does that, not because
          it doesn't care about the standard, but because it has to work in a world
          where page authors force them to lie.
          [color=blue][color=green]
          > > The status of things is that the navigator.userA gent string is no longer
          > > a discriminating identifier of web browsers and, if it ever was, it
          > > never will be again.[/color][/color]
          [color=blue]
          > The point is that it should be.[/color]

          The point is also that browser detection shouldn't be necessary.

          But it isn't. Browsers should support standards, but the most widely
          used browser doesn't understand proper CSS 2 and doesn't follow the W3C
          DOM specifications.
          [color=blue]
          > On the other hand perhaps your faith that object/property testing
          > will remain a good way to test is overly inflated.[/color]

          Care to explain why?
          [color=blue]
          > You are not supposed to fake user agent strings. Period.[/color]

          You are not supposed to restrict access to a page based on the
          browser. That is counter to the very basic concept of the web.
          But they do, and browsers adapt.

          It is sad that faking your user agent string is necessary, but
          blame the page authors, not the browser vendors or users. They
          started it.
          [color=blue]
          > This feature has only become available in various browsers and only
          > because it is very easily implementable.[/color]

          And not because there was a need?
          Do you really mean that?
          [color=blue]
          > * Should every browser preferably have a distinctive user agent string or
          > not? Don't read the RFC just use your common sense.[/color]

          They should.
          Do they? No.
          Your code is meant to solve a real life problem: That browsers are different.
          In an ideal world, your program is not necessary.
          In the real world, it should consider the real life problem that the user
          agent string can not be trusted in all cases.

          I don't know the percentage of people faking their user agent string.

          I do when I access MSDN, because otherwise they won't show me the
          page. I am smart enough to handle it in Proximitron, so not all pages
          are affected. Not everyone is.

          I do know that your program would have problems with detecting Netscape 4,
          since it identifies itself as Mozilla/4, and so does IE.

          Your test relies on the comment part of the userAgent string to identify
          IE, which is not following the standard anyway.

          Built-in user-agent strings in the browsers you try to identify.
          Opera:
          Opera/7.20 (Windows NT 5.1; U) [en]
          Mozilla/5.0 (Windows NT 5.1; U) Opera 7.20 [en]
          Mozilla/4.78 (Windows NT 5.1; U) Opera 7.20 [en]
          Mozilla/3.0 (Windows NT 5.1; U) Opera 7.20 [en]
          Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.20 [en]

          Netscape 4.08:
          Mozilla/4.08 [en] (WinNT; I ;Nav)

          Mozilla Firebird 0.6
          Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6
          Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
          Mozilla/4.8 [en] (Windows NT 5.0; U)
          Opera/7.11 (Windows NT 5.1; U) [en]

          Internet Explorer 6:
          Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; .NET CLR 1.1.4322)

          This doesn't count browsers on other platforms, still mostly Mac and
          Unix, but increasingly also mobile devices.

          /L
          --
          Lasse Reichstein Nielsen - lrn@hotpop.com
          Art D'HTML: <URL:http://www.infimum.dk/HTML/randomArtSplit. html>
          'Faith without judgement merely degrades the spirit divine.'

          Comment

          • Mark Preston

            #20
            Re: User Agent Detection Logic

            On Mon, 22 Sep 2003 13:14:45 +0100, Dr John Stockton
            <spam@merlyn.de mon.co.uk> wrote:
            [color=blue]
            >JRS: In article <3f6e6b22$0$216 $bed64819@news. gradwell.net>, seen in
            >news:comp.lang .javascript, Fotios <f_bass@yahoo.c om> posted at Mon, 22
            >Sep 2003 06:23:59 :-
            >[color=green]
            >>I do not need to read the FAQ before or after I post.[/color]
            >
            >It would, however, be a useful precaution against appearing to be a
            >person of inadequate sagacity. Of course, that appearance would in that
            >case not be misleading.
            >[/color]
            Touche, John....

