Skip navigation.

exploreopera

| Help

Sign up | Help

Posts tagged with "braindead"

NOSCRIPT for nerds. Stuff that disappears.

,

So, this is what a random Slashdot page looks like in Opera. That peaceful, white space in the centre sure isn't in the spirit of /. - or what? And why is there some odd overlapping box in the top left navigation area?



Sure enough, some text is missing, as re-loading with JavaScript disabled will show. The disappearing content occurs right after an ad script (URL will not unlikely die soon. Ads aren't exactly Cool URIs, but we already knew that..). Read this closely:

document.write('<script src=\"http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rb&c=22&pli=319831&pi=0&w=336&h=280&ncu=$$http://ad.doubleclick.net/click%3Bh=v8/3682/3/0/%2a/b%3B155329471%3B0-0%3B3%3B13358361%3B255-0/0%3B24413359/24431212/1%3B%3B%7Esscs%3D%3f$$&ord=4781511\"><\/script>');document.write('\n<noscript>\n<a href=\"http://ad.doubleclick.net/click%3Bh=v8/3682/3/0/%2a/b%3B155329471%3B0-0%3B3%3B13358361%3B255-0/0%3B24413359/24431212/1%3B%3B%7Esscs%3D%3fhttp%3A//bs.serving-sys.com/BurstingPipe/BannerRedirect.asp%3FFlightID%3D319831%26Page%3D%26PluID%3D0%26Pos%3D4723\" target=\"_blank\"><img src=\"http://bs.serving-sys.com/BurstingPipe/BannerSource.asp?FlightID=319831&Page=&PluID=0&Pos=4723\" border=0 width=336 height=280></a>');


First time I saw an ad script do
document.write('<noscript><img src="..."></noscript>')
I laughed. Certainly a remarkably braindead way to include your fallback contents. But Slashdot's ads take it a step further: they use document.write to insert a NOSCRIPT tag but do not close it, hence hiding random amounts of content until the next NOSCRIPT close tag appears in the source! And it's not an Opera problem, it occurs randomly when you get the ads that come with the broken script, and happens in all browsers. In other words, Slashdot has finally proven that GUI browsers are unreliable and that everyone simply should telnet to port 80. Great news for nerds.

BestBuy, worst JS

,

Something tells me that BestBuy redesigned their home page last week and replaced the old OpenCube script with something more modern - looks exactly the same as the old menu but now it's a simple unordered list in the markup itself, hover effects provided by CSS. So far so good!

Looking around a bit, there is plenty of other code that could do with some modernising. Here's a snippet of the function handleEnterKeyPress (one of many enter-key related functions):
if(navigator.appName == "Netscape")
{
if(arguments.callee.caller.arguments[0].which == 13)

Wow, using arguments.callee.caller and the arguments property on function objects to look up the pressed key - would be more than a little cleaner to pass the event object to the function as an argument.. And the sniffing is ugly.

It seems somebody needs to learn about JavaScript's bracket syntax -
if (tabnumber==1)
{
document.tab1.src = imgServer + locale + "/images/global/misc/pdptabs/tab_prodspecs_over.gif";
}
if (tabnumber==2)
{
document.tab2.src = imgServer + locale + "/images/global/misc/pdptabs/tab_accessories_over.gif";
and the 5 other if clauses would be much nicer as document['tab'+tabnumber].src='...'.

Having good names for functions can be a good idea too:
/**
* test for https:
* return true for secure
* false for standard http
* jm 2006/10/24
*/

function getProtocol(){
var isSecure = (window.location.protocol == "https:") ? true: false;
return isSecure;
}
Source

They have one of those addEventListener/addEvent/set event handler directly kludges.. but with a twist:
/**
* takes function call 
* delays execution until full page load
* dwl 2006/09/28
*/
function addOnloadEvent(fnc){
  if ( typeof window.addEventListener != "undefined" )
    window.addEventListener( "load", fnc, false );
  else if ( typeof window.attachEvent != "undefined" ) {
    window.attachEvent( "onload", fnc );
  }
  else {
    if ( window.onload != null ) {
      var oldOnload = window.onload;
      window.onload = function ( e ) {
        oldOnload( e );
        window[fnc]();
      };
    }
    else
      window.onload = fnc;
  }
}


Is it just me, or is the window[fnc](); statement completely broken? The fnc argument to this function is supposedly a function object, not a string. So doing window[fnc] will decompile the function and look for window['function (){ ..code here.. }'] which is not likely to return anything. Somebody *still* needs to learn about JavaScript bracket notation (well, mr. dwl in this case).

