Future Fail and User Agent Sniffing
source link: https://www.otsukare.info/2013/12/04/future-fail-js
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Future Fail and User Agent Sniffing
Very often I use the expression "UA detection is a future fail strategy". It's a quick sentence with punch which makes angry some of the people in User Agent Detection business. They try to do a good job at providing the most complete, up to date, database of user agent strings and their relative capabilities. The issue is not in the intent of their database. The issue is often how the identification is used and how the code is shaped with regards to this identification. It is not an issue only related to UA databases. We see it every day in small pieces of codes.
Today I was checking the code of http://login.yahoo.com/ which is basically the portal for people to get identified when they have to access one of the Yahoo Web properties where it is required to have a login and password. I found this little piece of code:
if(navigator.userAgent.indexOf('Firefox/6') > 0) {
style = '';
} else {
style = "left:70px;";
}
Quite a simple piece of code. Let's see on my current desktop in the Web Console.
> navigator.userAgent
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0"
> navigator.userAgent.indexOf('Firefox/6')
-1
> var ua = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/6.0"
undefined
> ua.indexOf('Firefox/6')
69
Logical and working as expected. But now let's go back to the future… with Firefox 60.0
> var ua = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/60.0"
undefined
> ua.indexOf('Firefox/6')
69
Oooops. It means that the script will kick for Firefox version 60 to 69 and 600… You got the idea. This code is probably not used anymore, but it's here because people have forgotten about it, but one day the condition it was supposed to meet or not meet will come back for any kind of reasons.
Otsukare!
Recommend
-
46
A team of researchers revealed four new, and working, browsing history sniffing attacks recently to the public in a new research paper.
-
23
Capture and download HTTP Live streams (HLS) from your browser This extension is completely free and published under the MIT license. However, if you a...
-
13
Local Markets and Web Habits Most of Web developers cater first for their local markets. It is a good practice as a first approximation but it also creates challenges for people in other markets. The Silicon Valley has a tendency to...
-
9
User Agent Sniffing For A Tailored Experienceotsukare Thoughts after a day of workIn a
-
8
So we have this list of Web sites in Spain which are not completely working properly with
-
17
CAFBank and Server Side User Agent Sniffingotsukare Thoughts after a day of workI always hesitate to share the issues we have when we try to contact companies with Web sites not workin...
-
9
User Agent Sniffingotsukare Thoughts after a day of workwalmart mp3 - User Agent Sniffing ...
-
7
User Agent Sniffing Killsotsukare Thoughts after a day of workUser Agent Sniffing Kills Jeu 27 o...
-
12
Magic Strings and User Agent Sniffing Mar 18 janvier 2011by Karl Dubost (Wor...
-
9
curl and User-Agent Mer 11 avril 2012by Karl Dubost (Worked at Opera from 2010 to 2013)
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK