views:

67

answers:

4

What I would like to do is have a text input with the question "what browser are you using" above it. Then when a form is submitted, I'd like to compare their answer to their User-Agent HTTP header.

I'm a little stumped on how to reliably make this work though.

I could ask them to spell it out instead of using acronyms like IE or FF, but Internet Explorer uses "MSIE" as its' identifier doesn't it ?

Another thought I had was to keep a pool of User-Agent strings, then present them with a select element that has theirs inserted randomly among 4 or so other random strings and asking them to select theirs. I fear non-tech-savy users would bungle this enough times for it to be a problem though. I suppose I could use some logic to make sure there's only one of each browser type among the options, but I'm leery about that even.

+6  A: 

Why would You want to ask user about its User-Agent?

Pulling appropriate http header - as you've mentioned, should be enough.

But if you need that badly, I'd go for

  • regular expressions - for checking http user-agent header and cutting out unimportant info from that header
  • present possible match based on the previous step
  • ask user if the match is correct, if not, let him enter its own answer
  • then I'd try to match what he entered to some dictionary values, so as to be able to enter IE and MSIE and get the same result.

The above seems vague enough :) and abstract, maybe you could provide an explanation - why you want that? maybe there is some other way?

Marcin Cylke
+1  A: 

Remember: The client sends the HTTP header and potentially the user can put anything in User Agent. So if you want to catch people who "lie about" the browser they are using, you will only catch those who cannot modify the HTTP header before they send it.

Brian Rasmussen
Not really looking for liars so to speak, just "visitors" which are incapable of learning how to deal with a new field on the fly.
joebert
@joebert: Okay then. I couldn't figure out what you were trying to do, so I just took a guess. Anyway, the point is: If it comes from the client it can't be trusted. You may still use it of course, but as I said it doesn't have to be the truth.
Brian Rasmussen
+1  A: 

You can neither 100% trust the user input nor the string that the browser sends in the HTTP headers...

Wouter van Nifterick
I know, everything is being sanitized. :)
joebert
+1  A: 

The obvious question is why you want to ask the user what browser they are using?

But given that:

a) Normalise the user string: lower-case, remove spaces, remove numbers?

b) Build a map between the normalised strings, and user-agent strings.

When you do a lookup, if the normalised string, or the user-agent string is not in the map, pass it to a human to add to the map with appropriate mapping.

Possibly you'll want to normalise the user-agent in some way as well?

Douglas Leeder
Well, user-agent strings are tricky almost to the point of being whacky. Different browser makers put other browser maker's brand name and version in alongside their own. You basically need to know which browser authors each one by trying it or better yet looking up in a comprehensive cross-reference document.
JohnnySoftware