Javascript and Vista

[Omicron]

Hello,
I'm lost.
Can some one go to the following site and click on the right-hand menu
option named, Geneology.
It is a Javascript link and will NOT do anything when my friend (who
is running Vista) clicks on it.

http://home.ptd.net/~ajs10

I'm not a Vista users and am not sure what I need to do to get it to
function under his Operating System.
Can you tell me if it functions for you Vista folks and, if so, what
settings I have tell my friend to make on his system (and or Browser -
IE7) to get it to work.
Thank you.

 

[RobG]

Hello,
I'm lost.
Can some one go to the following site and click on the right-hand menu
option named, Geneology.
Sure.

It is a Javascript link and will NOT do anything when my friend (who
is running Vista) clicks on it.

Doesn't do anything for me either, I use Firefox with the NoScript add-
on.

http://home.ptd.net/~ajs10

I'm not a Vista users and am not sure what I need to do to get it to
function under his Operating System.
Can you tell me if it functions for you Vista folks and, if so, what
settings I have tell my friend to make on his system (and or Browser -
IE7) to get it to work.

There are a number of reasons why it may not work, the obvious being
that javascript is disabled (IE calls it "active scripting" which bars
all scripts, not just javascript).

It may also be because you have HTML comment delimiters in your script
element. Browsers will tolerate an opening <!-- as the very first non-
whitespace characters in a script element, but not later.

But there is absolutely no reason to use them at all, particularly if
you think you are using XHTML. Remove *all* HTML comment delimiters
from your script. It is also a good idea to put all script resources
in an external file.

I'd also suggest that you change the link from:

<A HREF="javascript:Check()">Geneology</A></li>

to:

<a href="usefulPage.html" onclick="return Check();">Geneology</a>


The Check() function should probably always return false. Users with
javascript disabled will go to the usefulPage.html, which should have
advice that javascript must be enabled and maybe how to do it.

Incidentally, your DOCTYPE is XHTML 1.0 Strict, yet:

1. Your page isn't valid XHTML 1.0

2. You are serving it as text/HTML, which is just as well
given 1. above

3. IE doesn't understand XML, so even if you fix 1 and 2,
about 70% of visitors won't be able to user your site

 

[Omicron]

Doesn't do anything for me either, I use Firefox with the NoScript add-
on.





There are a number of reasons why it may not work, the obvious being
that javascript is disabled (IE calls it "active scripting" which bars
all scripts, not just javascript).

It may also be because you have HTML comment delimiters in your script
element. Browsers will tolerate an opening <!-- as the very first non-
whitespace characters in a script element, but not later.

But there is absolutely no reason to use them at all, particularly if
you think you are using XHTML. Remove *all* HTML comment delimiters
from your script. It is also a good idea to put all script resources
in an external file.

I'd also suggest that you change the link from:

<A HREF="javascript:Check()">Geneology</A></li>

to:

<a href="usefulPage.html" onclick="return Check();">Geneology</a>

The Check() function should probably always return false. Users with
javascript disabled will go to the usefulPage.html, which should have
advice that javascript must be enabled and maybe how to do it.

Incidentally, your DOCTYPE is XHTML 1.0 Strict, yet:

1. Your page isn't valid XHTML 1.0

2. You are serving it as text/HTML, which is just as well
given 1. above

3. IE doesn't understand XML, so even if you fix 1 and 2,
about 70% of visitors won't be able to user your site

Thanks Rob.
Lots of good suggestions.
I've gotten it to work by lowering the Security setting in IE7.
Basically set it up the way I've used XP for many years.
As for the code, well....yeah!
I threw it together but I should have known better than to use such a
mess for a test!
I've already cleaned it up some.
Thanks again.

 

[Stevo]

I use Firefox with the NoScript add-on.
Rob

Just curious .... Why ?

I'd never turn script off on a browser I use for my regular surfing, I
want to see the web how it's meant to be (seen by a major browser that
hasn't been crippled). Sure we all disable scripting as part of a QA
test suite, but not for our regular use.

 

[RobG]

Just curious .... Why ?

I helps to cut down on the amount of annoying crap. I also use
Addblock and Flashblock, it makes the web a much nicer place to visit.

I'd never turn script off on a browser I use for my regular surfing, I
want to see the web how it's meant to be (seen by a major browser that
hasn't been crippled). Sure we all disable scripting as part of a QA
test suite, but not for our regular use.

NoScript lets me select which sites can run scripts - urchintracker,
googlesyndication et al are not allowed at all. I also think it's
good to keep up the number of browsers running sans scripting to
remind web developers not to make their sites totally dependent on
scripting.

