Closed Bug 99041 Opened 23 years ago Closed 22 years ago

skandiabanken.se - unusable due to bad javaScript

Categories

(Tech Evangelism Graveyard :: Other, defect, P1)

Product:
Tech Evangelism Graveyard
Component:
Other
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: erl, Assigned: tristan)

References

(
URL
)

Details

(Whiteboard: [PROPRIETARY-DOM][LAYER])

Swedish bank Skandiabanken is unusable due to bad javascript code that causes mozilla to fail (but Netscape 4.7 works). See the URL for their demo bank. Moving the cursor to the menus at the top gives the message: Alert: Toppmenyn initialiseras. Försök igen om någon sekund. (Translation: Top menu is being initialized. Try again in a second or so) However waiting does not help. The javaScript console contains many errors like: Error: document.layers has no properties Source File: http://demo.skandiabanken.se/SKBSecure/control.asp?stamp=2001%2D09%2D10+11%3A20%3A07 Line: 1109 Error: strParse has no properties Source File: http://demo.skandiabanken.se/SKBSecure/control.asp?stamp=2001%2D09%2D10+11%3A20%3A07 Line: 701 Error: top.main.document.layers has no properties Source File: http://demo.skandiabanken.se/SKBSecure/control.asp?stamp=2001%2D09%2D10+11%3A20%3A07 Line: 991 and more. My guess is that this is due to the difference between javascript parse error handling between Mozilla and old Netscape (described in bug #91018). I don't know JavaScript, nor do I know how to get this message through to the right people at Skandiabanken. I'd appreciate help from an evangelist :-)
document.layers are evil. We don't do those. Definitely evangelism. On a side note: If you block cookies you can't even load the site. It sends you a file to download. Which sucks.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [PROPRIETARY-DOM][LAYER]
*** Bug 100031 has been marked as a duplicate of this bug. ***
Component: European → West Europe
QA Contact: momoi → caillon
Summary: skandiabanken.se unusable due to bad javaScript → skandiabanken.se - unusable due to bad javaScript
As a workaround you can use the old version of the website by checking "Gamla banken" or something as you log in. You can't however access all services through that version, so that's not a long term solution.
BTW, I have e-mailed them (webmaster@skandiabanken.se) twice about this, once for 0.9.3 and once for 0.9.4, and gotten ignore both times. Usually they are very responsive at their webmaster address, so I don't really know why they are not responding (at least to me) regarding this specific issue. Maybe somebody who knows what the exact problem is (personally I can just tell something is broken) would have better luck?
Could not access this website. Putting priority to 1. NS 6.2 2001092905094.
Priority: -- → P1
If the URL doesn't work for you, try this one instead: http://www.skandiabanken.se/Demo/DemoLogOn.asp Then click "Logga in".
Accepting bug. Sent message to webmaster via feedback form. Copy sent to webmaster@skandiabanken.se
Status: NEW → ASSIGNED
Received message from tobias.gustafsson@skandiabanken.se , CCed to per.lundkvist@skandiabanken.se and markus.pohjanen@skandiabanken.se . <<my name is Tobias Gustafsson and i´m project manager for the team developing the webbapplication of SkandiaBanken. Right now we are looking over the possibilites to adjust our wabapplications to be compatible with your new generations of webbrowsers, Netscape 6. We are happy that you are willing to help us. There are a few things we have questions about before starting adjusting our site. Therefore please send us information about following tasks : - Security, certificates, SSL and which systems/OS will confirm to our high demands? - Will all your versions of Netscape 6 implementation, regarding systems/OS, behave equivalent accordning to DHTML? - Will Netscape 6 be released for handheld devices as well? - Are you following W3C's recomendations regarding HTML, DOM, XML and so on? We are looking forward to your response regarding Netscape 6. But we would also be very glad if you could give us information on what happens when initializing HTML-frames under SSL in netscape 4.xx. The padlock in the bottom-left corner is unlocking itself during this event. The information you get when clicking the padlock says the page is secure. Can you confirm that it really is and that the unlock of the padlock-symbol then only is a graphical bug? We would also be very glad if we could keep up correspondance with you regarding your products. Regards -> finding answers with devsupport-team
> - Are you following W3C's recomendations regarding HTML, DOM, XML and so on? LOL! Well, actually it's an interesting - and unfortunately unusual - question coming from a "webmaster". Traditionally they just slap a "Best viewed with M$IE" logo on the site so they don't have to bother learning about W3C recommendations. Nice hearing from them.
Sent answer to their questions to the 3 people at the bank (Tobias, Per and Markus). Hopfully we will move fast on this one. Setting target to december.
Target Milestone: --- → Dec
The december target seems to have been missed :-( Has there been any further development wrt this bug?
Blocks: 124594
Still no solution for this? It's strange that the menus won't work when logged in at the bank, when the menus work when not logged in at all (menus directly at http://www.skandiabanken.se for example). When using MSIE these two sets of menus behave in exactly the same way (drop down).
The old version of the bank, the one that actually worked with mozilla, will be shut down permanently from may 16. I am offered a CD with navigator 4.7 and ie for free. Thank you very much Skandiabanken. Have you people at mozilla.org heard of the staff at Skandiabanken for long?
*** Bug 136516 has been marked as a duplicate of this bug. ***
Update: Skandiabanken now explicitly blocks "Netscape 6" from even trying to log on. Is anyone making an active effort to get them to add Mozilla support? Is there anything I (or others affected) can do to help?