            Comment

            • Fotios

              #21
              Re: User Agent Detection Logic

              [color=blue][color=green]
              > > Well, the scripts that I have posted are certainly multi-browser so what[/color][/color]
              you[color=blue][color=green]
              > > say here is obviously wrong.[/color]
              >
              > Uhm, no. He said that it is multi-browser, but not cross-browser, so
              > you agree with him.[/color]

              yup, I misread that part. I guess I do agree with him on this one.

              [color=blue]
              >
              > It is *not* followed by the majorities. Internet Explorer doesn't follow[/color]
              it![color=blue]
              >
              > IE claims to be Mozilla/4.0 and then adds a comment saying that it is[/color]
              really[color=blue]
              > (Compatible; MSIE 6,0;...).[/color]

              The mozilla string is there because of known historical reasons. What you
              should ask yourself is why the MSIE
              part is there. Is it by chance?

              [color=blue]
              >
              > Every time someone makes a page that restricts access to some
              > browsers, most likely including IE, a browser will change, or allow
              > the user to change, how it identifiers itself. It does that, not because
              > it doesn't care about the standard, but because it has to work in a world
              > where page authors force them to lie.[/color]

              And has to do that because there are millions of scripts that are blocking
              access to various browsers.
              In your js circumscribed world you fail to see that as long as a browser
              cannot claim to work in every aspect of its rendering and runtime behavior
              exactly as a different one then it should not (and is not in its interest)
              fake the string of the other browser or the results will be embarrasing.
              Furthermore as long as two browsers fail to be identical in their behavior
              the motivation for distinguishing between them is *very* real and with it
              the motivation for writing discriminating browser detection scripts.

              A couple of facts:
              -----------------

              * Faked strings by browsers (and not robots) are a *very* rare occurence
              overall.

              * When the ua string is faked the standard is not followed properly.


              [color=blue]
              > The point is also that browser detection shouldn't be necessary.[/color]

              Yes, and also pain and poverty in this world.

              [color=blue]
              >
              > But it isn't. Browsers should support standards, but the most widely
              > used browser doesn't understand proper CSS 2 and doesn't follow the W3C
              > DOM specifications.[/color]

              So, you are a proponent of non-compliance with the standards then?
              [color=blue]
              >[color=green]
              > > On the other hand perhaps your faith that object/property testing
              > > will remain a good way to test is overly inflated.[/color]
              >
              > Care to explain why?[/color]

              I did explain at the very end of my previous message but you seem to have
              skipped that part.
              Let us know when you read it. Dying to hear your comments! :)
              [color=blue]
              >[color=green]
              > > You are not supposed to fake user agent strings. Period.[/color]
              >
              > You are not supposed to restrict access to a page based on the
              > browser. That is counter to the very basic concept of the web.
              > But they do, and browsers adapt.[/color]

              Can you please quote an official standard that says that?
              In my house I don't let in people who have stepped on dirt.
              A site is somebody's house of sorts.

              [color=blue]
              >
              > It is sad that faking your user agent string is necessary, but
              > blame the page authors, not the browser vendors or users. They
              > started it.[/color]

              Ah, that reminds me of the days I was playing Hide n Seek.
              Those were the days!

              [color=blue]
              >[color=green]
              > > This feature has only become available in various browsers and only
              > > because it is very easily implementable.[/color]
              >
              > And not because there was a need?
              > Do you really mean that?[/color]

              Sure there is a need. There is also a need behind cracking.

