- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
At least they're not storing it in the database
Admin
Script, don't go away mad Script, just go away
Sorry, I couldn't resist.
Admin
I don't get it. This piece of javascript is created on the server-side and only rendered whenever that page has that input querystring. So I guess the wtf is client-side code being strung together on the server-side? I hope that really isn't it, cause in this instance it kinda makes sense to me. Sure it could have all been done on the client-side, but meh.
Admin
Remy, would you please explain the code?
I thinks it's rude to show code that you say is a WTF, but then fail to explain the code.
Admin
Look carefully at the code. The JavaScript strung together on the server does one and only one thing- it submits the form back to the server.
Admin
Nvm... actually looked more at the rest of the code. All it took was one more gulp of coffee. That is actually kinda funny. I assumed their search on the client-side just pulled in some results all Ajaxy-like.
Admin
Ot could have easily been done all on server side, without needing that piece of Javascript at all (which causes a redundant HTTP request), and in about 2 lines of code.
Admin
And all the background-colors go - WTF? There's one too few zeroes in #D0000!
Admin
TRWTF is using WebForms and not MVC, right?
Admin
TRWTF is using JavaScript to cornify the word "JavaScript"
Admin
It's meta.
Admin
There seems to be something missing. We can't assume its a bad code by seeing the server code tells the client to post to the server.
The server code could be looking for other stuff collected by the client, and since the form data is missing, it wouldn't have it.
We don't know what the search method does/collects. If it requires a query field.
Also, what about search engines. If a get request hits the server this may cause a problem. This method would prevent a browser that doesn't execute javascript from issuing a post.
Admin
The search query gets sent to the server, which returns this garbage, so that your "search results" consisting of everything that makes the web page gets returned and rendered from the server, and then (we are assuming cause the search code was stripped) that another (ajax?) request gets sent BACK to the server (another request) to actually display the results.
You get this illusion that the website you are working with is ultra fast, even if your search results take a few seconds to showup, at the expense of efficiency.
Anyone who has javascript disabled is probably gonna see a "You need javascript enabled" error message long before it gets to this page.
Also, I hate javascript. It is the hillbilly backwoods language of the internet.
Admin
Okay, let me see if I understand this: The client registers a startup script that looks to see if the http request contained a search string. If it does, it loads the search text box with that string, then calls search with an empty string, after issuing a click on the search image button, presumably to do the search immediately.
As opposed to simply sending the search results.
Efficiency? If I understood it right, not even close.
Admin
the javascript message wouldn't appear unless the author put logic in for that. This possibility that this may prevent search engines from submitting searches is still a possibility, efficient or not.
Admin
Admin
@Coyne, No, its simply checking if the current request was a post request, containing the expected fields. If not it returns javascript to the client to force an empty post request. Seems ironic since the page already has the users there...why not just serve an empty result set.
Admin
why would you assume that there is another ajax request fired in the search logic? The code was see just shows they check 1 field. The search logic may just look at the rest of the request fields....and its done.
Admin
I'm pretty sure this is complete BS and/or incomplete. The client-side script registered on the server consists only of a Windows-style newline (carriage return, line-feed). The script parameter is JavaScript code, and white space is ignored in JavaScript, so the script should do nothing. It should not submit the form... Either I'm missing something, everybody else is seeing imaginary things, or TDWTF has resorted to trolling its readers...
Admin
if you are reading from an RSS feed reader it strips the javascript
Admin
There seems to be some code missing in some browsers. Here the full code i hope:
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { if (!string.IsNullOrEmpty(Request.QueryString["input"])) { SearchTextBox.Text = Request.QueryString["input"].ToString(); string script = "<script language=""Javascript"">\r\n" + "var searchImageButton = GetControl("SearchImageButton", "INPUT");\r\n" + "searchImageButton.click();" + "\r\n</script>\r\n"; Page.ClientScript.RegisterStartupScript(typeof(Page), "CheckEnterPressed", script); } Search(""); } }protected void SearchImageButton_Click(object sender, ImageClickEventArgs e) { Search(SearchTextBox.Text); }
private void Search(string searchString) { … //Do the actual searching }
Admin
Thanks. That makes better sense... xD If I view source it all becomes clear. Both in Google Reader and in Firefox the embedded <script> blocks seems to be interpreted as HTML/JavaScript instead of text.
Admin
Thank you! I thought I was too stupid to get the point... also, you cannot see the JS if you have JS disabled (at least from unknown/different domains, what I do) - quite ironic.
