473,721 Members | 1,805 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Browser Sniffing

I wasn't sure where to post this so I'm sorry if this is the wrong place.

But I would like to know what some of the differences are between
client-side and server-side browser sniffing. I'm aware the client-side
stops certain errors being transmitted so saves on bandwidth and server-side
my catch errors that are missed on the client-side.

Anything else would be great.

Thanks.
Jul 23 '05 #1
11 2186
James wrote:
I wasn't sure where to post this so I'm sorry if this is the wrong place.
You're at the right place, welcome on c.l.j:-)
But I would like to know what some of the differences are between
client-side and server-side browser sniffing. I'm aware the client-side
stops certain errors being transmitted so saves on bandwidth and server-side
my catch errors that are missed on the client-side.


You're mixing two things here:
- browser sniffing, which aims at determining which browser is in use,
in order to use the appropriate DOM in the script,
- form validation, which aims at validating inputs of a form prior to
processing the values.
[1] About form validation

Form validation is the process by which you validate that the inputs
submitted by the user are correct, in format and data. For instance,
this can include date validation, fields not empty, credit cards numbers
etc.

This form validation should be done client-side *and* server-side:
- client-side, because it indeed saves bandwidth and server processing,
but also gives an immediate feedback to the user about the errors he's done;
- server-side, because the user may have javascript disabled, or may
even trick your client-side check. Moreover, you can do some
data-related checks, checking if a value is in a list (for instance in a
SQL request).
[2] About browser sniffing

Browser sniffing is the process by which you try to determine which
browser the user is using, in order to use the appropriate DOM methods.

The basic idea behind browser sniffing is that there are a variety of
platforms existing, and that if we know the platform the user is using,
we know what DOM is available. While this thinking was reasonable in the
years where only IE/NN would exist, this doesn't apply anymore, with
more than 100 browsers being in use.

Server-side browser sniffing relies on the header sent by the browser to
response appropriate pages; the problem is that these headers may be
false, either because a user agent is spoofing them (afraid of being
excluded from the server's response) or because a proxy in-between is
spoofing them. This means that you cannot know for sure what browser is
in the end (all the more most headers spoofed would be IE's).

Client-side browser sniffing can be done in two ways: (1) user agent
string, subject to browser spoofing, and (2) object detection, studying
what objects are available to infer an existing DOM - but since lots of
browsers offer the same DOM, some of them even spoofing DOM
properties/methods which they cannot process, you'll see that you cannot
detect what user agent is in use.

However, detecting DOM features client-side should be enough, there's no
need to check if the browser behind is IE or Opera if the wanted method
is supported. The basic idea is that we don't care what user agent is at
the end, provided it supports the methods we want to use. If it doesn't,
then the script will fail inevitably (but you can manage client-side the
way it will fail, this is called "clean degradation").
HTH
Yep.
Jul 23 '05 #2
On Thu, 20 May 2004 12:02:20 +0200, Yann-Erwan Perio wrote:
Client-side browser sniffing can be done in two ways: (1) user agent
string, subject to browser spoofing, and (2) object detection,..


I use the first method in a page here..
<http://www.physci.org/jvmclean.jsp?pt =js>
using the crudely hacked out script here..
<http://www.physci.org/files/mscheck.js>

Since the page could only give 'false positives'
(it looks for a combination of Win/IE), I feel
it cannot do that much harm.

AFAIU.. the UA string spoofing comes
from users deliberately changing it.

Is that correct?

If that *is* the case, I figure there are few
who would be fooled when they came to the
page and saw the message 'This PC is running
Microsoft Windows and using Internet Explorer.
It is potentially at high risk...'

[ ..there are other, more detailed checks
done as well, before I recommend the user
download JVMClean to rid their PC of the
problematic MSVM in any case. ]

--
Andrew Thompson
http://www.PhySci.org/ Open-source software suite
http://www.PhySci.org/codes/ Web & IT Help
http://www.1point1C.org/ Science & Technology
Jul 23 '05 #3
James wrote:
I wasn't sure where to post this so I'm sorry if this is the wrong place.

But I would like to know what some of the differences are between
client-side and server-side browser sniffing. I'm aware the client-side
stops certain errors being transmitted so saves on bandwidth and server-side
my catch errors that are missed on the client-side.

Anything else would be great.

Thanks.

You are much better off writing to standards and never browser sniffing.

It is extremely irritating to be told I can't use a site because I don't
use (whatever) browser. I can easily tell my browser to tell your site
that is is (whatever you want it to be). But if I have to do that,
unless I must use your site, I won't.
Jul 23 '05 #4
"James" <no************ @yahoo.com> writes:
But I would like to know what some of the differences are between
client-side and server-side browser sniffing.
The big difference is ofcourse the available information.

On the server, the only available information is the UserAgent header,
which many people are faking.

On the client, you can (try to) detect which features are available.
It is still not a safe method, since it requires total knowledge of
all browsers, current and future, that will access the page.

In any case, you must be prepared for browser-sniffing to fail, and
must decide what failure rate is acceptable and how to recover from
a failure.

This is why browser sniffing is not recommended, and feature detection
is, when it comes to making cross browser compatible scripts.
I'm aware the client-side stops certain errors being transmitted so
saves on bandwidth and server-side my catch errors that are missed
on the client-side.


That would be for normal validation: test on the client to prevent
a roundtrip to the server that would just report an error anyway,
and always test on the server.

For detecting the browser type/version, the client is better suited,
but still not very good. It is better to user feature detection on
the client for the features that one need, and don't bother detecting
the browser at all.

