Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Why detecting browser versions incorrectly is a really crappy thing to do

February 21st 2006 in Uncategorized

It happens every time a new version of Internet Explorer is released… Web sites break.

Why do they break? Because the sites are coded to detect up to a certain version of IE.  Anything newer than whatever browser version was public at the time a site was coded is either rejected out of hand, or served a CSS script that breaks in IE.

Even my own blog is affected.  If I manipulate my computer’s registry to impersonate Internet Explorer 6 then Community Server works just fine, as you can see from this screenshot…

But, if I reset my computer to Internet Explorer 7’s default registry settings, blogging breaks – note the code in the composing window and missing formatting toolbar.

The same thing happens with www.qantas.com.au.  If I set my computer to impersonate IE6 the Awards Booking page works just fine; as soon as I set my system back to IE7 I am refused access (‘sorry, but we don’t support Netscape’)… cripes, they can’t even get right the type of browser I am using.

There is absolutely no TECHNICAL reason for the sites in question to detect, and support, only IE6 and a few earlier versions.  Community Server does not break in IE7, and the Qantas site has only very minor CSS issues which, btw, aren’t fixed by pretending to be IE6 – sometimes sites will break unnecessary by serving up inappropriate CSS… Qantas has some minor display issues – note the cut off text:


I’ve seen **far** worse examples of borked CSS – check this out:


Ok, so the fix for Qantas and Community Server is simple.. instead of coding for up to Internet Explorer 6, code for a particular version of IE and later. As for the site which is using the now mangled CSS… they’ve got a LOT more work to do.

I have information about how to work around the problems caused by sites that mistreat us based on browser version at this URL:

The URL also includes links to information useful to Developers.  Come on guys, let’s *try* and get this sorted out before IE7 hits gold.  I find it irritating in the extreme that I have to have faff around with my registry all the time just so that I can get sites to work that don’t even break in IE7 anyways.  The man in the street isn’t going to understand what is wrong or know how to fix things.

One comment to...
“Why detecting browser versions incorrectly is a really crappy thing to do”

Richard Dudley

I agree–this has been a problem for years, and for stupid reasons. I found a great reference years ago about testing for browser capabilities, not merely parsing browser versions. I have the link at http://www.rjdudley.com/blog/Dont+Sniff+Browserssniff+Objects.aspx.

Update: ICSAN says it is worse than first though:http://isc.sans.org/diary.php?storyid=1138
“This actually looks more serious then we initially thought it is. The workaround specified above will prevent Safari from automatically executing the PoC file, but it looks like your machine is still vulnerable and it doesn’t need Safari to run this file at all.”
Original blog article:http://msmvps.com/blogs/spywaresucks/archive/2006/02/21/84348.aspx
Edit: Secunia […]

Previous Entry

Side note: Hey Rocky!! I’m procrastinating again!!!
{laughing}  A very dear friend of mine, who is in the midst of writing a book entitled “Michigan Cuisine: A Semi-Exhaustive Guide” pinged me this evening to let me know that he’d found a ‘man hater’ recipe that he thought I would probably love….
Ok, so I’ve had a few […]

Next Entry