- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
PLEASE don't do this! The number of times I've clicked on what should have been a button on some page http://some.url/page and found myself directed to http://some.url/page/# because onClick events were silently discarded... If it needs to submit a form, make it a submit button. If it needs to execute JavaScript locally, make it an ordinary button. If it's a link, it should take me somewhere AND NOTHING ELSE.
Admin
oh dear - that didn't work all that well....
Admin
And here I thought that Google's motto was "Don't be Evil!"
public class PaulaWebCrawler { public void onGet(Page page) throws Throwable{ page.delete(); throw new FileNotFoundException("Brillant!"); } }
Admin
Thats why you have to authenticate the user on each request. Once they enter the username and password (via POST of course), you need to set a cookie that contains a fresh unpredictable value that is unique to that user's autheticated session, and then check that value with each request.
Admin
It should be noted that neither Google Web Accelerator or Firefox will prefetch a URL containing query strings (although both mention in their FAQs that they retain the right to do so in the future in accordance with the HTTP specs):
http://webaccelerator.google.com/webmasterhelp.html#prefetch3
http://www.mozilla.org/projects/netlib/Link_Prefetching_FAQ.html#Are_there_any_restrictions_on_what_is
Admin
I can't understand why there's so many sites using javascript for simple navigation. Everything's bad about it:
- hovering a link reveals something as meaningful as "javascript: void();",
- you can't open a link in a new tab (didn't try IE7, but hey, can't be much better),
- you can't bookmark a link to view it later,
- when there's a href="#", it sends you back to the top of the page, which never is what you want to do.
And for what? Most of the time it's a "article.aspx" link with parameters. You still land on a page with a long url (like article.aspx?articleid=24252525&stuff=something ), it's just a Rube Goldberg machine dancing flamenco on the philosophy of the web.
There's worse things though. There's navigation in flash.
Admin
Then someone did the onClick wrong?
I think the old "hyperlinked documents" model is failing to keep up with the fact people are writing more and more complex systems, and by all means, use links forms, or whatever. Last time I checked, when you show an HTML layer over (for dynamic menus etc) form elements or any embedded element gets painted overtop of the HTML, even though it is on a layer behind it. Thats a pretty good reason to use links instead of fat widgets I'd say.
Also, GET requests are good for "modifier" requests at times, do you want a form button just to change a default language or some indescript setting? To update a hit counter?
I think its a problem when a programmer has a programming stylistic reason for limiting the freedom of the designers.
Give them some guidelines, and hard rules where they really are needed, but seriously if a designer can come up with a richer and more appealing interface that use links to submit form posts, there is no reason in the world they should be forced to dumb-down their design.
Admin
I look forward to the day I get a full explaination of your system. You should post it here.
[;)]
Admin
I had something happen like that once - it was a calendar that went backwards and forward over events. It would go pretty far into the past and future if you just kept on clicking on "Previous Month" and "Next Month". These were simple links, like "calendar.php?y=2006;m=3".
As it turns out, Googlebot is smart - eventually it'll give up after going through pages that are only linked by one page. I guess when PageRank hits 0, it doesn't bother caring what the page links to.
MSN's bot, on the other hand, was not. I noticed that my website suddenly had something like 3GB/month of transfer over what it normally had. Going through the logs, I found out that the #1 user-agent on my website was "msnbot". So it got thrown into "robots.txt" and was told to stay out of the calendar.
Eventually I just got rid of the calendar completely - I never bothered checking why, but I think the SQL query it used to build the calendar was a bit of a WTF itself since it managed to overflow MySQL's temp space after running for a while.
I love how there's no preview feature with this forum... here goes nothing, gotta hope this post doesn't get mangled like all my previous ones did...
Admin
I've written that system back in 1997 or 1998 and it was one of my first non-hello-world CGI programs. Since it was written in C and CGI libs were sparse then, using virtual paths was slightly easier than parsing a HTTP Get. And beside that spider issue, it worked pretty well. Today, in the age of AJAX, Web 2.0 and what-not, it's obviously an easy laugh (and no longer used).
Admin
That is, quite possibly, the most disturbing thing I've ever read.
Admin
No, that's a bug in IE. Every other web browser does not do this. IE should be fixed to respect the HTML standard.
No, that violates the HTTP standard!
Quote RFC 2616:
Admin
OK, guess it's time to reveal my dirty little secret: I did exactly the same thing once, on the first webapp I ever wrote, hacked together in PHP. It ran locally on my own box, as did the search engine I was toying around with...
Admin
Come on, having a "view text only" button at the bottom of a page would look retarded. But having a "?textonly=1" link violates standard. But an onclick:submit() link works nicely for anyone not trapped in 1998.