This should be fixed. I had a bit of sloppy copyapasta in there which Chrome didn't choke on, so I didn't notice. --Remy
Admin
Seems to me that this is a poorly implemented way to account for bookmarked searches. The script only gets generated when the web form is loaded on the initial request (not on post back).
So if someone has bookmarked www.initech.com/search?input=wtf, when requested, this code should cause the search to be executed and have the results returned (I assume that is what the Search method does). So that part is reasonable. Poorly implemented, but a reasonable need is addressed.
The problem is sending a script back to the client, instead of just calling the Search method directly. Also, I have no idea how you would end up with "input" in the query string of the url since the text box is called SearchTextBox.
Admin
Admin
Don't use scripts to do things that HTML can do perfectly. HTML is going to be simpler, more secure, and more portable.
Just don't.
Reaching for your handy-dandy power drill out of sheer habit, when all you need is a pencil, is TRWTF.
As for you trolls who are thinking a script will protect your server from unwanted search engine traffic: if you're relying on client scripts to secure your server, you need to change jobs now.
Admin
Admin
Admin
If you post code please say what the WTF is for people who don't read that language.
Or do you like being smug?
Admin
Why should I tell you if I like being smug?
Admin
Admin
Is that Homer Simpson's color? D0H?
Admin
I think I might get the idea of this thing, though I'm not a web developer so may be mistaken. They indeed increase UI experience with it. Look at it this way: suppose searching does take some time on the server. If they did the search in Page_Load the page would take longer to load. Now with this trick, the page is loaded, then Javascript is run which clicks the Search button. Now the search runs but the user already sees the page loaded and thinks things are running smoothly, even if they actually do not (the page is not responsive anyway). Makes sense?
This is probably a false-positive WTF :)
Admin
Definitely a WTF.
Admin
WTF did I see a pink unicorn??? Am I drunk?
Admin
This is false, but the effects of reading his articles always appear to be similar...
Admin
I've learned more here playing "Find the WTF" in languages I don't know than I every would have having them spoon-fed to me like I'm an eight year old.
Do the work yourself. You'll be better for it.
Admin
Ha! Now that's a WTF in itself. Because the programmer was probably unaware of how to quote javascript in an RSS feed such that it's not a code injection attack. Morons.
Admin
Most of the time the WTF IS using MVC...
catchpa: minim: the way i like it and a palindrome as a bonus.
Admin
Doesn't this just prevent spiders from caching search results? This is the first WTF I don't get.
Admin
Admin
Maybe I'm missing something or just rusty on javascript, but it looks like what this does when passed a search string is load the (blank) search page and populates the search bar with the provided string. Then only when the user presses enter or clicks the search image button, it executes the actual search.
The Page_Load() doesn't directly trigger the SearchImageButton_Click() as others seem to claim. It requires a manual action. The javascript just makes the search the default action when enter is pressed.
There could be reasons to require manual review of the search string before executing the search; without knowing the requirements it's hard to say if this is a WTF or not.
Admin
The WTF is, why not just parse the query string in the server code to do the search, like a 1994 CGI server? It doesn't break the internet, and its easy. And POST with action=get.
Its fighting a layer of abstraction instead of just removing it.
Admin
If you do any sort of technical writing, your inability to correctly interpret that comment and form a well-written response indicates that you need to switch jobs [b)now[d]. The comment you quoted does not say HTML can replace Javascript, merely that it can do some of the same things.
Admin
Admin
I once did something similar, and it was because IE did not allow redirects (HTTP Found) from https to http (i.e. after logon) so we had to use <meta refresh> together with window.location = something.
Also sometimes you do want force the method to be POST, because of some CSRF security issues. Say you have some logic in onsubmit event of the form that adds some token to a hidden field of the form...
It's not that I understand the code, or the real problem they solved, and clearly I would ask WTF loud seeing that, but then I would try to find the developer and ask him to provide more details and document the code apropriately.
Admin
The real WTF is ASP.NET webforms.
Admin
This.
i dunno at what point the server-side Page_Load() is invoked, but the js sent back seems to be binding a form submit action to the enter key.
my guess would be that there's a funky ajax autosuggest handler already bound to (other) keypresses in the client-side search box, but Enter isn't set to submit [that] form initially [or rather, when when the search box is empty]
without more context in the OP it's rather dumb to call this a WTF
Admin
Code that is obscure is Worse Than Failure.
Admin
although i agree with your statement, this code really isn't obscure; any percieved obscurity here is due to lack of context in the OP.