              [color=blue]
              >[color=green]
              > > * Should every browser preferably have a distinctive user agent string[/color][/color]
              or[color=blue][color=green]
              > > not? Don't read the RFC just use your common sense.[/color]
              >
              > They should.
              > Do they? No.
              > Your code is meant to solve a real life problem: That browsers are[/color]
              different.[color=blue]
              > In an ideal world, your program is not necessary.
              > In the real world, it should consider the real life problem that the user
              > agent string can not be trusted in all cases.[/color]

              yes, but it works at a very high percentage of cases. No?
              Isn't percentage of success the measure in Internet related systems?
              Why would this be perfect? (although I certainly would like it to be).
              As for the "real world" read the end of this message (don't skip it this
              time)

              [color=blue]
              > I do know that your program would have problems with detecting Netscape[/color]
              4,[color=blue]
              > since it identifies itself as Mozilla/4 , and so does IE.[/color]

              Sure. There are cases that this script will not work properly. The addition
              of some feature based detection logic for discriminating between certain
              browsers would help it. Maybe version 2. The raison d'etre of this script is
              browser discrimination and the easy and quite efficient way to do that (with
              a very high percentage of success) is the ua string. As for the reason for
              discrimination I have briefly explained it above and will explain it more
              below.

              About the need to disciminate browsers
              ----------------------------------------

              * This is a real need as long as various browsers do even one thing
              differently. This thing does not necessarily have to do with how scripts
              execute. It may have to do with how things render, what is supported and
              what not and even various bugs.

              * In this quest there are no perfect solutions but there are good solutions
              and there are solutions that can become even better.

              * It is better to deny services to a particular browser (and suggest a free
              alternative instead) than have your site misrender embarrassingly on various
              untested browsers.
              I state again that the misrendering does not need to be related to
              javascript issues.

              * Most commercial sites currently have similar detection logic for either
              excluding browsers or varying their services depending on the browser.

              * I can see how circumscribing one's Internet experience to things that
              revolve around a single technology (or a couple) can create confusion and
              questions that tend to be metaphysical in nature.

              F.



              Comment

              • Richard Cornford

                #22
                Re: User Agent Detection Logic

                "Fotios" <f_bass@yahoo.c om> wrote in message
                news:3f6fb4b5$0 $214$bed64819@n ews.gradwell.ne t...[color=blue][color=green]
                >>You could try to explain why you "do not need to
                >>read the FAQ".[/color][/color]
                [color=blue]
                >Sure. For the same reason I do not need to read the
                >bible in order to be a good Christian.[/color]

                Judging by your posts to microsoft.publi c.scripting.jsc ript under this
                subject you are not a good Christian so perhaps you should RTFM.
                [color=blue]
                >I suppose one can find many similar ways to explain
                >what you asked.[/color]

                And they could all be equally misguided.
                [color=blue]
                >I'll tell you the truth tho. I have read the FAQ about
                >2 years back. Since then so much has happened that I do
                >not even remember what was in there and what not.[/color]

                So you read the explanation of the futility of browser detecting and the
                recommendations of better alternatives and then went and spent the
                intervening years writing scripts based on browser detecting?

                <snip>[color=blue][color=green][color=darkred]
                >>>Isn't it still a fact that most script that goes
                >>>around is not cross-browser?[/color]
                >>
                >>Yes, it is also a fact that some scripts do not even
                >>manage to be multi-browser (which is all that your scripting
                >>actually aspires to be, judging by your other posts in this
                >>thread).[/color][/color]
                [color=blue]
                >Well, the scripts that I have posted are certainly
                >multi-browser so what you say here is obviously wrong.[/color]

                You have suffered a deficit in English comprehension.

                <snip>[color=blue][color=green][color=darkred]
                >>>I have also heard that no scripter really knows what
                >>>he/she is doing. What do you think about that?[/color]
                >>
                >>If you did hear that it will have been from the lips of
                >>someone who did not know what they were doing and was
                >>looking to justify their unwillingness to find out.[/color]
                >
                >You sound hurt.[/color]

                You think? I can see not reason for assuming that I would have any
                emotional response to a hearsay report of an assertion by third party
                who cannot be qualified to judge the validity of their own statement.
                [color=blue]
                >Why don't you tell us what else you do well except scripting[/color]

                That would be irrelevant to a discussion of browser scripting and OP for
                this newsgroup.
                [color=blue]
                >(if we assume that you even do that well).[/color]

                Why make assumptions when you have access to information.
                [color=blue]
                >Maybe you can prove that you don't have any ego-related
                >reason in making this claim.[/color]

                I can prove that as easily as you can prove that you heard the assertion
                in the first place.

