- NN6+ not supported, server-side block



Tech Evangelism Graveyard
English Other
17 years ago
3 years ago


(Reporter: David Woodhouse, Assigned: Tristan Nitot)



(Whiteboard: [deny], URL)


(2 attachments)



17 years ago
First, disable TLS. Ponder briefly whether Mozilla ought to be able to detect
the fact that the server it's talking to doesn't support TLS and do this for
itself, or whether Mozilla should default to having TLS turned off if it can't
do that auto-detection.

Now point Mozilla at the above URL. Observe the JavaScript errors which result.
JavaScript error:
line 93: storage is not defined

JavaScript error:
line 111: applet has no properties

JavaScript error:
line 141: has no properties

Now click the 'log in' button, which fails as follows:

JavaScript error:
line 23: form.elements[varName] has no properties

Are these just non-portable JavaScript on the part of the authors, and if so,
what recommendation should I make when reporting it to them, other than "Please
make it work with Mozilla"? Or are some of them actually bugs in Mozilla's
JavaScript implementation.

Note that if you get this part working, you'll need to install the
NWGOUtility.jar on your classpath to get the actual service to work, in the
absence of softupdate. See for information.

Comment 1

17 years ago
Boooh this site is hell itself to debug.
Anyway I see the following problems :
* <script Language="VBScript">
*; That's the very first line
of javascript code. I'm guessing they are forgetting the getElementById or
contentDocument somewhere (but please note i'm no DOM guru).

Reporter, sorry I can't tell you exactly what is wrong, but it is most probably
a problem on their website, since our javascript engine is pretty much as good
as it can be.

Comment 2

17 years ago
If I go to the URL above, Mozilla never displays the page. CPU usage is around
90% all the time and after a minute it was using 150MB of RAM (Windows Task

Mozilla 2001011820 on Windows 2000 SP1.

Comment 3

17 years ago
After visiting the frontpage of this bank, I can tell you that Mozilla don't
support document.all (line 875 Also there browser sniffing is
way out of date. This 'new' site really needs to be updated in order to get
Mozilla and Netscape to work on this site because now they support MSIE ONLY!

Fabian, I think that 'Vbscript' should be no problem for Mozilla because it
should ignore this script type.

NOTE: Netscape 4.76 is also NOT working on this site!

Comment 4

17 years ago
forgot to mention that the browser sniffing is checking for Netscape 4.6 up on
Mac also!

Comment 5

17 years ago
The site works with Netscape 4.76 (4.76 [en]-20001006) for me. What problem did
you encounter? Sometimes, an installation of netscape fails to correctly go
through the softupdate stuff on the front page, for reasons unknown to me. This
is fixed by either putting the NWGOUtility.jar on my classpath and going
directly to the login URL I quoted, or by rm -rf ~/.netscape and trying again.

It always works for me with an empty ~/.netscape directory, and once it's done
so, it continues to work. Go figure :)

I don't know JavaScript at all, but it appears to correctly determine that we're
a version of Netscape newer than 4.6, and set is_js to 1.4. But then it tries to
use netscape.softupdate, which doesn't work. I've put the JAR file on my
classpath and gone directly to the login URL, which is what I used to do with
Netscape too, till I worked out that a clean setup would work correctly.
Looking over the javascript, it looks like the problem is the use of things like
top.header to refer to a different frame ("header" is the name of the frame, not
even the id).  I don't believe this is a valid code construct.

In any case, this is not an engine bug.  Reassigning to the DOM0 component for
further triage.
Component: Javascript Engine → DOM Level 0

Comment 7

17 years ago
Setting default owner and QA - 
Assignee: rogerl → jst
Ever confirmed: true
QA Contact: pschwartau → desale

Comment 8

17 years ago
For those who would like to try this bug: it is important to disable TLS
in Tasks|Privacy and Security|Personal Security Manager|Advanced|Options 

Otherwise, you will receive no content from this server in Mozilla/Netscape6.

