Closed
Bug 136141
Opened 22 years ago
Closed 22 years ago
Disallow masquerading with MSIE user-agent string
Categories
(Core :: Networking: HTTP, defect)
Core
Networking: HTTP
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: BenB, Assigned: BenB)
Details
Current status In bug 45565, I implemented the (hidden) pref general.useragent.override to set the complete UA string of Mozilla. See <http://bugzilla.mozilla.org/show_bug.cgi?id=45565#c10> for the reasons. It was intended to mask as e.g. Navigator 4.x Mac or as "You'll never know" (courtesy of mat). Now, I have to notice that most users abuse the pref to mask as MSIE. Reason to change 1 Because webmasters code for the popular browsers, this causes more MSIE-only sites, the thing we are trying to fight with Mozilla. It is true that you might still be able to see that it's really a Mozilla, but webmasters stupid enough to code MSIE-only sites are very likely to be stupid enough to just count that as MSIE. They are also likely to believe statistics from e.g. StatMarket, which seems to have an interest in publishing MSIE-biased numbers, judging from their results. So, even if you use a UA string like "Mozilla/4.0 (compatible; MSIE) Gecko/20020401", you are giving Microsoft armor to claim high stats for MSIE. In other words, a user with a Mozilla masking as MSIE is almost as good for us as an MSIE user. We are here for a reason. While some user might just want to browse, we want to propagate standards. The user has a right to control his software, but we have some right to try to achieve our goals, too. The user still has the source.. *g* Reason to change 2 Mozilla holds standards relatively high. We intentionally have no document.all, although that would probably be easy to implement and would dramatically increase compatibility. We chose long-term goals (standards-compliant web) over short-term goals (visit that crap site). I think we should do the same here. Proposed change In the C++ backend, in the pref processing code, search for MSIE-identifying strings like "MSIE". If the pref contains that, ignore the pref, i.e. use the standard Mozilla UA string. Impact That would prevent users from masking Mozilla as MSIE, but would still allow to mask as alternative browsers or write random nonsense in the string. Execution-time impact on non-users of the hidden pref is 0. Additional Comments It can be argued that masking as Navigator 4.x is not helpful for a standards-compliant web either. We might want to prevent that, too. The user still has e.g. Opera left to mask as different, relatively popular, standards-compliant and full-featured browser for security reasons. I fully expect this change to be controversial.
Assignee | ||
Comment 1•22 years ago
|
||
And discussion to the .netlib newsgroup, please.
When you say: "most users abuse the pref to mask as MSIE" I think what you mean is: "most users abuse the pref to _masquerade_ as MSIE" http://m-w.com/cgi-bin/dictionary?masquerade 2 : to assume the appearance of something one is not
Assignee | ||
Updated•22 years ago
|
Summary: Disallow masking with MSIE user-agent string → Disallow masquerading with MSIE user-agent string
Comment 3•22 years ago
|
||
Shill pointed this bug out to me because fixing this "bug" would invalidate the workaround for bug 145177. Although the workaround might work even if the useragent string would be Netscape, this might not be the case next time. <rant>I belive that hardcoding something that can be a preference is a step back for Mozilla. If people manage to 1) create a user.js 2) find the appropriate pref key 3) knowing the value they want to set, I think they should be able to do so. Isn't mozilla all about choice ;-) </rant>
Assignee | ||
Comment 4•22 years ago
|
||
> Shill pointed this bug out to me because fixing this "bug" would invalidate the
> workaround for bug 145177.
Well, that was part of the idea, yes. Most people don't care about bugs, if
*they* have a workaround, but users won't. The whole idea of dogfood is to
suffer from the same bugs as users, so that you care for them to be fixed.
Anyways, I'll mark this wontfix for now, from the feedback on .netlib.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•