Please note, this is a STATIC archive of website moz.com from 05 Jul 2018, cach3.com does not collect or store any user information, there is no "phishing" involved.
icon-book icon-close icon-conversation icon-delta icon-envelope icon-external icon-house icon-menu icon-pencil icon-products icon-search

Cross-browser in 2011?

Date / / Posted by / anhkiet / Category / Uncategorized

Disclaimer: I may not know what I’m talking about.

I never thought that writing code to handle browser differences in 2011 would be that painful. Maybe I was trying to do something out of the ordinary, but as a spoiled brat, I expected things to just work.

With our web application(s), we have a concept of account impersonation, similar to su. This allows our help team to login as customers and investigate issues. So I thought it would be a great idea to implement a toolbar that floats at the bottom of our admin page, making this process even easier. It’s a very simple idea and the UI needed three measly text fields to work: identity, password, and who you want to impersonate. Those who know me will know that I eat text fields for breakfast – so no problem there. And finally to top it off just because I am so awesome, I even took the liberty to include a button.

This was when brilliant idea #1 struck. Simplicity! There’s no need to show all three fields all the time. If the browser has a login manager, it would render the credential fields nearly useless. So why not show an abbreviated version like this:

The user would click the plus sign to show the fields to enter their credentials. This cleaner UI came with a cost, an additional click (yuck!).

Then came brilliant idea #2. Upon focus to the “login as” field, why not automagically expand and show the other fields? If the user already had their credentials saved, then it would remain collapsed. So brilliant!

The original goal was to create a self-contained script that would inject the HTML form into the page. This means it can be included on any page in the existing app with minimal code changes. This is where I ran into the first problem. Firefox’s password manager will not fill login forms generated by JavaScript. Someone even submitted a bug for it. Chrome works just fine. After trying various failed solutions, I begrudgingly generated the HTML as part of the page content.

After talking to our help team, it is apparent that they go through this impersonation process a lot. From our admin page, I thought it’d be useful to fire up a new window when they entered impersonation mode. In their workflow, once they’re done with helping a user, they can simply close out the window. Naturally and naively, I took the target=”_blank” approach,

  <form id="adminSudo" action="/some/login/url" method="post" target="_blank">
    <input id="login_email" type="text" name="login_email" />
    <input id="login_password" type="password" name="password" />
    <input id="other_email" type="text" name="other_email" />
    <input type="submit" value="Polyjuice" />
  </form>

This time, it’s Chrome’s fault. Everything works as expected except that it does not ask to “save your password.” Sigh. After some googling around, the answer was that I needed to use *drum roll* iframes! The page will use a hidden iframe and set the form’s target to the iframe’s id:

  <form id="adminSudo" action="/some/login/url" method="post" target="dummyTarget">
    ...
  </form>
  <iframe src="#" id="dummyTarget" name="dummyTarget" style="display:none"></iframe>

This change enabled Chrome’s password manager to kick in and save the password for us. Now, you will need to detect when the iframe is loaded to launch a new window,

    // Somewhere in the ready block
    $('#dummyTarget').load(function() {
        window.open('https://www.somelocation.com', '_blank');
    });

Was it silly of me to think that this would actually work? Cross browser problem again! This time more subtle than before. In using src=”#” for the iframe, Chrome will trigger a “loaded” event for the iframe on the initial page load. Firefox will not. So I tried two more alternatives, about:blank and leaving it empty. Here are the results, “y” means the event was triggered,

src= Chrome FF
“#” y n
“” n y
“about:blank” n y

At this point, I threw my hands in the air and took a completely different approach. More JavaScript in conjunction with src=”about:blank”, the recommended way of representing a blank iframe. I would only hook into the loaded event during the first form submission. This way, I delayed the hook and bypass the initial trigger completely. The solution was something similar to the following:

  <form id="adminSudo" action="/some/login/url" method="post" target="dummyTarget">
    ...
  </form>
  <iframe src="about:blank" id="dummyTarget" name="dummyTarget" style="display:none"></iframe>
    $(function() {
        var sudoHandlerSet = false;
        function sudoSubmission() {
            if (!sudoHandlerSet) {
                sudoHandlerSet = true;
 
                $('#dummyTarget').load(function() {
                    window.open('https://www.somelocation.com', '_blank');
                });
            }
 
            return true;
        }
 
        $('#adminSudo').submit(sudoSubmission);
    });

I was simply amazed at all the trouble I went through for this to work. I would rant more about the styling and animation (jQuery) issues, but it would have made this post too long. Of course, this is nowhere near the nightmare that is IE6, but with the extra functionalities we are pushing to the browser, shouldn’t we expect more from browsers these days?


  • I’ve been developing websites for over 10 years now. I have been doing a lot of newer project lately and been digging further into new concepts. Cross Browser compatibility some times manages to double the length of development time.

    Just out of curiousity did you try using src=”javascript:;” ? I don’t see it all that often these days so maybe it is a barbaric approach. Though I still use it on a lot of projects.

  • anhkiet

    Murray, I dislike compatibility issues as well. As for javascript:; and other similar variants (ie javascript:void(0)), I didn’t test because it completely slipped my mind. The reason is that I have been stung by it in the past (IE), but seeing how I’m completely ignoring IE, I should have tried it. It does have the expected behavior, https://jsfiddle.net/xsL8W/1/. Awesome!

    Let me know when you’re in the Seattle area, I’ll buy you a beer for this awesome suggestion :).

  • Mike

    Good post -I am also completely ignoring IE, between IE9 and all the different versions, I have drawn a line in the sand, and I don’t give a F. That fake study had some truth:
    https://seattletimes.nwsource.com/html/microsoftpri0/2015812565_study_claiming_internet_explorer_users_have_lower.html
    Original Article
    https://www.tgdaily.com/unbalanced/57562-ie-users-have-lower-iqs

  • anhkiet

    Mike, LOL, that’s quite interesting and funny. It does make life a lot easier when you don’t have to worry about IE at all. I usually check site statistics (via Google Analytics or something similar) to make sure I didn’t leave too many people out.

    The last company I worked at had a real estate audience. At the time about 12% were still using IE7. We decided that we would only support IE8+. If there’s enough demand/complaint, then we’d try to get it to work on 7. IE8, FF, and Chrome were still a headache then.