Comment 9

17 years ago
To shed light on the "line 93: storage is not defined" error, here is part of 

<SCRIPT LANGUAGE="Javascript">
function loadMain()
  storage.set("YahooURL","");                       <<<<<<<<<<<<<<<<<<<<<<<<

<FORM method=post name=PKISTRAPFORM> 


<applet code="SMapplet.class" codebase="classes/" width=0 height=0 name=storage>


So the question is, does the Mozilla DOM allow access of the element
named "storage" by simply doing "storage.set" above ???

As for the "line 111: applet has no properties" error, here's part of

 <script language="javascript">;  <<<<<<<<<<<<<<<<<<<<<<<<


function register(form)
 goblinid=applet.get("goblinid");                   <<<<<<<<<<<<<<<<<<<<<<<<


So again, is this proper DOM access? 

"line 141: has no properties" error: 



function createSignData(signText, signature, form,SessionId,GoblinId)
  var varName;
  var data="";
  var sig="";
  var i;
  var i2 = 0;
  var siglength = 0;

  while( (i = signText.value.indexOf('#', i2)) != -1 )
    data += signText.value.substring(i2, i);
     i2 = signText.value.indexOf(' ',i);
     if(i2 == -1)
       i2 = signText.value.length;

    varName = signText.value.substring(i + 1, i2);  <<<<<<<<<<<<<<<<<<<<<<<<

    data += form.elements[varName].value;           <<<<<<<<<<<<<<<<<<<<<<<<
    i = i2;


Again, is this proper DOM access?  

Comment 12

17 years ago
Oops, copy and paste: my third code snippet at 2001-01-19 16:13 above is meant
to illustrate the "line 23: form.elements[varName] has no properties" error ...


17 years ago
Whiteboard: [Note minor copy/past error explained at 2001-01-19 16:21]

Comment 13

17 years ago
The SMapplet.class to which it tries to refer as 'storage' may require the
NWGOUtility.jar to be installed on your classpath. The softupdate stuff on the
site's front page was supposed to have installed that for you, but you'll have
to do it manually, as Mozilla doesn't support softupdate.

It'll almost certainly require Java :) I'm using the JVM for Netscape 6 to which
I was automatically taken when I first encountered a Java applet in Mozilla.

Comment 14

17 years ago
I have seen that browser sniffing is working from the startpage of this site,
but not from the other pages. But that seems to be normal.

Comment 15

17 years ago
Dunno whether to add this here or as a separate bug - but doesn't work with Mozilla either, although it does with
NS4.76. It's probably broken javascript on their part, but they seem fairly
clueless - can we help out and give them a clue how to fix it?

Comment 16

17 years ago
The one looks different - it doesn't like the use of 'document.all'.

Searching Bugzilla for this shows that document.all is a BadThing(tm). Is the
right thing to change document.all[xxx] to document.getElementById(xxx) ?
I don't have the time to dig into what the problem is here so unless someone can
create a minimized testcase that shows what the problem is here this won't get
any attention untill later, trying for mozilla1.0
Target Milestone: --- → mozilla1.0
Keywords: dom0

The new system (just become available to those in the Customer Focus group) IS
NOW WORKING on Mozilla nightly builds.

This is wonderful news -- it's time to close down my old Netscape 4.7 for good
-- perhaps. My bank was the only reason why I had to keep the old closed-source
code around.

I have already sent them a note from me, as a happy Mozilla nightlies user,
mentioning that their system seems to work for me so far.

Comment 19

17 years ago
Bah. It says:

   Incorrect Address  

   You have used the web address, which has recently been 
   withdrawn. To use NatWest OnLine Banking, please visit
   and then click on the OnLine Banking link.

Doing as it suggests takes me back to the original (broken) version.