Finally, looking at this scares me a bit:
function getSnum(){var WshShell=new ActiveXObject("WScript.Shell");var sName=WshShell.ExpandEnvironmentStrings("%LOCATIONNUM%");return sName;}

I don't know much ActiveX but it looks like they use it for in-store information kiosks. If you find an XSS issue in their kiosk site or can use DNS poisoning to serve some JS that shouldn't be running there it looks like you can take over the machines completely with shell scripting from your JS! Wow..

deviant mousedown

, , ,

Understanding other people's workarounds can be simply impossible. Take this example from the popular creative forum deviantART: if a member tries submitting a new entry from Opera, it will appear impossible to upload files because the "Choose" button does nothing when clicked. (Tabbing to it and pressing enter will work, but who'd think of that..)

The reason is buried deep inside this JS file:
if (window.browser && (browser.isGecko || browser.isOpera)) {
     uploadForm.onmousedown = function () { return false; }; // firefox only - screws up other browsers
}

So this "Firefox only" workaround against an unspecified problem I can't begin to understand is also applied to Opera - with the fatal result that we ignore any mouse clicks inside the upload form because the script cancels mousedown. I'm not sure who's deviating from what here..

(As an aside, code like this makes me pretty curious - what will show up in the site if I throw in a small user JS to set deviantART.pageData.i_am_super_privileged to true?
// most awesome hack ever
if (!path[1] && whoosh[0] == 'Fan Art' && deviantART.pageData && deviantART.pageData.i_am_super_privileged)
source)

it's Y! time again

,

Yep, it's Y!Mail time again. Warning: this might turn into a rant..

The Yahoo mail Beta blog informs us that they are rolling out a new update. Sure enough, the code has had a makeover and one of their bright new features is the following line (which I'll wrap for your reading pleasure):

if ( navigator.product != 'Gecko' ){
    document.styleSheets[0].cssText = cssContents;
} else {
    var cssTag = document.getElementById('css_place_holder');
    cssTag.innerHTML = cssContents;
}


Guess what? Opera isn't Gecko.
Guess what? Opera doesn't support CSSStyleSheet.cssText.
Guess what that adds up to? No CSS for you, Sir - the whole Y!Mail beta turns into an ugly, unstyled mess where no buttons or options are where they are meant to be. (Since this update is still being rolled out, you may not see it on your account yet but at least one of our test accounts gets the new code with this problem.)

If you'll excuse a bit of screaming..

I just hate this "there are only two browsers" mindset.

This sort of quick and lazy assumptions cause the worst compatibility problems across the web. And just look how incredibly simple it is to do it in a better way:

if ( typeof document.styleSheets[0].cssText != 'undefined' ){
    document.styleSheets[0].cssText = cssContents;
} else {
    var cssTag = document.getElementById('css_place_holder');
    cssTag.innerHTML = cssContents;
}


So what part of "avoid browser sniffing" do the Y!Mail developers not understand?

United Airlines waiting screen

,

Like most airlines, United Airlines lets you search for and book flights directly on the website. Like most flight booking services they show you a boring little animation while trying to find suitable tickets for you. If they had shown the code instead it might have been more amusing to those of us who read JavaScript. I've stored the current source as a text file, because it is a good read..

united.txt

Read it and see if you can make sense of those JavaScripts!

Once you've read it, check the full post for my highlights from the code..

Read more...

law, meet web..

, ,

The insanity of the teacher guilty in Norwich porn case news is beyond belief. One can make lots of obvious observations about the importance of browser security based on this enormous injustice. But let it also be a lesson to us that the law and the society in general still has a very shallow understanding of computers and the web.. The smallest details of browser UI (like when :visited styling is applied) can be misunderstood and have grave consequences. Is it possible to make a UI that can not be misunderstood even in the court room?

descriptive META prose

<title>FilePlanet Download System -</title>

<meta name="description" content="DESCRIPTION">
<meta name="keywords" lang="en" content="KEYWORDS, KEYWORDS">


My Comment: COMMENT.

practising and preaching

,

The Surfin' Safari blog writes:

We strongly recommend looking for the AppleWebKit string and its version number, *not* for Safari


Apple's Safari FAQ writes:

If you need to identify the exact browser and version of clients accessing your site, use the AppleWebKit/XX portion of the string.


And lib.js on apple.com says:

this.isSafari= (agent.indexOf('safari') != -1);


Makes you wish browser vendors had tried suing browser sniffer authors back in 1996, rather than adding elaborate workaround strings to their UserAgent information. Seriously, authors should try a lot harder to not use name sniffing.