Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 6 years ago.
Improve this question
From the best I know, if you use AJAX or javascript links in your website, it hurts SEO as the google bot has troubles crawling your site, basically it likes anchor tags.
So it's a general saying to avoid AJAX or Flash in your website, though some saying that the google bot knows to read javascript links.
Now i believe it's possible to manipulate the google bot somehow, and when meaning manipulate i DON'T mean anything illegal or black hatting, I just want to Ajaxise my website.
My question is divided to 2:
Is it possible to "present" google bot with 1 version of the site, and users with another? I've read Here that base64 encoding your content may confuse the bot, but that seems like a bad solution to me.
Likewise, the possibilities you can add to robot.txt file is only no index and no follow, as far as i know.
Is it possible to output the HTML as regular unajaxised website with Anchor links and after window finishes loading, then edit the anchor tags to preform dynamic content loading? i mean i know that it is possible, but will the google bot scan the after that event or before? on the same weight is it possible to block that parts of Javascript code from the google bot?
You can't manipulate search engine bots to do things they don't normally do. You either work within their capabilities or not. Although search engines are getting better at handling JavaScript as a general rule dynamic content is not something they're going to be able to handle well or at all in most circumstances.
As far as getting search engines to read dynamic content created by JavaScript you have two options:
Build the site the right way from the beginning and use progressive enhancement. Your site should work without JavaScript enabled. In fact, it should be built that way first. Then you can go back and add JavaScript that enhances the experience for users who have JavaScript enabled. That way your content is accessible to everybody.
Use Google's Crawlable Ajax standard. This will allow Google to crawl content generated via Ajax. Keep in mind this only work for Google and leaves out other search engines and users without JavaScript enabled. So it is a bad idea.
Build your site using Progressive Enhancement and Unobtrusive JavaScript.
When you do significant Ajax stuff, use the history API.
Then you have real URLs for everything and Google won't be a problem.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I want to send a link to a client with some work I am doing for them but they are rather informed about IT and that would lead me to think that they know how to copy and paste some HTML and CSS. How would I go about stopping them from seeing the HTML, CSS and JS of the page I want to send them?
Unfortunately this is not effectively done. While it is true that HTML and CSS can be minified there are a large number of free utilities out there that are designed to reverse the minification, or "beautify", whatever you have minified.
There are a range of other methods which are used on occasion but don't really do anything to protect the source from anyone except those who wouldn't care about the source anyway.
Source Code Padding
This is one of the oldest tricks in the book and involves adding a ton of white space before the start of the source so that when the user opens the view source window it appears blank, however almost everyone these days will notice the scroll bars and scroll down the page until they hit the source. This also has the extra negative effect of degrading performance for your site as it substantially increases the amount of data being sent to the client.
No Right Click Scripts
These sorts of scripts prevent the user from right clicking on the page and opening up the page context menu however they are notoriously hard to get working across browsers, annoy users who don't like the native functionality and usability of their browser being altered without permission, and don't make any difference as the source code window can be opened from the top menu.
Javascript "Encryption"
This is a very popular method to suposedly "protect" the source code of the page and involves taking the code and using a custom made function to encrypt the script before pasting it into the html file and then embedding javascript in that file to decrypt the markup at run time. This only works if the end user has javascript enabled and is not effective in protecting the page from other designers and coders as you need to embed decryption javascript in your page which the user can use to reverse your markup and see the plain text markup.
HTML Protection Software
There is software out there which is marketed as protecting HTML and CSS however these protection software packages generally use one of the above methods, and charge you for the privilege of having a false belief your code is actually safe.
Unfortunately the way the internet is designed to work with HTML and CSS this is not possible and won't be without such a drastic shift in the web landscape and the way websites are designed that I personally don't see it ever occuring.
Information sourced from http://www.htmlgoodies.com/beyond/article.php/3875651/Web-Developer-Class-How-to-Hide-your-Source-Code.htm
If your concern is that they'll steal your work, then maybe you shouldn't be working with them.
Also, if you have a good contract in place that specifies who owns the work at which stage of the process, this won't be an issue. In other words, if it's clear that you own the work until it's paid in full, you could sue them if they steal it.
Although it won't stop people stealing your code, you can make it harder to do so using minification - this will remove whitespace and translate variables to harder-to-read names, amongst other things. This will also reduce the footprint of your code, icnreasing the page load speed.
You can't do anything except obfuscate and minify it. There are several utilities to do this if you google it.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
There are a lot of features and abilities of javascript that I am unaware of. I have developed a custom closed source CMS and I was thinking about adding a feature to allow for custom javascript that gets included on each page of their site (but not the backend system itself). I was curious of the risk involved with doing this? The CMS is built using PHP and there is javascript within the backend system of this CMS, but thats pretty much it.
If I allow custom javascript, can this be manipulated to retrieve all the php code, or to cause issues on the server itself?