Comment 20

17 years ago
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 
(you can query for this string to delete spam or retrieve the list of bugs I've 
Target Milestone: mozilla1.0 → mozilla1.0.1

Comment 21

16 years ago
natwest have updated their code anyhow, so this is pretty much no longer valid.
They are also denying access to mozilla browsers, so this is untestable (unless
you spoof ua, and that can cause unexpected results). See bug 66911

+1 on resolve later.
Hmm, over to Evangelism then...
Assignee: jst → momoi
Component: DOM Level 0 → English: Non-US
Product: Browser → Tech Evangelism
QA Contact: desale → jonrubin
Target Milestone: mozilla1.0.1 → ---
Version: other → unspecified

Comment 23

16 years ago
moving to eu-west
Component: English: Non-US → Europe: West
QA Contact: jonrubin


16 years ago
QA Contact: caillon

Comment 24

16 years ago
This should go to nitot since this is an UK issue.
Updated the URL to
A pop up window says upon access that they are currently testing Netscape 6
browers whether you access it with NS 6 or Mozilla. Please inform the site 
that they can deal with Gecko browsers of the same version in the same way.

Assignee: momoi → nitot

Comment 25

16 years ago
firstly, this bug doesn't have any stuff in it, just so 
we'll stick with that.

Given that there is another bug for the deny issues, and that this one can't 
possibly be fixed or verified until the deny issues are sorted out, i'm going 
to have it block the other one.


16 years ago
Depends on: 66911

Comment 26

16 years ago
Setting P1.
Priority: -- → P1

Comment 27

16 years ago
-> updating
Summary: "This JavaScript don't work" - sorry :) → - natwest js/dom issues
Whiteboard: [Note minor copy/past error explained at 2001-01-19 16:21] they are ip to 4.78.
Could someone try 4.79 ? ;)
we get redirected to a deny-page :(
Whiteboard: [deny]

Comment 30

16 years ago
I bank with Natwest and put my concerns (including the likelyhood of more users
being affected by browser sniffing to stop gecko based browsers if AOL employ
gecko in future).

Sadly the response - from general customer relations - was not too positive. The
reply included ' There are no definite plans at present to support Netscape 6 or
7, although the comments that you made have been taken forward and will form
part of our discussion for future enhancements to the service.'

I think it's the only think I have to load up an ancient browser for now as even
MS hotmail works reliably in mozilla. There cannot be security reasons for not
supporting gecko based browsers when they support 4.0 based options that have
had security issues addressed as part of upgrades.

The banks  homesite has been saying that they are evaluating netscape 6 for over
a year now as well.

Comment 31

16 years ago
Gavin, you can use it with Mozilla -- you just have to tell Mozilla to pretend
to be Netscape 4.

Of course, since Mozilla still lacks konqueror's functionality to do this
per-site, you end up just doing it at all times, not showing up as Mozilla in
peoples server logs, and making the problem worse in the long run.

Comment 32

16 years ago

This bug is clearly no longer valid. Can someone close this and open a new bug
dedicated to pushing Mozilla compatibility to Natwest (or update this bug's
ummary). Curently, this screen is shown when you try to log in:

Service Denied:

Reason: Unsupported Browser

The version of the internet browser you are using is not supported by NatWest
OnLine Banking. Please use one of the following browsers:

    * Internet Explorer Version 4 or above
* Netscape Navigator 4.08 to 4.78 (inclusive)

These browsers can be obtained from or

I will send them a letter now

bug updated.
Keywords: dom0
Summary: - natwest js/dom issues → - not supported
updating summary. btw, is it still Linux only ?

bugscape bug for those interessted :
Summary: - not supported → | - not supported
Complaints about lack of access via Gecko can be sent to

I would encourage all NatWest customers to contact this address, so they realise
that they need to support Gecko.

This problem applies to all platforms.

Should the site be split off into a seperate bug? works
fine as far as I can see, apart from the alert() when you first enter the site.
Severity: normal → major
OS: Linux → All

Comment 36

16 years ago
no, because this bug is about natwest blocking gecko.

Comment 37

16 years ago
It does work fine when the UA string is changed - I don't see how exactly the
browser sniffing works. More contact details below:

Postal contact info: 
Natwest Online Banking 
Customer Helpdesk
PO Box 1100
Central House
Otley Road
Phone: 0845 5050789
I have just received this email from Natwest, further to my complaint:

Dear Mr Thomas

Thank you for your message received through our web site.