 

[Gregor Kofler]

Stevo meinte:

Just curious .... Why ?

One of the reasons might be, that one doesn't want his surfing behaviour
being stored and analyzed by third parties. Or one doesn't want annoying
advertisments hiding the traces of useful information on webpages.
I prefer AdBlock though.

Gregor

 

[Stevo]

NoScript lets me select which sites can run scripts - urchintracker,
googlesyndication et al are not allowed at all. I also think it's
good to keep up the number of browsers running sans scripting to
remind web developers not to make their sites totally dependent on
scripting.

Makes sense. I think I might install it, although I'd set it to allow
scripting by default, and only disable it on specific sites.

 

[Stevo]

Stevo meinte:

One of the reasons might be, that one doesn't want his surfing behaviour
being stored and analyzed by third parties. Or one doesn't want annoying
advertisments hiding the traces of useful information on webpages.
I prefer AdBlock though.

The analyzing by third parties is a bit "conspiracy theory" if you ask
me. Nobody's doing any analyzing out there. The only thing the ad
companies do is track anonymous statistical data. They want to know the
percentage of visitors that click on their ad. Or if you end up buying
something because you clicked on an ad, they'd like to know which site
was hosting the ad (so that they can figure out which were the best
places to advertise). This whole paranoia about being tracked is a bit
ridiculous if you ask me.

As for blocking ads, if we all did that then those websites we love to
visit (Yahoo, Facebook, Myspace, Youtube, MSN, etc etc) would either (a)
cease to exist, or (b) start charging us to use the sites.

The only reason the web made it to popularity beyond what it was in 1994
is because sites like Yahoo figured out they could put advertising on
the page. If they hadn't figured that out, we'd still be finding the web
a very boring place and Usenet would be the biggest traffic driver on
the Internet. Notice how all the major porn sites charge $$$ to see the
content? That's because they find it hard to get advertisers who want to
be associated with them. The ones that are free are the ones that use
advertising, and the ads are for the other porn sites which aren't free.

I sound like I work for an ad company, but no, I just understand the
economics of the web and wrote a paper on it, so had to do some
research. I spoke to some of the web advertisers and they told me
they're not interested in individuals, they just want statistical data
that helps them put their ads in the right places to make them more
effective.

 

[Gregor Kofler]

Stevo meinte:

The analyzing by third parties is a bit "conspiracy theory" if you ask
me. Nobody's doing any analyzing out there.

Well, your choice. I suppose "Stevo" is your real full name, since there
is no need to hide your real identity.

The only thing the ad
companies do is track anonymous statistical data. They want to know the
percentage of visitors that click on their ad. Or if you end up buying
something because you clicked on an ad, they'd like to know which site
was hosting the ad (so that they can figure out which were the best
places to advertise). This whole paranoia about being tracked is a bit
ridiculous if you ask me.

Sure. That's why amazon bombs you with recommendations, and Google Ads
sometimes seem - though out of context with the visited page - somehow
match your interests. And if you use Google Ads, Google will tell you,
when you abuse the system by clicking on ads too often. And these are
just "visible" observations.

As for blocking ads, if we all did that then those websites we love to
visit (Yahoo, Facebook, Myspace, Youtube, MSN, etc etc) would either (a)
cease to exist, or (b) start charging us to use the sites.

No need for (b), since there are enough gullible people (like you, I
might add) out there. One might ask, why big companies are interested in
paying billions for shares of one of the mentioned websites. Just
because of showing ads? Or showing ads tailored to your interests? Then,
where does this data come from? Have you ever read all the terms of use
of those websites?
But then: People turning their inside out on pages like myspace or
facebook will hardly be concerned by cookies tracking their behavior.
(Perhaps one day, when a HR executive confronts you with content,
unloaded there years ago.)

I sound like I work for an ad company, but no, I just understand the
economics of the web and wrote a paper on it, so had to do some
research. I spoke to some of the web advertisers and they told me
they're not interested in individuals, they just want statistical data
that helps them put their ads in the right places to make them more
effective.

And how do those ads get in the right place? They are of course
interested in individuals. They want they ads to be taylored for
individuals.

Gregor

 

[Thomas 'PointedEars' Lahn]

Stevo meinte:

Well, your choice. I suppose "Stevo" is your real full name, since there
is no need to hide your real identity.

Yeah, and "Stevo" would also never commit domain abuse, violating
(son-of-)RFC 1036, STD 11 and its successors, the AUP of his USP (T-Online),
not to mention disregarding Netiquette, because he would not fear to get
spammed. Never. Ever.