I own the servers, so I can make any adjustments necessarily for safeguarding the server.
Again, this is purely for information and I appreciate any advice people can give me.
The javascript will be stored in a file and included using php on the page itself. I do have code that blocks anything inside to prevent the use of PHP within the code itself.
Can they steal my closed-source PHP code with JavaScript?
To answer your first question, no, your closed-source PHP code cannot be stolen by a user of your CMS software simply by uploading a JavaScript snippet.
This is because JavaScript runs on the client-side (the web browser).
If JavaScript is able to access your PHP code from the client-side, then they'd be able to access it without JavaScript. That would mean that you've configured something wrong on the web server side, like setting permissions on your files so that anyone can view them.
Is allowing JavaScript to be uploaded by a CMS user a good idea?
You'll get some folks who will scream ABSOLUTELY NOT UNDER ANY CIRCUMSTANCE. These are the same people who say things like:
Using eval() is always evil. It's not always evil, but it's almost always unnecessary.
Using global or $_GLOBALS in PHP is evil. Again, it's only evil if you don't know what you are doing. And again, it's almost always unnecessary.
You should read that as a WARNING. Don't treat this issue lightly, if you are careful, you can do it, but if you are not, it can really bite you in the a**. That's reason enough for most people to stay away from it.
Before you decide for sure if you should or shouldn't allow users of your CMS solution to upload JavaScript snippets, you should ask yourself the following question:
Who will be allowed to upload JavaScript snippets?
If the only people who have access to this feature of uploading JavaScript modules are trusted system administrators, then you should consider it safe. I put that in italics because it's not really safe, but it does, at that point, fall on these trusted users to ensure that they don't upload something malicious.
Maybe you get Mary Neophyte, webmaster(amateur) extraordinaire who decides she wants a cool scriptlet on her CMS front page that displays the current weather in Anchorage, Alaska. She goes to Google, types in "JavaScript weather script", and arrives at Weather Channel. She decides their implementation is just too hard to install. She keeps looking. She arrives at Boris' Weather Script at http:/motherrussia.ru/ilovehackingidiots/weatherscript.html.
This isn't your fault when her CMS starts compromising her end users. She was the trusted administrator who uploaded a malicious script purposefully (though ignorantly). You shouldn't be held responsible for this type of behavior.
Long story short, you should be able to trust the trusted users of your CMS to be responsible enough to know what they are uploading. If they shoot themselves in the foot, that's not on you.
Allowing non-trusted users to upload JavaScript
This absolutely, positively, without a doubt is never something that you should do. It is impossible for you to screen every possible obfuscation that someone could upload.
I'm not even going to get into this further. Don't do it. Period.
Regarding HTML/CSS
Don't assume that malicious code can't make it onto your website via HTML/CSS. While HTML is much easier to sanitize than JavaScript, it can still be exploited to deliver undesired JavaScript to a page.
If you are only allowing trusted users to upload HTML/CSS, then don't worry too much about it. I stress again, It is Mary Neophyte's fault if she uploads Boris' Weather Script to her site. However, don't let Boris himself come to your website and start uploading anything that will get displayed on a web page to anyone but ol' Boris himself.
TL;DR
I'll summarize everything into two rules:
Don't allow untrusted users to upload anything that will be displayed to anyone other than themselves.
Don't let anyone upload anything at all that gets executed server-side.
Allowing custom JavaScript would probably be a very bad idea. That would make your site vulnerable to cross-site scripting attacks and allow it to be a vector for cross-site request forgery attacks against other sites.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 9 years ago.
Improve this question
I'm working on a page that is more or less a search tool, it basically consists of an input field, and it will show a list of entries to the user, according to the input. In this situation, if there any difference for SEO if the page uses client or server-side rendering (using AJAX) and why?
I'm just concerned if it's a disadvantage if I use client-side rendering in this particular scenario.
I understand that client-side rendering is a disadvantage for SEO compared to server-side - when the HTML is complete at the beginning, so to say. But in a dynamic case, where the results have to be loaded asynchronously anyways, is it still a disadvantage? Does it depend if the current content can be mapped to a URL?
AJAX loading of content has no impact on SEO.
The updating of the DOM via JavaScript will not result in any noticeable changes in what is indexed by a search bot. Almost all legitimate search engines archive the non-dynamic version of a webpage.
In order to enable SEO you have to maintain embedded links to non-dynamic versions of that content.
For example (using jQuery):
<div class="next-page"><a class="ajax-me" href="/page-2.html">Page 2</a></div>
$(document).ready(function(){
$(".ajax-me").click(function(e){
e.preventDefaults();
$('#ajax-target').load($(this).attr("href"));
});
});
That will enable AJAX for links, but still make that link visible to the web crawler for search engines.
Your server will have to know to respond with either a full webpage or AJAX response based upon the header request.
