On a more serious note, though

Post #273,913 by ubernostrum 11/26/06 2:45:09 AM 11/26/06 2:56:22 AM Reply	On a more serious note, though User-agent sniffing is just asking for problems. There's a reason why pretty much every notable person in the JavaScript world gave up on it a long time ago. \r\n\r\n Another real-world example: suppose that you decide to use UA sniffing to determine whether you use the pre-iE7 ActiveX implementation of `XMLHttpRequest` or a native browser class (though IE7's `XMLHTTPRequest` isn't exactly "native", even though it behaves that way. Sort of.). So what do you do? If you look for "MSIE" in the UA string, you're likely to start throwing errors in Opera because it has a nasty habit of sending an IE UA string. Similarly, plenty of users of Mozilla-based browsers intentionally set their UA string to IE's to get around stupid browser-sniffing tricks. \r\n\r\n The result is that any AJAX stuff you were doing stops working for a not-insignificant number of people who might otherwise have been paying customers. User-agent sniffing has been dead since 1995, when IE started including "Mozilla" in its UA string, and has only gotten deader since -- Safari, for example, includes "Gecko" in its UA string. \r\n\r\n Which leaves you with, well, object detection. Want to know how to do `XMLHttpRequest`? Ask the browser whether it has a native object for that; if not, ask if it has an ActieX implemention. If the browser fails both those tests, it can't do `XMLHttpRequest` and you either need to fall back to other tricks (like iframes) or give up and force full-pagse reloads on the user. And in the long run, this is simpler than maintaining a massive list of compatible UA strings, and more effective -- when a new browser comes out, you don't have to update all your JavaScript. \r\n\r\n Or does "the world's largest retailer" not care about missed sales due to easily-corrected coding mistakes? --\r\nYou cooin' with my bird? Edited by ubernostrum Nov. 26, 2006, 02:56:22 AM EST Expand All History
Post #273,919 by static 11/26/06 5:31:39 AM Reply	I think Todd's made his argument poorly. Object detection gets you perhaps 96% of the way. Unfortunately, that's not close enough for where Todd used to work. Some odd behaviours are not detectable by object detection; but since they correspond to particular broswer versions, they are reliably detectable (very much most of the time) by some very specific tests in specific orders, some of which are user-agent tests. It's ugly, but it's necessary because there's no other way to know which rendering bugs you have to workaround. (I'd refer you to www.quirksmode.org, but it's not as pleasant to rummage in as it used to be.) Wade. "Don't give up!"
Post #273,932 by tuberculosis 11/26/06 1:22:36 PM Reply	The sniffing happens on the server and has little to do with javascript. There are often features developed with only a couple browsers in mind - only those browsers get those features. Largely because they are experimental features to test a hypothesis and there isn't time for extensive testing. If the feature tests well, more work goes into adding browser support. The other, as I mentioned, is bug mitigation. Every browser string has something unique in it that can be used to concretely identifiy the browser unless it is spoofing. We look for that when determining browser support. The javascript code itself uses feature detection mostly. The set of browsers used for development is the 99% I mentioned. We found that, when attempting to implement something, it can take some effort to find a technique that works on all of the browsers. For instance, you can't hide a component in Safari by just setting display=none. Instead you have to set its size to zero. If we didn't develop using Safari, we wouldn't find the magic technique that worked around this quirk and we wouldn't have any confidence that our app worked in Safari at all. So on the server, we'd exclude Safari from the set that might get this treatment - unless there was time to test it. We didn't include opera in the mix during development and when we tried our app on it, it looked awful. Lacking resources and financial justification to do the work, we didn't include opera in our browser tests and gave them the web 1.0 experience. Does that make it clearer? If we didn't test it, it doesn't get the cutting edge treatment, it gets the old safe one. The test isn't looking for mozilla in the string, it is looking at the whole string and finding the unique bit that only that browser sends. Spoofers have no right to complain and none of them ever have to my knowledge. [link\|http://www.blackbagops.net\|Black Bag Operations Log] [link\|http://www.objectiveclips.com\|Artificial Intelligence] [link\|http://www.badpage.info/seaside/html\|Scrutinizer]