How fortunate that I recognize the existence of such people only when they
get quoted.


PointedEars

 

[Stevo]

Thomas 'PointedEars' Lahn said the following on 1/23/2008 6:42 PM:

Yeah, and "Stevo" would also never commit domain abuse, violating
(son-of-)RFC 1036, STD 11 and its successors, the AUP of his USP
(T-Online),
not to mention disregarding Netiquette, because he would not fear to get
spammed. Never. Ever.

How fortunate that I recognize the existence of such people only when
they
get quoted.

And That's nice[1].

How silly of me to think that I could have a contrary opinion and debate
a subject intelligently on here without being attacked.

I don't see how not wanting to be spammed by spammer scum who troll
forums and newsgroups for email addresses can be compared to, or has
anything at all to do with, not believing the conspiracy theory that all
advertising on the web is secretly spying on you and compiling personal
data about you. It's also hardly an offensive opinion to think that
without all that web advertising we'd be stuck in the mid 90's with our
web content.

So how is that opinion connected to my not wanting to publicly announce
my real name and real email address on a public searchable forum for all
spammers to see and add to their spam list? I already get enough spam,
don't we all, and see no reason to add to it.

 

[Thomas 'PointedEars' Lahn]

[...]
Most people that complain about munged addresses fall into one of three
categories:

1) Spammers
2) People who want something to whine about
3) People who want to reply outside a public view so there opinion
isn't open to be corrected, debated or contradicted.

4) People who care about the Net in general and
as a communications medium in particular.

See http://www.interhack.net/pubs/munging-harmful/

[...]
Giganews and Comcast both actively encourage address munging as an
anti-spam measure.

That's good to know. Filter adjusted.


PointedEars

 

[Thomas 'PointedEars' Lahn]

Thomas 'PointedEars' Lahn said the following on 1/24/2008 3:13 PM:

[...]
Most people that complain about munged addresses fall into one of three
categories:

1) Spammers
2) People who want something to whine about
3) People who want to reply outside a public view so there opinion
isn't open to be corrected, debated or contradicted.

4) People who care about the Net in general and
as a communications medium in particular.

See http://www.interhack.net/pubs/munging-harmful/

Maybe you should try finding a document that isn't 9 years old to back
up an antiquated claim. [...]
The best way to defeat spam is not to receive it, period. The best way
to not receive it is to not give out the address. [...]

If you had actually read the document that you deem outdated, you
would have known that you could not be farther from the truth.


PointedEars

 

[Dr J R Stockton]

So how is that opinion connected to my not wanting to publicly announce
my real name and real email address on a public searchable forum for
all spammers to see and add to their spam list? I already get enough
spam, don't we all, and see no reason to add to it.

On a technical group, you should be prepared to use your normal name,
the one you would expect to be introduced by in civil life.

You should also enable a normal person to E-mail you.

There is, contrary to the brutalist view, no need to put your own E-mail
address in a form convenient to spammers (though it's some while since
I've seen a significant amount of spam aimed at a recently-used Reply-To
address).

But any address that you publish should be one that you have a right, or
permission, to use, whether to receive mail or as a spam-dump.

You should not use any other address that might belong to anyone else,
currently or in the future; that is wildly inconsiderate, and contrary
to the policy of the better ISPs. Neither should you use a domain
without authority to do so; domain owners may not want to handle your
spam.

"spam-me.com" exists, though it is in need of renewal - therefore, even
if you have permission to use it, that may not last. You could consider
buying it.

Remember not to argue with the local sociological defective; it is a
waste of public resources. A single refutation suffices.

 

[Thomas 'PointedEars' Lahn]

But any address that you publish should be one that you have a right, or
permission, to use, whether to receive mail or as a spam-dump.

You should not use any other address that might belong to anyone else,
currently or in the future; that is wildly inconsiderate, and contrary
to the policy of the better ISPs. Neither should you use a domain
without authority to do so; domain owners may not want to handle your
spam.

Very true. May I remind you on this occasion, though, that although it is
not an address in the aforementioned sense, that applies to message IDs as
well. The message ID should be unique over a reasonably long period of time
(recommended are two years, see [son-of-]RFC 1036, section 2.1.5/5.3).
Clearly that can only have a chance of being accomplished if the Message-ID
header has a domain part with a domain name that you own or that the owner
of the news server (which has to set the header if not already present)
owns; the use of the `invalid' TLD for that purpose is inappropriate, too,
as that TLD belongs to both no-one and everyone, and is intended for local
testing purposes and documentation examples only (see RFC 2606, section 2).