Since you don't seem to be much concerned with UI/UX and want to know more about SEO, I'd suggest to go with the client side. Anything that's dynamically loaded after user's input won't be visible to web crawlers.
However, another approach would be to make it work both ways - so that by visiting a specific URL (site.com/search?q=something) you get the page fully rendered from the server side, while you're still able to make another search that will happen at the client side. You'd still have a little trouble indexing all the relevant searches, but perhaps you could track the last x searches and show them somewhere on the page, with links to full server-side rendered search pages, like the one I mentioned above. You can even make those dynamic calls not only change the content of the page, but the URL hash in the browser's address bar as well (see here).
That way you'd provide users with a nice user interface/experience, while still doing a very nice SEO job since the crawlers would be able to index the links from the list of last searches.
So, to directly answer your question: client-side vs. server-side page rendering - huge SEO difference
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
I have found many similar questions but nothing identical to what I am asking. I am building an app using Phonegap.
It seems that Apple allow apps that request external JS (people using Google Maps and so on), So basically by using a <script> tag in the header and referencing the external js file. My problem is that I want to do something similar but via code, so using jquery getScript.
The functionality all works, but my only worry is that apple say you cannot download code to your app. Surely having a script tag in the header of the app referencing external javascript is exactly that, downloading javascript to the app.
Its basically, exactly the same in my opinion, no matter how you grab the javascript, it's still technically 'downloading' code.
Anybody know the true answer to this, if not, how do I find out? Even if the app was approved, there is nothing to stop me building 20 apps with this code just to find in future that I was lucky and they take them all down.
there are mixed opinions about it. some developers have been given a hard time for approval of the app when using phone gap. i personally prefer not to use it. here is a link to a discussion that has the opinion of many developers.
http://www.linkedin.com/groups/Anyone-uses-PhoneGap-on-iOS-72283.S.106288557
https://devforums.apple.com/message/513221
as i said there are mixed opinions about it. using phonegap does not prevent your app from being approved, but it is clearly mentioned in the doc's that apps that download codes will be rejected. according to apple there is no issue with having javascript codes inside the app but you cannot execute a set of code to download the script into the app from outside. it has to be inside your app. i hope this makes sense to you. but all in all if you are building an app that downloads codes it will be rejected, if you are building an app that has the script inside it and downloads the dialogue ( like Facebook) related to it, no problem.
apple doesn't allow you to load code later on.
Exceptions are part of every rule but the general opionen about this is clear and I wouldn't rely on that
The spirit of this 'guideline' is to ensure the functionality of the app doesn't change in any significant way after Apple's approval. Apple is even locking down ability to change screenshot after approval. This more for security, still the goal is the same. To consistently present the functionality of your app.
Inferring from the title of your question , are you are using <script> or getScript to ensure latest version to the device, as opposed to packaging the app and updating the app?
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I know that this question has been asked many times ( but in different varuations), but I got totally confused...
I have a website with a right panel displaying some content - a set of links to news/inner articles.
This is the same list for all site's pages.
Thus, every time there is a new link/line in th news section, I have to go manually over all site's pages and update them. This is really annoying and time consuming.
The approach I though about is:
Adding a div where the news/link are supposed to be:
<div class"news"></div>
and load a JS file in all files. Upon window.onload(), what the JS will do is writing the news:
document.getElementByID('news').innerHTML=....
Thus, every time there is a new link/news, I will add it to the JS file, and it will be written in all site's pages ( because they all will load this script).
My Question is:
Is this approach ok? Will the news/links that are generated this way be seen by (Goggle)?
P.S
I have read many articles e.g
https://stackoverflow.com/questions/11989908/can-google-crawl-links-generated-on-the-clientside-e-g-knockout
Googlebot doesn't see jquery generated content
http://support.google.com/webmasters/bin/answer.py?hl=en&answer=174992
Does google crawl javascript?
https://developers.google.com/webmasters/ajax-crawling/docs/getting-started
and more.... But got really confused...
I am not using any AJAX or server side programming.
Just want to do a simple .innerHTML ="..." with a predefined list of news, to save a lot of time. Will this content be indexed and seen by google?
Thanks a lot!
Generally, no. Google (and other bots) will not see content that you add dynamically.
They are of course learning the search engine to understand more and more, and it probably recognises some specific ways to add content to the page already, but to be able to see any dynamic content it would have to actually execute the script in a sandboxed environment, or emulate the script execution, to find out what it does.
Even if it does see some dynamic content, it's likely that it gives that content lower priority, so you are always better off by putting your important content as actual elements in the page.
Any search engine crawler crawl only HTML code when you check source code in your browser. Now when you are fetching content using Javascript, it will not fetch in source code for sure. (Here it is depends how you fetch the content).
To test crawler visibility for your page, Google recommend LYNX tool here in webmaster guidelines.
http://support.google.com/webmasters/bin/answer.py?hl=en&answer=35769#2
Hope it will help !!