Skandiabanken shall soon evaluate if Mozilla/Netscape 6 is a platform they shall support. They are conserned wether their certificate system will work on other browsers than IE/Netscape 4 and wether it will work with other systems than microsofts. Perhaps someone can show them what they (if possible) need to change in order to get their certificate system to work also on Netscape 6, since it does work on Netscape 4. I belive such information would solve this issue.
Before Skandiabanken blocked Mozilla access, it was possible to access the internet bank (going through all the certificate-verification process). To me it is therefore apparent that the certificates work with Mozilla. The only problems appeared after login, when their Javascript menus did not work. I do not feel sufficiently involved in the security aspects of Mozilla to be an authoritative reference to the Skandiabanken development team. Tristan: could you perhaps again reassure the Skandiabanken team about Mozilla's capabilities (as you did in November 2001) and give them a contact about security issues?
It seems that the JavaScript menus work now (at least in the "live" part of the site. The demo-site doesn't work.) I've also successfully managed to log in with the 1024bit certificate with "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826" and the Mozilla 1.1 RedHat RPMs. The 2048bit certifcate didn't work, haven't tried the 512bit one... Seems the bank works fine now.... Could someone else please confirm?
Negative. When connecting with "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1", I am still not allowed to log in nor obtain a cerificate. The page (still?) says (translated): ----- Important message concerning Netscape 6 You cannot use the Internet Bank with Netscape 6. The latest version of Netscape that works with the Internet Bank is Netscape Communicator 4.79. ----- The demo pages, which do let you in, fail as miserably as ever. Popups saying "an error occurred on this page" (in swedish).
Just rebooted and checked with Mozilla 1.1/Linux: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020827 .... and the pages seem to work... Could it be that something between 1.0.0 (which Björn is using, and failing with) and 1.1 got "fixed"? (And yes, the swedish demopages fail in linux too. The norwegian demopages seem to work fine, though.)
Confirming Björn's results in comment #19. I'm running a snapshot from august 14: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1b) Gecko/20020814 And I also get the message that the Internet bank can't be used with Netscape 6. Salve: Have you gotten the *swedish* Skandiabanken site to work with Mozilla? It looks to me like the swedish and the norwegian site (www.skandiabanken.no) behave differently in their login sections. The norwegian site immediately asks for a client-side certificate on a text-only page (https://www.skandiabanken.no/SKSecure/NO) whereas if I recall correctly, in the Swedish Skandiabank you get to a graphical page with tabs of a sort, where you can select to download your personal certificate. It would be interesting to ask the Swedish Skandiabanken people why the Norwegian Skandiabank supports Mozilla, but not the Swedish one. That should invalidate any excuses they have about Mozilla's features.
Yes, I'm using skandiabanken.no (don't think I'm allowed to log in to skandiabanken.se, and can't check until monday.) Can only confirm the JavaScript-problems seem to have been solved on the swedish site.
Yes, I get the "You cannot use the Internet Bank with Netscape 6." message too at http://www.skandiabanken.se/cert/internetbank.asp :-\
Skandiabanken also have a version for those with a visual defect on http://tal.skandiabanken.se/, but there they've put a server side deny.
By importing my exported certificate from NS4 and with the cooperation of uabar, I've now verified that http://tal.skandiabanken.se/ works OK with Mozilla 1.2a.
After some additional playing, it seems you can skip uabar (which is practical for me, using a site-installed Mozilla where I don't want to add uabar) if you go directly to https://tal.skandiabanken.se/sksecure/login.asp
According to a comment at http://gnuheter.com/article.php?sid=2080&mode=nested&order=2&thold=0 (in Swedish), this is currently being worked on and they think support will be there sometime during Q1/2003.
Confirming what is said at comment #27 : I have received a message from Skandiabanken <<we are happy to announce that we now have developed support for Gecko based browsers. We will have official support for Netscape 6 & 7 and accept other browsers that follows W3C recommendations.>> Setting target date accordingly.
Target Milestone: Dec → Feb
The message on http://www.skandiabanken.se/cert/internetbank.asp has changed to: "VIKTIGT MEDDELANDE GÄLLANDE NETSCAPE 6 & 7. Du kan i dagsläget inte använda Internetbanken med din webbläsare, men från och med den 11 februari kommer det att fungera med Netscape 6 & 7." Which means: "IMPORTANT MESSAGE REGARDING NETSCAPE 6 & 7. You are currently not able to do Internet banking with your webbrowser, but from the 11:th of Februarary, this will work"
Since today their web site works for me using Mozilla 1.3beta / Linux and Netscape 7.01. It does not work for me using Mozilla 1.2.1. The web pages aren't using W3C HTML, but in an e-mail from one of their webmasters they claim to be moving more and more towards W3C's "recommendations". I don't know about others, but as far as I'm concerned, this is RESOLVED/FIXED.
Confirming that the site now works with Mozilla 1.0.2, 1.2.1 and 1.3beta on Win98. The menus now work like they did with Netscape 4. Johan, is 1.2.1 failing for you because of a missing certificate? See bug 182607. Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
v
Status: RESOLVED → VERIFIED
move...
Component: Europe: West → Other
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.