                <snip>[color=blue]
                >Have you ever wondered why the user agent string is there at all?
                >Why was it introduced and kept in countless versions and builds?[/color]

                I haven’t had to wonder for as long as I have known. But before I knew I
                don’t recall caring.
                [color=blue]
                > I quote from RFC 2616:
                > ----
                > 14.43 User-Agent
                >
                > The User-Agent request-header field contains information about the
                > user agent originating the request. This is for statistical purposes,
                > the tracing of protocol violations, and automated recognition of user
                > agents for the sake of tailoring responses to avoid particular user
                > agent limitations. User agents SHOULD include this field with
                > requests. The field can contain multiple product tokens (section 3.8)
                > and comments identifying the agent and any subproducts which form a
                > significant part of the user agent. By convention, the product tokens
                > are listed in order of their significance for identifying the
                > application.
                >
                > User-Agent = "User-Agent" ":" 1*( product | comment )
                >
                > Example:
                >
                > User-Agent: CERN-LineMode/2.15 libwww/2.17b3
                > ----
                >
                >After all the computer world only revolves because there are
                >standards that are followed by majorities.[/color]

                RFC 2616 is the HTTP 1.1 standard. Can you point me to a standard that
                says that the string used in the user agent header in HTTP 1.1 should be
                made available to client-side scripting? No . . . perhaps some caution
                should be exercised before citing standards as a justification for
                client side browser detecting based on that string.

                But standard hang heavily upon the words MUST (compulsory), SHOULD
                (probably should be treated as compulsory) and MAY (clearly optional
                (but possibly recommended)).

                In the User Agent specification we find a SHOULD:-

                <quote>
                User agents SHOULD include this field with requests.
                </quote>

                And our browsers are complying by sending that header (100% to the
                specification). As to the contents of that header we read:-

                <quote>
                The field can contain multiple product tokens (section 3.8) and comments
                identifying the agent and any subproducts which form a significant part
                of the user agent. By convention, ...
                </quote>

                - and the operative word is CAN, not MUST, not SHOULD, not even MAY but
                CAN. Clearly the specification leaves the contents of the string up to
                the implementer. That is not surprising because this was 1999 and IE was
                already spoofing Netscape 4’s UA string so placing any strong
                requirements on the content of the string would have been closing the
                stable door after the horse has bolted.

                So if a browser sends any user agent header it is conforming to the
                letter of RFC 2616. The only way in which it can be considered as not
                conforming to the standard that you cited is that it may not follow the
                spirit of the standard. However, RFC 2616 starts:-

                <quote>
                The User-Agent request-header field contains information about the user
                agent originating the request.
                </quote>

                -and our browser's User Agent headers are sending information about
                themselves. It may not be very useful information, asserting little more
                than that they consider themselves to be user agents, but that is still
                information.

                RFC 2616 then goes on:-

                <quote>
                This is for statistical purposes,
                </quote>

                Which is fine as the information can be used for statistical purposes.
                You can use it to count the number of requests from software that
                asserts its user agentness.

                The spirit of:-

                <quote>
                the tracing of protocol violations,
                </quote>

                - can be conformed with by not making protocol violations (so there is
                no need to trace them).

                And it was the abuse of:-

                <quote>
                and automated recognition of user agents for the sake of tailoring
                responses to avoid particular user agent limitations.
                <quote>

                - by not using the UA information to _avoid_ particular user agent
                limitation, but rather to avoid dealing with those limitations by
                blocking unrecognised and unwanted user agents, that caused the User
                Agent string to become close to meaningless in the first place. But if
                the browser manufacturers do not believe their browser to suffer from
                limitations then there is no reason for them to need a response tailored
                any differently to Some other browser’s.

