Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

detech javascript enabled server-sice

 
west james
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a way to detech where or not the browser making the request for a jsp has javascript enabled? I want to do the check server-side.

Is there something in the user-agent I can check for? Or in the header? Sample code would be nice.

Thanks.
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No
 
Dan Novik
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you can create something on your page with JavaScript and check that
after the posting. E.g.:
<script language="JavaScript">
document.write("<input type='hidden' name='jsenabled' value='yes'>");
</script>

and check out request.getParameter("jsenabled")
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64708
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A technique I have used in the past is to have an index.html page which has a redirect meta tag that triggers after a few seconds, as well as a Javascript-controlled redirect in the onload handler.

If Javascript is enabled, the onload code sends them off to the site. If Javascript is disabled, the meta redirect (after a few seconds) sends them off to a "Enable Javascript if you want to use this app" page.

I don't worry about them turning Javascript off/on while they're within the app -- they get what they deserve if they're going to be doodoo-heads.

Note: this is one reason why I always stress to never ever rely on Javascript for validation or security. It's just too easy to turn Javascript off, and too easy to spoof URLs and posts.
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I also say can you rely on meta tags? lol.....

A user can also disable meta refresh, just like they can disable JavaScript!

That is why I said no! :roll:
Eric
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64708
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
LOL! True. But as I said, if they're going to go through that much trouble to screw themselves, let them! Just be sure to write your apps to be as bullet-proof as possible.
 
west james
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the input. Yeah, I am not relying on javascript for anythings vital.

I just wanted to save a work-a-round and check during the request for a page rather than having to have an intermediate page...like setting a value in javascript and then checking for it on the next page...simliar to what 'Dan' posted.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64708
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The problem with the hidden element solution is that you have to pollute every page with the hidden element (unless you just plan on checking for this during login or some such). It also assumes that you will always be submitting a form -- won't work for links.

For a single-time check at login, it's not a bad way to go though.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic