browser.js update: eBay, Sun webmail, Salesforce
Wednesday, 12. August 2009, 22:36:44
A new browser.js file is out, and like last time I'll post a changeblog with some background information. (I might spin these posts off to a separate blog at some point but for now it's here.)
First, some headlines:
Opera 10 aligns the policy for setting document.domain with the other browsers, and require both pages to set document.domain before allowing communication. (In other words, if www.example.com wants to talk to example.com both of them must set document.domain to 'example.com'. In the old implementation, only the content from www.example.com would have to do so).
Normally, aligning with the other browsers shouldn't cause problems - but unfortunately, I've noticed that certain sites use browser sniffing before setting document.domain! I have no idea why.
For example, Facebook uses this oddity to avoid setting document.domain in certain older Firefox versions:
I wish I knew why it's such a bad idea to set document.domain in Firefox-versions released before May 8, 2006..
Similarly, a webmail suite from Sun which is used by big universities and such contains this sniffing:
and they run right into the new security policy when the sniffing means they avoid setting document.domain and all sorts of things break.
To solve this, each time we're about to run a script named setdomain.js or load a file named sample_lr.html - on any website - Opera will first append "Gecko" to its navigator.userAgent string. Oh, the weird and whacky things you need to do for compatibility.
eBay.fr uses the SELECT.remove() method, but with element nodes instead of numbers as arguments. Their spec violation, our problem. This will be fixed in core, to allow using remove() for OPTION nodes like other browsers do - meanwhile, browser.js will sort it out for eBay.
Do I have any readers in South Carolina? Thanks to fearphage's neat emulation of IE's bugfeature which lets you find a named form element with document.getElementById(), you can now use Blue Cross Doctor and Hospital Finder even though it relies on IE's violations against the DOM standard. The patch has been waiting while we were trying to get through to someone at Blue Cross Blue Shield who might be able to fix it, time is up - and big thanks to fearphage!
Now maps.live is Bing Maps. No point in applying patches for the old hostname anymore.
A report wizard inside Salesforce.com fails in Opera because of our support for the data attribute from WebForms2.
When they do
"data" doesn't refer to the global variable data but to the data property on the SELECT object due to the scope of the event handler.
This attribute has since been removed from HTML5 so Opera will drop it at some point. Meanwhile, another stopgap site patch makes Salesforce work.
The 9sky.com fix in the previous edition was also about a problem caused by HTML5. Standards development and experimental implementations is obviously a major compatibility risk. If we want to improve the web's underlying technologies there isn't any other way forward, though.
First, some headlines:
- Sun System Messenger Express webmail fix.
- eBay.fr will no longer hang
- Finding a doctor in South Carolina becomes easier, thanks to fearphage
- Removed patch for maps.live.com - reborn at Bing maps
- Conflict between Salesforce and WebForms2
Sun System Messenger Express webmail fix.
Opera 10 aligns the policy for setting document.domain with the other browsers, and require both pages to set document.domain before allowing communication. (In other words, if www.example.com wants to talk to example.com both of them must set document.domain to 'example.com'. In the old implementation, only the content from www.example.com would have to do so).
Normally, aligning with the other browsers shouldn't cause problems - but unfortunately, I've noticed that certain sites use browser sniffing before setting document.domain! I have no idea why.
For example, Facebook uses this oddity to avoid setting document.domain in certain older Firefox versions:
if (navigator && navigator.userAgent && document.domain.toLowerCase().match(/(^|\.)facebook\..*/) && !(parseInt((/Gecko\/([0-9]+)/.exec(navigator.userAgent) || []).pop(), 10) <= 20060508)) { document.domain = window.location.hostname.replace(/^.*(facebook\..*)$/i, '$1'); }
I wish I knew why it's such a bad idea to set document.domain in Firefox-versions released before May 8, 2006..
Similarly, a webmail suite from Sun which is used by big universities and such contains this sniffing:
var agt=navigator.userAgent.toLowerCase();
var is_nav = ((agt.indexOf('mozilla')!=-1) && (agt.indexOf('spoofer')==-1)
&& (agt.indexOf('compatible') == -1) && (agt.indexOf('opera')==-1)
&& (agt.indexOf('webtv')==-1) && (agt.indexOf('hotjava')==-1));
var is_gecko = (agt.indexOf('gecko') != -1);
if(is_nav || is_gecko) document.domain = document.domain
//document.domain = document.domain
and they run right into the new security policy when the sniffing means they avoid setting document.domain and all sorts of things break.
To solve this, each time we're about to run a script named setdomain.js or load a file named sample_lr.html - on any website - Opera will first append "Gecko" to its navigator.userAgent string. Oh, the weird and whacky things you need to do for compatibility.
eBay.fr will no longer hang
eBay.fr uses the SELECT.remove() method, but with element nodes instead of numbers as arguments. Their spec violation, our problem. This will be fixed in core, to allow using remove() for OPTION nodes like other browsers do - meanwhile, browser.js will sort it out for eBay.
Finding a doctor in South Carolina becomes easier
Do I have any readers in South Carolina? Thanks to fearphage's neat emulation of IE's bugfeature which lets you find a named form element with document.getElementById(), you can now use Blue Cross Doctor and Hospital Finder even though it relies on IE's violations against the DOM standard. The patch has been waiting while we were trying to get through to someone at Blue Cross Blue Shield who might be able to fix it, time is up - and big thanks to fearphage!
Removed patch for maps.live.com
Now maps.live is Bing Maps. No point in applying patches for the old hostname anymore.
Conflict between Salesforce and WebForms2 / HTML5
A report wizard inside Salesforce.com fails in Opera because of our support for the data attribute from WebForms2.
When they do
<select id="typeSelector" name="type" onchange="fillSelectFromArray(document.report_select.rep, ((this.selectedIndex == -1) ? null : data[document.getElementById('typeSelector').selectedIndex]));" title="Report Type Category">
"data" doesn't refer to the global variable data but to the data property on the SELECT object due to the scope of the event handler.
This attribute has since been removed from HTML5 so Opera will drop it at some point. Meanwhile, another stopgap site patch makes Salesforce work.
The 9sky.com fix in the previous edition was also about a problem caused by HTML5. Standards development and experimental implementations is obviously a major compatibility risk. If we want to improve the web's underlying technologies there isn't any other way forward, though.
WIDGETIZE