                But in all of this I do not see it stated that the User Agent header
                MUST (even SHOULD) contain a discriminating identifier of the user agent
                software. The closest RFC 2616 comes to that is to suggest that such an
                identifier is an option.
                [color=blue][color=green]
                >>The status of things is that the navigator.userA gent string is
                >>no longer a discriminating identifier of web browsers and, if
                >>it ever was, it never will be again.[/color]
                >
                > The point is that it should be.[/color]

                Says who? Apparently not RFC 2616.
                [color=blue]
                >On the other hand perhaps your faith that object/property
                >testing will remain a good way to test is overly inflated.[/color]

                If it was a personal belief, unsupported by facts, at odds with expert
                opinion and contrary to logic then I might question it. Fortunately that
                is not the case.
                [color=blue][color=green]
                >>Web browsers are user configurable software. ...[/color][/color]
                <snip>[color=blue]
                >You are not supposed to fake user agent strings. Period.[/color]

                Again, says who?
                [color=blue]
                >This feature has only become available in various browsers
                >and only because it is very easily implementable.[/color]

                Ease of implementation is far from the reason (let alone the only
                reason) that this has become available. It has happened because browser
                detection based on user agent strings (even if all browsers did use a
                discriminating string) requires so much data to implement effectively
                that it never has been, and the consequences were that unrecognised
                browsers were excluded from sites for no better reason than that they
                could be discriminated from recognised browsers. And so the
                manufacturers of the unrecognised browsers became motivated to make
                their browsers indistinguishab le from the recognised browsers so that
                the misguided script authors had no way of excluding them.

                It is browser detecting as a practice that is the problem. It doesn’t
                matter how it is done, whatever method is used will result in that
                method becoming ineffective. It is just the case that userAgent string
                based browser detecting became ineffective long ago and the smart
                scripters moved on to something better.
                [color=blue][color=green]
                >>Of course your "browser detecting" followed by the assumption
                >>that everything is then going to be the way that you are
                >>expecting it is going to fall down with many non-default
                >>configuration s even on IE.[/color]
                >
                >What percentage do you think? I say it works 99%.[/color]

                Given that browser usage statistics are notoriously based on a faulty
                premise and that a browser that sends a user agent string that is
                indistinguishab le from IE’s will be reported as IE making it impossible
                to even guesstimate their usage I think that the question is futile. But
                common reported statistics for browsers with JavaScript unavailable or
                disabled seem to be in the 8-12% range so no script could "work" more
                than 88-92% (if you define work as successfully execute). Disabling
                JavaScript is just one of the many ways in which browsers can deviate
                form their default settings (though some default to having JavaScript
                disabled in the first place so enabling it is non-default), I would
                imagine that almost everyone plays with their settings at some point
                (even if they just screw something up and end up having to re-set the
                defaults in the end).

                <snip>[color=blue][color=green]
                >>(assuming of course that these browsers that are
                >>indistinguish able from IE are actually minority
                >>browsers. It is impossible to tell if they always
                >>appear in the browser statistics as IE).[/color]
                >
                >Heh, sorry but this reminds me of comical Ali.[/color]

                You see a flaw in the logic?
                [color=blue][color=green][color=darkred]
                >>>1. Detecting a browser type is not necessarily for scripting
                >>>purposes. For instance, you may not like the way something
                >>>renders in gecko.[/color]
                >>
                >>Rendering is presentation, so CSS. Use CSS solutions for
                >>CSS problems, ...[/color]
                >
                >Yeah but CSS does not always work the way one wants and the
                >detection is done in JS not CSS.[/color]