Admin
But what about browsers without Javascript? I'm writing up a site that needs to work on IE and Mozilla as well as mobile phones and text-based browsers (using different pages, but the same basic page layout). How do I make a 'delete' link without the ability to script an OnClick event?
Does that mean that I'm going to have to make the mobile-phone version of the 'delete' page a droplist and submit button, rather than a simple 'yes' link? Ouch.
Admin
Ahem:
<chestnut>
"But form buttons are so ugly."
</chestnut>
(Just curious.)
Admin
Yes.
Admin
You know what? I've got noscript installed in Firefox. Usually, when I encounter submit links that do nothing, I even take the trouble of looking at the source code. Doesn't work because of javascript? There's an easy solution.
- click on that little cross on the right top of the window
- go to the competitor's website
That easy.Admin
No, you don't understand - mangement is earning their big bucks. The problem, as stated, is the technical design of the authentication component; the solution is to "managing the problem" so that the problem can be crossed off the list. Problem sovled, no code change; better still, all future instances are the customer's fault! No more support cost - only more revenue possibility; and you want to change the code?
Admin
Far me it from me to point out how utterly retarded it is to (ab)use JS like that to make a link submit a form, whether using the javascript: pseudoprotocol, or on an onclick event. Seriously, people, <font size="6"><font style="font-style: italic;" size="5">use a proper friggin' form button!</font><font size="3"> For the sake of a demo, here's a page on my wiki: http://talideon.com/wiki/?doc=WikiEtiquette. See the use edit version link at the bottom? That's no link, it's a form button, and it's a form button because clicking it changes the wiki's view state. See how it looks like the links to each side: CSS.
Seriously, if you're going to do something, do it right and don't abuse the browser's other facilities just because it might seem easier. Don't fight the browser, use it as it's intended to be used. If you don't, you'll just end up with an app that little more than a mountain of hacks.
</font></font>
Admin
Or... do both. If you've got non-idempotent GETs in your app, it can still break even if you've done the authorisation (that's what you meant: authentication is only proving who you say you are, not that you're allowed to do something. That's authorisation.) side of things. That's the lesson of GWA.
Admin
Now they don't, but initially GWA did, and the only reason why they stopped is because it broke a bunch of apps that retardedly used GET in a destructive manner.
But that still doesn't excuse abusing GET like that. People should be beaten over the head with that factette.
Admin
public class PaulaWebCrawler {
public Bool onGet(Page page) throws Throwable {
Bool result;
if ((result = page.delete()) == Bool.False) {
if ((result = page.delete()) == Bool.False) {
if ((result = page.delete()) == Bool.False) {
return Bool.FileNotFound;
}
}
}
else if (result == Bool.FileNotFound) return Bool.False;
return Bool.True;
}
}
Admin
In a day where I've been on the receiving end of a pair of WTF Hat Tricks, this is officially the funniest thing I've heard all day ... :P
Thank you. Maybe I won't have to kill myself tonight. :)
(fingers crossed that my formatting doesn't get eaten)
Admin
And CSS works nicely for anybody not trapped in 2001.
Try to understand this -- HTML tags do NOT control what things look like. CSS controls what things look like.
E.g. the "ul" tag does NOT mean "make a bulleted list." It just makes a list. The CSS attribute "list-style-type: disc" is what makes it have bullets. If you have a "ul" tag with "list-style-type: upper-roman" then it gets Roman numerals instead of bullets, and if you say "list-style-type: none" then you have a list with no bullets at all!
Admin
I don't know where to start with this. It's just so wrong...
And how is that?
Hello 1998, this is 2006 calling. There's only one browser that does that, and only with the SELECT element: IE.
And, as I demonstrated in an earlier comment, you can make a button look like a regular link. It's not hard. The old "hyperlinked documents" paradigm works just fine, even today.
Use POST.
GET is fine for this. It's a side-effect, but only incidental and doesn't impinge on GET's idempotency.
No the problem arises when the programmer is too lazy to do their job right, or when the designer is too lazy to use CSS to style their buttons.
Give me one instance where you think you're right, and I'll show you you're wrong.
K.
Admin
I am extremely embarrassed that this exact thing happened to me.
It's a little different, because the secret links were in javascript comments, and the search engine was a Chinese spam crawler. Also, all I lost was a few days of postings on my rant log and some really excellent poetry I wrote in college, and not all of the content of a government website.
Admin
Dammit. Maybe someday I'll figure out how to make the stupid emoticons work correctly...
[image]
Then again, maybe not.Admin
Then style the button differently. It works fine for anybody not trapped in 1999.
K.
Admin
Style it with CSS. The 'use stable view' link on this page is actually a form button: http://talideon.com/wiki/?page=WikiEtiquette.
Admin
I don't know why you find it so funny. It's not entirely false.
