↑
Main Page

security

The

indicates that this browser has weak security, as opposed to

for no security or

for strong

128-bit security (most modern browsers have 128-bit security in the United States). When running on

Windows, Netscape left off the last section that contained the operating system or CPU description.

Shortly thereafter, Microsoft introduced Internet Explorer (IE) 3.0 with a user-agent string designed to

indicate full compatibility with Netscape Navigator. To accomplish this, IE’s user-agent string began

with the string

“Mozilla”

, so any server checking for this (as was standard at the time when checking

for Netscape) would allow IE to view the page.

The user-agent string for Internet Explorer 3.0 had the following format:

Mozilla/2.0 (compatible; MSIE

[IEVersion]

;

[OS]

)

For example, IE 3.02 running on Windows 95 had the following user-agent string:

Mozilla/2.0 (compatible; MSIE 3.02; Windows 95)

In this example, IEVersion is

3.02

and

Windows 95

. For some reason, Microsoft put in

Mozilla/2.0

instead of

Mozilla/3.0

. History hasn’t determined why this happened, although it was most likely an

oversight. Unfortunately, this error was responsible for a long sequence of user-agent string confusion.

To understand the problem, consider the

appVersion

property of the

navigator

object, which returns

everything after the first forward slash in a user-agent string. For Netscape Navigator 3.0,

appVersion

returns

3.0 (Win95; I)

. This value could be passed right into

parseFloat()

to get the browser ver-

sion. However, for IE 3.0,

appVersion

returns

2.0 (compatible; MSIE 3.02; Windows 95)

Passing that into

parseFloat()

returns 2.0, which is incorrect.

Essentially, developers wanted to be able to use one algorithm to check for 3.0-level browsers, such as this:

if (parseFloat(navigator.appVersion) >= 3) {

//do 3.0-level stuff here

}

Because of IE’s user-agent string format, this algorithm had to change:

if (navigator.userAgent.indexOf(“MSIE”) > -1) {

//IE, now check the version

if (navigator.userAgent.indexOf(“MSIE 3.”) > -1) {

//do IE 3.0 browser stuff here

}

} else if (parseFloat(navigator.appVersion) >= 3) {

//do other 3.0 browser stuff here

}

Another problem occurs when you try to determine the operating system from the user-agent string.

Because Netscape and Microsoft decided to represent the same operating system with different strings,

two checks must be used for each operating system, like so:

228

Chapter 8

11_579088 ch08.qxd 3/28/05 11:38 AM Page 228