                Go and ask in comp.infosystem s.www.authoring.stylesheets and they will
                tell you how to use CSS to fix rendering glitches in browsers. They will
                also tell you (every last one of them) that you do not _ever_ use
                JavaScript to fix CSS problems.
                [color=blue][color=green]
                >>You are still thinking in terms of browser detecting. Feature
                >>detecting is an integral part of scripting; there is no
                >>distinct "detector" at all.[/color]
                >
                >wow, that is tew kewl (and deep).[/color]

                There is nothing like a well reasoned argument.
                [color=blue]
                >A few points to keep you busy:
                >
                >* Should every browser preferably have a distinctive user agent
                >string or not? Don't read the RFC just use your common sense.[/color]

                The RFC doesn’t say that they have to (only that they send the UA
                header), and I can see not reason why they should as there is no need to
                be interested in specific browser types anyway. I also can’t see any
                reason for the UA string to be exposed to client side scripting for much
                the same reason.
                [color=blue]
                >* You are trying to make a rule out of the exception (exception
                >being the faked strings)[/color]

                I am trying to demonstrate that the proposition that it is possible to
                use the navigator.userA gent string to uniquely identify web browsers is
                false.

                It is in the nature of logic that a billion instances of circumstances
                corresponding with a proposition do not prove that proposition to be
                true, yet just one instance (properly verified) of circumstances failing
                to correspond with the proposition do _prove_ it to be false. And we do
                not have just one instance where browser detection by userAgent string
                will fail to identify a browser (or will misidentify it) we have many.

                The proposition that it is possible to use the navigator.userA gent
                string to uniquely identify web browsers _is_ false.
                [color=blue]
                > * I can write a user agent that fakes the existence of certain
                >JS objects but provides others while for the faked ones has
                >Shakespeare quotes as the return value of various methods. I
                >could name this product Fudgilla (create say 10 variants of it
                >under different names like Geekzilla), make it freely available
                >to the geek crowds and then argue that because these products
                >exist the feature detection method is no good anymore for deciding
                >what kind of browser we got.[/color]
                <snip>

                That would be your prerogative and feature detecting can cope with that.
                It is exactly the sort of situation that it is expected to cope with
                anyway. On discovering that your browser does not support the required
                features it would cleanly degrade as designed. Your approach, on the
                other hand, only offers the options of refusing the browser access (and
                encouraging another round of UA string faking) or erroring until it made
                a very ungraceful exit.

                On the other hand, is it likely that a new browser would be introduced
                that deliberately re-defined the DOM to the extent that you describe?
                Reality seems to be moving towards standardising around the various W3C
                DOM specifications rather than diverging from the existing browser DOM’
                s. While we have already discussed why browser manufactures are well
                motivated to fake userAgent strings and offer their users a selection of
                easy alternative options.

                Your scenario, if taken to an extreme, may eventually negatively impact
                on feature detecting as a technique. (Though scripts that used the
                technique would stand up longer and better than scripts that used your
                browser detecting approach.) But it is an unlikely scenario.

                My scenario, of browsers offering users choices of userAgent strings
                that are indistinguishab le from those of other common (usually IE)
                browsers (or just using those strings by default) is already a
                demonstrated reality.

                Richard.


                Comment

                • HikksNotAtHome

                  #23
                  Re: User Agent Detection Logic

                  In article <bkqtmi$n4a$1@h ercules.btinter net.com>, "Richard Cornford"
                  <richard@litote s.demon.co.uk> writes:
                  [color=blue][color=green]
                  >>Sure. For the same reason I do not need to read the
                  >>bible in order to be a good Christian.[/color]
                  >
                  >Judging by your posts to microsoft.publi c.scripting.jsc ript under this
                  >subject you are not a good Christian so perhaps you should RTFM.[/color]

                  His last post being the one to me that convinced me he was under the false
                  impression he possesses some intelligence.