Most form controls in IE6 and below are rendered natively by IE itself except for one: SELECT. For that it uses Windows' one drop-down control, which means that it appears to render above anything else on the page. MS themselves regarded this as a bug and fixed it in IE7.
I think loneprogrammer deserves an apology, and Alex needs to fix that damned captcha.
Admin
I don't disagree. However, there are going to be situations (extensive DHTML for instance) where not using link events is extremely undesirable. Specifically if the "link" is located outside of a form.
You are the web-developer's nemesis. [;)]
Admin
No it doesn't.
Admin
We'd better patent the idea!
Admin
OK, so how exactly did you do that? I'm pretty sure dragging them in doesn't work: A
I can copy and paste yours... [image]
But not so with the palette: pi
WTF?
Admin
I've been lurking at this site for a while and I never really registered. After reading this, I had to say, anytime you rely on things that can be turned off/not present on all browsers or systems/or spoofed, you set yourself up for some damage.
I hope the dev. team that made the CMS doesn't get to touch anything again.
Admin
That's what that guy in Oklahoma would say, as he was dialing up the FBI to complain... :)
Admin
No, you're just someone too dumb to understand html. Otherwise you wouldn't refer to them in dreamweaver speak you dumbshit.
Naturally, "the old hyperlined document model" you refer to, of which I am assuming you mean those things called web standards, works just fine for those who actually now what they are doing, rather than dragging and dropping imaginary "widgets" and "layers" in frontpage.
Admin
And, in IE, it still looks like a button. Opera (8.5) shows it as having a background color. Point is, CSS is *not* the elixer for everything (unfortunately), and to ignore IE in terms of marketing is a mistake. Now, you *could* argue about the merits (or lack) of over-stylizing HTML pages in the first place....
Admin
Maybe you could use a small and simple dash of css to make that form button look like a link, not too difficult.
The real wtf isn't the forum, it's the forum users! :p
Admin
<input value="No it doesn't" name="myButt" style="border: medium none ; background: transparent none repeat scroll 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; color: blue; text-decoration: underline;" type="button">
Uh oh.. someone set up the bitchslap! :p
Admin
Damn forum software ate the last one, and I cannot edit. :(
Admin
Which the forum software mangles (hint: it doesn't fully grasp HTML - or, indeed, sanity.
You're not - see my sig. It is possible to get to page 2 or more with GET requests; just insert a 2/ (or whatever page number you want) in the path before the post/thread number - e.g. http://thedailywtf.com/forums/2/65974/ShowPost.aspx is the second page of this thread. (There's another method using query strings too, IIRC). Unfortunately, the pager doesn't use this for some reason - pester Alex if you want it fixed...
Admin
You can debate whether an action is state-changing and form reducto ad absurdum cases all day long, but it doesn't diminish the fact that the web is design in a particular way, and designers shouldn't just be concerned with aesthetics. GET and POST exist for a reason, and designing for the web as if that factt didn't exist is like designing a car that only has a gas pedal.
You can have quite sophisticated designs without breaking the web. There are many examples if you care to open your eyes and look.
Admin
Heh - source for the "emoticon" is <a href="">pi</a> - that's truly a WTF
If you must use a link, having the actual link go to a webpage containing a form (using POST) containing a single submit button and prompting the user to click to confirm, then using JavaScript on the link to submit a form directly and cancel the link navigation, would seem like a good solution to this problem...
Admin
You misspelled "revealed". HTH.
Admin
Moral of the story is implement some sort of working authentication not amateur web hacks. This should never never never happen. Ever.
Admin
I forgot IE doesn't support inherit, so sue me :-) It's fixed now, so check again. See what I mean now?
I'm not saying it's an elixer, just that it's not used as well as it ought to be.
K.
Admin
And a big thanks to the guys at 24.211.9.119 and 62.16.239.96 who thought it'd be terribly clever to delete some of the content on my wiki. Obviously you've never heard of a version control system before. That really shows how mature you guys are.
Admin
<FONT face=Arial size=2>First post here, let's see if it survives the forum software.</FONT>
<FONT face=Arial size=2>The thing with the GET/POST is that the first page you are entering the page from another URL so you get plain GET, when you change the pages using the links you trigger a "PostBack" (ASP.NET-ese) for a POST, so from there forward all you're going to get are POSTS.</FONT>
<FONT face=Arial size=2>Nice isn't (</SARCASM>)</FONT>
<FONT face=Arial size=2>P.D.: Not native speaker of English, hope is clear enough</FONT>
<FONT face=Arial size=2>---------------------</FONT>
<FONT face=Arial size=2>A little more WTF from the forum software (http://www.thedailywtf.com/forums/AddPost.aspx?PostID=66086&Quote=True) </FONT>