/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleD OM.html>
'Faith without judgement merely degrades the spirit divine.'
Jul 23 '05 #5
On Thu, 20 May 2004 11:14:15 GMT, Andrew Thompson
<Se********@www .invalid> wrote:
AFAIU.. the UA string spoofing comes
from users deliberately changing it.

Is that correct?


Nope, lots of UA's ship ready spoofed.

Jim.
--
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Jul 23 '05 #6
James wrote:
I wasn't sure where to post this so I'm sorry if this is the wrong place.

But I would like to know what some of the differences are between
client-side and server-side browser sniffing. I'm aware the client-side
stops certain errors being transmitted so saves on bandwidth and server-side
my catch errors that are missed on the client-side.

Anything else would be great.

You are in the right place - but the wrong idea.

Don't "sniff" at all - write to the standards and before you use
anything that could be risky (like "document.GetEl ementById" for
instance) check that the browser recognises. If - and only if - it
doesn't then code round it with what it can recognise.
Jul 23 '05 #7

"Lasse Reichstein Nielsen" <lr*@hotpop.com > wrote in message
news:k6******** **@hotpop.com.. .
It is better to user feature detection on
the client for the features that one need, and don't bother detecting
the browser at all.

What if a particular browser supports all required objects, yet has also a
known 'feature' that will cause a certain error?

--
SC
Jul 23 '05 #8

"Lasse Reichstein Nielsen" <lr*@hotpop.com > wrote in message
news:k6******** **@hotpop.com.. .
It is better to user feature detection on
the client for the features that one need, and don't bother detecting
the browser at all.

What if a particular browser supports all required objects, yet has also a
known 'feature' that will cause a certain error?

--
SC

Jul 23 '05 #9
On Thu, 20 May 2004 14:17:00 +0100, "Stephen Chalmers" <me@here.com>
wrote:

"Lasse Reichstein Nielsen" <lr*@hotpop.com > wrote in message
news:k6******* ***@hotpop.com. ..
It is better to user feature detection on
the client for the features that one need, and don't bother detecting
the browser at all.

What if a particular browser supports all required objects, yet has also a
known 'feature' that will cause a certain error?


Detect it - depending on the error you can generally do this, which
error did you have in mind?

Jim.
--
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Jul 23 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

15
8340
by: David | last post by:
On a page optimised for IE, I'd like to check if the browser type is other than IE, so I can direct them to another page. How can I modify the code below to redirect to indextext.asp if they aren't using IE? I've tried changing the = for <>, but get a syntax error. Thanks USER_AGENT = Request.ServerVariables("HTTP_USER_AGENT") IS_IE = InStr(USER_AGENT,"MSIE")
13
9452
by: Kai Grossjohann | last post by:
It seems that Ctrl-N in Mozilla opens a new empty browser window. That's fine, I don't need to do anything about it. But Ctrl-N in IE appears to clone the current window. Is there a way to intercept the key so that I can do stuff on the server side to make the new window behave correctly? (We have a JSP-based webapp which stores state in the session. Now if two windows access (and modify!) the same session, then madness will result....
23
2388
by: Mark Tranchant | last post by:
A new project: http://step-by-step.org.uk/ Don't worry about the links yet, the content hasn't been written. I'm just interested in the introduction screen, which is my first attempt at an absolutely-positioned layout. I'd like to know whether this works well in all browsers. It *should* look like this in a modern, standards-supporting browser:
16
2872
by: Java script Dude | last post by:
To all Mozilla JS Guru's (IE dudes welcome), I have spent the last three years developing complex DHTML applications that must work in IE 5.5sp2+ but I use Mozilla 1.3+** to do all my development. I have build some cross browser debuggers so my users can send me verbose debug dumps. I have some success but have come to a roadblock with the basic underlying JavaScript models. The only way to get a complete stack in IE is to use the...
6
1354
by: Eric | last post by:
I am attempting to figure out the best way to specify font sizes. I accept that one should use the user specified default as the preferred size, but what is the best way to obtain that user specified default? font-size: medium? However, I read that under IE, it might be font-size: small...? Is the only way to resolve this issue to do some browser sniffing and base font-size on what the browser is?
16
2353
by: petermichaux | last post by:
Hi, Does anyone have a a cross-browser setOpacity function that does not use browser sniffing? I looked at the Yahoo! UI function and it detects IE by looking for window.ActiveXObject. I also looked at Scriptaculous and it uses navigator.userAgent. Thanks, Peter
22
2298
by: petermichaux | last post by:
Hi, I would like to display a message to Internet Explorer clients to encorage them to get Firefox. Yes they may like Internet Explorer but it is my site :) http://www.explorerdestroyer.com/ uses navigator.userAgent If ((ua.indexOf('msie') != -1) && (ua.indexOf('opera') == -1) &&
1
1335
by: RobG | last post by:
Browser sniffing is generally considered a very bad idea, developers are usually told that feature detection is the way to go. It seems a real pitty then that the developers of new platforms are actually encouraging browser sniffing by releasing "detection" scripts: <URL: http://webkit.org/blog/119/webkit-detect-script-updated-for-iphone-and-ipod-touch/ Cest la vie.
10
3257
by: Conrad Lender | last post by:
In a recent thread in this group, I said that in some cases object detection and feature tests weren't sufficient in the development of cross-browser applications, and that there were situations where you could improve the application by detecting the browser vendor/version. Some of the posters here disagreed. Since then, I've had to deal with a few of these cases; some of them could be rewritten to use object detection, and some couldn't....
0
8727
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9365
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
9127
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
1
6664
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5973
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4483
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
3186
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2569
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2127
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.