permaculture playing cards*
The moose likes JSP and the fly likes detech javascript enabled server-sice Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "detech javascript enabled server-sice" Watch "detech javascript enabled server-sice" New topic
Author

detech javascript enabled server-sice

west james
Greenhorn

Joined: Feb 01, 2005
Posts: 8
Is there a way to detech where or not the browser making the request for a jsp has javascript enabled? I want to do the check server-side.

Is there something in the user-agent I can check for? Or in the header? Sample code would be nice.

Thanks.
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
No
Dan Novik
Ranch Hand

Joined: Jan 26, 2005
Posts: 39
you can create something on your page with JavaScript and check that
after the posting. E.g.:
<script language="JavaScript">
document.write("<input type='hidden' name='jsenabled' value='yes'>");
</script>

and check out request.getParameter("jsenabled")
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60794
    
  65

A technique I have used in the past is to have an index.html page which has a redirect meta tag that triggers after a few seconds, as well as a Javascript-controlled redirect in the onload handler.

If Javascript is enabled, the onload code sends them off to the site. If Javascript is disabled, the meta redirect (after a few seconds) sends them off to a "Enable Javascript if you want to use this app" page.

I don't worry about them turning Javascript off/on while they're within the app -- they get what they deserve if they're going to be doodoo-heads.

Note: this is one reason why I always stress to never ever rely on Javascript for validation or security. It's just too easy to turn Javascript off, and too easy to spoof URLs and posts.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
I also say can you rely on meta tags? lol.....

A user can also disable meta refresh, just like they can disable JavaScript!

That is why I said no! :roll:
Eric
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60794
    
  65

LOL! True. But as I said, if they're going to go through that much trouble to screw themselves, let them! Just be sure to write your apps to be as bullet-proof as possible.
west james
Greenhorn

Joined: Feb 01, 2005
Posts: 8
Thanks for the input. Yeah, I am not relying on javascript for anythings vital.

I just wanted to save a work-a-round and check during the request for a page rather than having to have an intermediate page...like setting a value in javascript and then checking for it on the next page...simliar to what 'Dan' posted.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60794
    
  65

The problem with the hidden element solution is that you have to pollute every page with the hidden element (unless you just plan on checking for this during login or some such). It also assumes that you will always be submitting a form -- won't work for links.

For a single-time check at login, it's not a bad way to go though.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: detech javascript enabled server-sice
 
Similar Threads
detech window.attribute server-side
Check Javascript enableness from JSP
To check for javascript
identifying the javascript enableness
Detech IE window attributes