Practicing Safe Code
Application Security Testing: An Integral Part of DevOps
Part 3: Code Defensively
Some configurations will be enough on the ball to skip the <noscript> tag but can't render a page that is positioned with styles. To keep these visitors from biting off more than their browsers can chew, I put the same sort of content inside a hidden <div> element that is written to the page immediately below the <body> tag and before the actual content of the page:
<div style="position:absolute;display:none"> <h1>I'm afraid your browser doesn't understand Positioned Styles. </h1> <h2><a href="../shared/helpme.html">Click here for help</a></h2> <h2><a href="..default.htm"> Click here to get out</a></h2> <p><img src="../art/100x1K.gif" width="100" height="1000"> </p> </div>
Again, the user will see the warning and the links only if his browser can not read the style declaration. And at a thousand pixels, that's about all he will see without scrolling down the page. No one else will be aware of it. I would like to say it would do to skip the <noscript> tag and just stick this one in - after all, if they can't read styles they are unlikely to be able to read scripts, right?
For someone who is using a browser that is not script enabled and cannot read the page styles, the message will repeat once as he scrolls down the page. Of course, this method doesn't magically make the page work - it just gives the visitor a clue that his browser isn't up to the code, and gently directs him elsewhere.
Part 4: To Each His Own
The biggest problems you will run into are with users who have some kind of scripting, but not the right kind. Again, the best approach is to go from simple to complex.
A good way to check how your pages might be looking to some of your visitors is to put your scripts and stylesheets in external files and comment out their calls in the header:
You will also need to remove any event handlers that call functions from the script:
This will approximate what the page looks like (and what it does) with no styles or scripting enabled. And, every once in a while, that is the page you should publish. Good coding!
All code examples from this article can be found at: www.webreference.com/new/991104_src.html
Kenneth Tibbetts is forty and a bit, married to an artist, and lives in a home they built themselves in central Maine. "I've been writing code since lines really had numbers, but I make my living these days as a woodworker. Care for a nice mahogany notebook computer?" You can contact Kenneth via email at: firstname.lastname@example.org, or through his pages at www.areoka.com and www.yankeeweb.com.
This article first appeared on WebReference.com.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...