Post #273,946 by ubernostrum 11/26/06 4:24:50 PM Reply	Re: The sniffing happens on the server If we didn't test it, it doesn't get the cutting edge treatment, it gets the old safe one. The test isn't looking for mozilla in the string, it is looking at the whole string and finding the unique bit that only that browser sends. Spoofers have no right to complain and none of them ever have to my knowledge. \r\n\r\n Except that's still somewhat backwards. There are lots of browsers out there that aren't Firefox, but will render pages identically because they're using Gecko. You don't need to test against all of them to know they work. Similarly, there are lots of browsers out there embedding WebKit/KHTML which will render identically to Safari, but you don't need to test against all of them to know they work. \r\n\r\n Yahoo has an interesting methodology for this which I think is about the least offensive use of browser sniffing I've seen; they study each release of a major browser (IE, Firefox, Safari, Opera) and assign it a "grade" depending on its support for advanced stuff. Then their scripts, instead of being marked "this is only for Internet Explorer 6" or "this is only for Safari 2", can be marked "this is only for Grade A browsers" or "this is only for Grade C". \r\n\r\n The important thing, though, is that they have a class called "Grade X". Browsers which have been thoroughly tested and proven to support advanced features are Grade A, and browsers which have been tested and proven not to support advanced features are Grade C. Everything else is Grade X, and Grade X browsers are assumed to have the same or more advanced capabilities than Grade A -- generally, they assume that an unknown UA string represents a new version or a major browser, or a new browser embedding a major rendering engine. Thus, instead of a whitelist of "known good" browsers, they have a blacklist of "known bad" and assume that anything else can handle advanced features. This is much more likely to be correct than the techniques used at, say, Google where I've got some pretty advanced browsers that they won't serve GMail to. \r\n\r\n And of course, their JS libraries use object detection all over the place, so that system seems to come into play only rarely. --\r\nYou cooin' with my bird?
Post #273,951 by tuberculosis 11/26/06 4:54:32 PM Reply	Re: The sniffing happens on the server The important thing, though, is that they have a class called "Grade X". Browsers which have been thoroughly tested and proven to support advanced features are Grade A, and browsers which have been tested and proven not to support advanced features are Grade C. Everything else is Grade X, and Grade X browsers are assumed to have the same or more advanced capabilities than Grade A -- generally, they assume that an unknown UA string represents a new version or a major browser, or a new browser embedding a major rendering engine. Thus, instead of a whitelist of "known good" browsers, they have a blacklist of "known bad" and assume that anything else can handle advanced features. Except that strategy has the known drawback of producing lower revenues and higher trouble ticket counts. So I guess it depends on your goals. When yahoo's users get browser errors - it doesn't cost them money directly. You can't correlate browser errors with lost revenues directly like you can on an eCommerce site. So while I agree with you in principle, reality has reared its ugly head in some instances and pragmatics won out. [link\|http://www.blackbagops.net\|Black Bag Operations Log] [link\|http://www.objectiveclips.com\|Artificial Intelligence] [link\|http://www.badpage.info/seaside/html\|Scrutinizer]
Post #273,956 by ubernostrum 11/26/06 5:04:19 PM 11/26/06 5:05:47 PM Reply	Re: The sniffing happens on the server Except that strategy has the known drawback of producing lower revenues and higher trouble ticket counts. So I guess it depends on your goals. \r\n\r\n Depends on how careful you are producing your "known bad" list, and heavily depends on the user. If, for example, Amazon ever "degraded" the page they send me because I'm using a new-ish Gecko or WebKit browser that isn't in the approved UA list, you can bet that'd be a lost sale for Amazon. \r\n\r\n The existence of good, open-source rendering engines has basically turned this whole thing on its head; years ago it was better to assume that a new browser was deficient. But today, on average, it's better to assume that a new browser is embedding someone else's engine and is thus as capable as the well-known browsers. \r\n\r\n (all of this, of course, ignores larger issues like progressive enhancement and graceful degradation, which are just as important and make UA sniffing even more irrelevant) --\r\nYou cooin' with my bird? Edited by ubernostrum Nov. 26, 2006, 05:05:33 PM EST Edited by ubernostrum Nov. 26, 2006, 05:05:47 PM EST Expand All History

Welcome to IWETHEY!