                  My hats off to you Richard, you have argued your point (successfully) with the
                  moron way longer than I ever would have.
                  --
                  Randy

                  Comment

                  • Fotios

                    #24
                    Re: User Agent Detection Logic

                    Hey Randy, does you momma know you still up?
                    [color=blue]
                    >
                    > His last post being the one to me that convinced me he was under the false
                    > impression he possesses some intelligence.[/color]

                    Randy, tell us (please?) what is wrong with this: "...being the one to me
                    that convinced me...".
                    You don't even listen to your teacher you naughty boy you.
                    [color=blue]
                    >
                    > My hats off to you Richard, you have argued your point (successfully) with[/color]
                    the[color=blue]
                    > moron way longer than I ever would have.[/color]

                    Hey Randy, how many hats do you wear at once? Itz kewl. I did it too (when I
                    was 14)

                    F.


                    Comment

                    • HikksNotAtHome

                      #25
                      Re: User Agent Detection Logic

                      In article <3f71125b$0$213 $bed64819@news. gradwell.net>, "Fotios"
                      <f_bass@yahoo.c om> writes:
                      [color=blue][color=green]
                      >>
                      >> His last post being the one to me that convinced me he was under the false
                      >> impression he possesses some intelligence.[/color]
                      >
                      >Randy, tell us (please?) what is wrong with this: "...being the one to me
                      >that convinced me...".
                      >You don't even listen to your teacher you naughty boy you.
                      >[/color]

                      Let me explain it in a way that you might understand it. The last post you made
                      in the microsoft.publi c.script.jscrip t group with regards to this assinine
                      belief of yours is the post that convinced me that you are under the false
                      impression that you possess some intelligence.

                      But, if browser detection is the way to go, as you claim, could you _please_
                      show me how to do this simpler? Using Browser Detection:

                      if (document.image s){
                      //lets work with images
                      }

                      Your move stupid.
                      --
                      Randy

                      Comment

                      • Lasse Reichstein Nielsen

                        #26
                        Re: User Agent Detection Logic

                        hikksnotathome@ aol.com (HikksNotAtHome ) writes:
                        [color=blue]
                        > But, if browser detection is the way to go, as you claim, could you _please_
                        > show me how to do this simpler? Using Browser Detection:
                        >
                        > if (document.image s){
                        > //lets work with images
                        > }[/color]

                        I would say "let's work with document.images ". I often see people writing
                        if (document.image s) {
                        var img1 = new Image();
                        img1.src = "foo.png";
                        ...
                        }

                        Statistically, it appears that there is a strong correlation between
                        document.images and window.Image (both introduced in Netscape 3 and
                        both exists in all later browsers), but it is not object detection.

                        /L
                        --
                        Lasse Reichstein Nielsen - lrn@hotpop.com
                        Art D'HTML: <URL:http://www.infimum.dk/HTML/randomArtSplit. html>
                        'Faith without judgement merely degrades the spirit divine.'

                        Comment

                        • HikksNotAtHome

                          #27
                          Re: User Agent Detection Logic

                          In article <pthqn87a.fsf@h otpop.com>, Lasse Reichstein Nielsen <lrn@hotpop.com >
                          writes:
                          [color=blue]
                          >I would say "let's work with document.images ". I often see people writing
                          > if (document.image s) {
                          > var img1 = new Image();
                          > img1.src = "foo.png";
                          > ...
                          > }
                          >
                          >Statisticall y, it appears that there is a strong correlation between
                          >document.image s and window.Image (both introduced in Netscape 3 and
                          >both exists in all later browsers), but it is not object detection.[/color]

                          Its not browser detection either though. But another example can be:

                          if (document.getEl ementById){
                          //lets use document.getEle mentById
                          }

                          Not wanting to get into the testing argument again, but neither of these is
                          browser detection, nor do I need to know the browser. Its irrelevant, no?
                          --
                          Randy