PointedEars

 

[The Magpie]

It may also be because you have HTML comment delimiters in your script
element. Browsers will tolerate an opening <!-- as the very first non-
whitespace characters in a script element, but not later.

But there is absolutely no reason to use them at all, particularly if
you think you are using XHTML. Remove *all* HTML comment delimiters
from your script. It is also a good idea to put all script resources
in an external file.

I'm interested in this bit - I tend to comment freely so what is the
now-accepted way to add comments?

I also wonder why you feel it is a bad idea to serve XHTML as HTML.
After all, if we serve it as XHTML it buggers things up on the browser
end half the time.

 

[Matt Curtin]

<quote>
Date: 1998/12/08 02:34:45
Copyright ©1998Matt Curtin, All Rights Reserved
</quote>

Yeah, that is outdated.

Nonsense. The fundamental issues that were true then are true now.
Mechanisms for spam delivery have evolved quite a bit since then, as
have spam detection and management.

Munging, in fact, is what's outdated.

 

[Thomas 'PointedEars' Lahn]

I'm interested in this bit - I tend to comment freely so what is the
now-accepted way to add comments?

It was *never* accepted coding style to use markup comments as script
comments. As Rob has pointed out, you have been relying on a proprietary
feature which has never been safe on the Web. (In case you wonder, examples
in specifications are never normative.)

Since there is no working user agent that requires those pseudo-comments in
order to prevent the code from being displayed (in a nutshell: UAs should
never display `head' element content as if it were in the document body in
the first place; HTML 3.2 standardized the `script' element, and HTML 2.0
was marked obsolete; in HTML, the content model of the `script' element is
CDATA, not PCDATA), and they can do harm (it's a non-standard feature of UAs
or script engines to ignore them; in XHTML, the content model of the
`script' element is PCDATA, not CDATA), you can safely remove them in old
*HTML* documents and omit them in new ones.

As for XHTML, there is only one possibility of a comment requirement within
the `script' element content, and that is if you want to serve so-called
HTML-compatible XHTML as text/html to UAs that don't support XHTML, and as
application/xhtml+xml to UAs that do (that would be relying on
error-correction, though, which in itself is error-prone), and your script
code contains one or more of `<', `>', and `&':

<script type="text/javascript">
// <![CDATA[

// script code goes here

// ]]>
</script>

However, as Rob also has pointed out, the alternative is to refer to
external script resources. While that is recommended by the W3C (XHTML 1.0
Appendix C, section 4), I don't think it should be considered a general
recommendation. Another script resource not only separates script code and
the elements it is working on, which complicates maintenance, but also
requires another HTTP connection which is overkill, if it is only a small
script (for fitting values of "small").

I also wonder why you feel it is a bad idea to serve XHTML as HTML.

See for example:
http://www.spartanicus.utvinternet.ie/no-xhtml.htm
http://hixie.ch/advocacy/xhtml

However, note that the necessity to use `<!--//--><![CDATA[//><!--' and
`//--><!]]>' that Ian mentions is based on the assumption that there were
working user agents out there that would not support the `script' element.
But as I have pointed out before and on numerous other occasions, that
notion is outdated now as it already was when this advisory was created/
last modified. I consider pointing that out to Ian via private e-mail.

After all, if we serve it as XHTML it buggers things up on the browser
end half the time.

Quite the opposite is true.

http://www.w3.org/2000/07/8378/xhtml/media-types/results

You would be well-advised to use the Google Groups archives of this
newsgroup before posting; this has been discussed several times already.


PointedEars

 

[Dr J R Stockton]

In comp.lang.javascript message <[email protected]>, Sat,

Since there is no working user agent that requires those pseudo-comments in
order to prevent the code from being displayed ....
you can safely remove them in old
*HTML* documents and omit them in new ones.

False logic. User agents are not the only thing which may be required
to process such documents.

 

[Thomas 'PointedEars' Lahn]

[...] Thomas 'PointedEars' Lahn [...] posted:

Since there is no working user agent that requires those pseudo-comments in
order to prevent the code from being displayed
...
you can safely remove them in old *HTML* documents and omit them in new ones.

False logic. User agents are not the only thing which may be required
to process such documents.

You are mistaken. Apparently you don't know what a(n HTML) user agent is:

,-<http://www.w3.org/TR/REC-html40/conform.html#didx-user_agent>
|
| HTML user agent
| An HTML user agent is any device that interprets HTML documents.
| User agents include visual browsers (text-only and graphical),
| non-visual browsers (audio, Braille), search robots, proxies, etc.
|
| [...]


PointedEars