WebRef Update: Featured Article: Practicing Safe Code | 2

Practicing Safe Code

Part 3: Code Defensively

Some configurations will be enough on the ball to skip the <noscript> tag but can't render a page that is positioned with styles. To keep these visitors from biting off more than their browsers can chew, I put the same sort of content inside a hidden <div> element that is written to the page immediately below the <body> tag and before the actual content of the page:

<div style="position:absolute;display:none"> <h1>I'm afraid your browser doesn't understand Positioned Styles. </h1> <h2><a href="../shared/helpme.html">Click here for help</a></h2> <h2><a href="..default.htm"> Click here to get out</a></h2> <p><img src="../art/100x1K.gif" width="100" height="1000"> </p> </div>

Again, the user will see the warning and the links only if his browser can not read the style declaration. And at a thousand pixels, that's about all he will see without scrolling down the page. No one else will be aware of it. I would like to say it would do to skip the <noscript> tag and just stick this one in - after all, if they can't read styles they are unlikely to be able to read scripts, right?

But what about someone using a version 4 or better browser who has turned off the script engine? He will render the style correctly, but if you have scripts on the page, he isn't going to get it. And he won't get your message about alternate pages, either. So to be safe, if you are using both positioned elements and scripts, you should put in both warnings. If you aren't using positioned styles, don't put in the second warning.

For someone who is using a browser that is not script enabled and cannot read the page styles, the message will repeat once as he scrolls down the page. Of course, this method doesn't magically make the page work - it just gives the visitor a clue that his browser isn't up to the code, and gently directs him elsewhere.

Part 4: To Each His Own

The biggest problems you will run into are with users who have some kind of scripting, but not the right kind. Again, the best approach is to go from simple to complex.

Determine what version of the script is the minimum required and put your redirects and warnings in that language. You can't touch Netscape with a function written in VBScript, and if you put your redirect in a 'JavaScript1.2' tag, older versions won't even read it [Editor's note: unless it's a SRC .js file and Netscape 3]. In other words, make the advanced browser walk the walk if they talk the talk, and let the others have the pages they are sitting on.

A good way to check how your pages might be looking to some of your visitors is to put your scripts and stylesheets in external files and comment out their calls in the header:

<!-- <script language='javascript' type='text/javascript' src='script.js'> <link rel='stylesheet' type='text.css' href='style.css'> -->

You will also need to remove any event handlers that call functions from the script:

<body onload="startFunction()"> becomes <body>

This will approximate what the page looks like (and what it does) with no styles or scripting enabled. And, every once in a while, that is the page you should publish. Good coding!

All code examples from this article can be found at: www.webreference.com/new/991104_src.html

Author Bio:

Kenneth Tibbetts is forty and a bit, married to an artist, and lives in a home they built themselves in central Maine. "I've been writing code since lines really had numbers, but I make my living these days as a woodworker. Care for a nice mahogany notebook computer?" You can contact Kenneth via email at: [email protected], or through his pages at www.areoka.com and www.yankeeweb.com.

Previous: Work From Simple to Complex and the NOSCRIPT Element

This article originally appeared in the November 4, 1999 edition of the WebReference Update Newsletter.

Comments are welcome
Written by Kenneth Tibbetts and

Revised: May 16, 2000

URL: https://webreference.com/new/script2.html