I am sorry to learn that you are experiencing difficulties in accessing
NatWest OnLine Banking. The service has been designed to work on systems
that meet the following specification:

PC customers 

*	An IBM compatible PC with a 486 processor, or higher 
*	Windows 95, Windows 98 or Windows NT 4, Windows 2000
*	16mb RAM (Windows 95 / 98) or 24mb RAM (Windows NT) 
*	Internet Explorer version 4.0 with service pack 2 to 6.0 or Netscape
Navigator version 4.1 to 4.78 
*	A modem with a recommended speed of 28.8 kbps or greater 
*	Screen resolution 800 by 600

Apple MacintoshTM customers 

*	An Apple Macintosh with a Power PC processor and MAC operating
system of 8.0 or later, excluding OS10 
*	A minimum of 24mb of RAM 
*	A browser, Netscape Navigator/Communicator 4.61 to 4.78 or Internet
Explorer 4.5 or 5 
*	A modem with a recommended speed of 28.8 kbps or greater 

Whilst some of our customers are occasionally able to access the service
using systems outside these specifications, we are unable to offer support
if they experience difficulties. Recent changes to the service have been
part of a much larger process within Natwest. Once all these enhancements
are in place we shall be able to adopt a more innovative approach to banking
products and services. In the meantime, a consequence is that we are
currently unable to change the specifications for systems that we support.

I assure you that we are committed to providing a first class Internet
banking service and will extend the list as soon as we are able.

Yours sincerely

K Gill

Comment 39

16 years ago
Here are excerpts from a snail mail letter they (very speedily) sent after my

...I am sorry to learn of your disappointment with our service and would like to
address the issues you raised...

We wrote to you recently advising of forthcoming changes to our service....

A consequence of introducing these changes has been we have been unable to
extend the list of browsers we support. However, once all teh planned
enhancements are in place we shall be able to adopt a more innovative approach
to banking products and services and shall look to extend teh list of browsers
as soon as we are able.

Comment 40

15 years ago appears to be dead.
Hardware: PC → All
Summary: | - not supported → | - not supported, server-side block

Comment 41

15 years ago
All the NatWest bank sites use Internet Explorer specific coding so many links
within their sites simply don't work in Mozilla.

Go to  All the links here work but on any page thereafter
they mostly fail.  Definitely an evangelism issue for one of the UK's big four
banks.  In some cases their use of out dated browser sniffing denies access to
pages that would otherwise work :-(

It's now part the Royal Bank of Scotland group so no doubt the issues go wider.

Comment 42

15 years ago
It seems that NatWest have now redesigned It looks a lot
better, but very few links actually work in my copy of Mozilla (1.3)! NatWest
Online Banking hasn't changed though.

Comment 43

15 years ago
Also, on Natwest home page:
Error: window.event has no properties
Source File:
Line: 108
Summary: | - not supported, server-side block → - NN6+ not supported, server-side block

Comment 44

15 years ago
I sent a message to Natwest last week, and received this just now:

  As you are aware, at present Online banking only support browser(s),
  Netscape 4.08->.78. and Explorer, as these were the most widely used
  browsers when online banking was set up.  The Online department is working
  towards supporting other browsers, but no specific time scales can be given
  for when this will happen.  I apologise for any inconvenience that this
  matter may cause you. 
I thought I've read that before somewhere....
depend? That's a dup!

*** This bug has been marked as a duplicate of 66911 ***
Last Resolved: 15 years ago
No longer depends on: 66911
Resolution: --- → DUPLICATE

Comment 47

15 years ago
As an end user theres not much more I can do. I have move moved my savings
account; I have e-mailed, written and phoned the site. It is a pathetically
backward looking bank that decides 1990 browsers are likely to have fewer
security problems than those designed in the modern day.

What is really sad is that the UA spoofing techniques work on their site - so it
is not their laziness to change a mass of code. Just one or two lines stop
mozilla being accepted.

Barclays seem to be a UK bank that is gecko-friendly, and my parents clain to
have had no problems with Halifax (although I thought HBOS and Natwest were
linked.) But it does seem really sad to have to change bank because they will
not support browsers developed in the last five years.
Two lists of bank which do/don't support mozilla or other browsers:
New Component
Component: Europe: West → English Other
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.