                          Comment

                          • Lasse Reichstein Nielsen

                            #28
                            Re: User Agent Detection Logic

                            hikksnotathome@ aol.com (HikksNotAtHome ) writes:
                            [color=blue]
                            > In article <pthqn87a.fsf@h otpop.com>, Lasse Reichstein Nielsen <lrn@hotpop.com >
                            > writes:[color=green]
                            > >Statisticall y, it appears that there is a strong correlation between
                            > >document.image s and window.Image (both introduced in Netscape 3 and
                            > >both exists in all later browsers), but it is not object detection.[/color]
                            >
                            > Its not browser detection either though.[/color]

                            No, it is ... "object inferenece"? It is similar to testing for
                            document.all and assuming the browser works like IE, only with a much
                            higher positive rate :)
                            [color=blue]
                            > But another example can be:
                            >
                            > if (document.getEl ementById){
                            > //lets use document.getEle mentById
                            > }[/color]

                            Yes, that is a good one. Your example could very well be one too, if
                            you only used document.images in the body of the test. I was just
                            griping about having seen a lot of "if (document.image s) {new Image...}"
                            recently.
                            [color=blue]
                            > Not wanting to get into the testing argument again, but neither of these is
                            > browser detection, nor do I need to know the browser. Its irrelevant, no?[/color]

                            Absolutely. I advocate object detection too, but all object detection will
                            eventually assume something about the detected objects. Finding a property
                            called "getElementById ", or even a function by that name, doesn't tell us
                            what it does. We have to assume that the browser manufacturer isn't being
                            stupid or deliberatly malicious. But I prefer trusting the behavior of a
                            feature to trusting its existence.

                            /L
                            --
                            Lasse Reichstein Nielsen - lrn@hotpop.com
                            Art D'HTML: <URL:http://www.infimum.dk/HTML/randomArtSplit. html>
                            'Faith without judgement merely degrades the spirit divine.'

                            Comment

                            • Fotios

                              #29
                              Re: User Agent Detection Logic

                              [color=blue]
                              >
                              > Haven't you yet learned the futility of trying to have a debate with the
                              > mentally challenged? :p
                              > Don't have a battle of wits with an unarmed opponent. It isn't nice.
                              >
                              > Or are you just playing with him because you're bored? *LOL*[/color]

                              heehee! Kaeli, you are such a cutie! *LOL* ooooxxxx

                              New agey love,
                              F.
                              --




                              Comment

                              • Fotios

                                #30
                                Re: User Agent Detection Logic

                                Richard,

                                I have read your lengthy reply. Many thanks.

                                I don't believe that continuing this thread has anything more to offer to
                                the group or us.

                                It is obvious we disagree but I sure can live with that.

                                My views on the subject have basically been expressed to a good extend in my
                                last two lengthy posts.

                                I want to believe that everybody's (whether reader or poster) grasp of the
                                involved issues has been either improved or refreshed.

                                At the very least, we got the fairly new idea of deceiving objects to show
                                for.
                                Who knows? Maybe Fudgilla will become a reality at some point just to show
                                that there are no certainties except temporary ones.
                                I promise you; it will not be me who puts it together :)

                                Best regards,
                                Fotios
                                --


                                "Richard Cornford" <richard@litote s.demon.co.uk> wrote in message
                                news:bkqtmi$n4a $1@hercules.bti nternet.com...[color=blue]
                                > "Fotios" <f_bass@yahoo.c om> wrote in message
                                > news:3f6fb4b5$0 $214$bed64819@n ews.gradwell.ne t...[color=green][color=darkred]
                                > >>You could try to explain why you "do not need to
                                > >>read the FAQ".[/color][/color]
                                >[color=green]
                                > >Sure. For the same reason I do not need to read the
                                > >bible in order to be a good Christian.[/color]
                                >
                                > Judging by your posts to microsoft.publi c.scripting.jsc ript under this
                                > subject you are not a good Christian so perhaps you should RTFM.[/color]

                                ....
                                <snip>


                                Comment

                                Working...