Real.com Website

[GµårÐïåñ]

I was wondering if anyone has experienced the following issue with the Real.com website where having the site disabled will load NOTHING. I find it unusual that ANY site wouldn't have the ability to show something even without JavaScript and other embedded media in it. Especially that I KNOW real.com is NOT entirely Flash based on anything like that, so I am wondering if anyone, especially Giorgio can shed some technical light on this matter.

Here is the screenshot of what I see when I go there and I know there has to be more to see without enabling JavaScript on the site. Thank you in advance.



I did some digging on my own but I could use a few more eyes and perspectives on this. Thanks.

[Tom T.]

AdBlock shows nothing blockable in the NS lockdown mode, meaning no images or anything else trying to load. It's the RealPlayer site, so at the risk of being too elementary, I would say they simply chose to write their entire site with JavaScript etc. As soon as you TA real.com, most of the page loads and AdBlock shows lots of blockable stuff, then you could allow the rest if you wanted. Yes, I have run into one or two other sites like this. Ridiculous, IMHO, but that's what some devs think is a cool site.

[GµårÐïåñ]

This is seriously asinine development to make the whole site pure JS. That is supposed to add refinement and quality to the code and make it better, not replace it and basically make it crippled like this. This sucks.

I did some digging into the code using Firebug and a few other editor/inspector tools and I found quite a bit of true html, so I don't get why nothing would show at all, I mean something should. Any other ideas as to why it might be doing this?

[Tom T.]

This is seriously asinine development to make the whole site pure JS. That is supposed to add refinement and quality to the code and make it better, not replace it and basically make it crippled like this. This sucks.

Absolutely, but unfortunately, it seems to be the way the Net is trending.

I did some digging into the code using Firebug and a few other editor/inspector tools and I found quite a bit of true html, so I don't get why nothing would show at all, I mean something should. Any other ideas as to why it might be doing this?

Simply viewing Page Source shows that the page starts right off with:

Code: Select all

<html>
<body>
<script language="JavaScript">

Every time one script ends, another begins:

Code: Select all

</script>
<script LANGUAGE="javascript">
<!--
setChip("has-player", hasRealPlayer());
// -->
</script>
<script LANGUAGE="javascript">

Incidentally, much of the scripting seems to be sniffing whether you have RealPlayer, what version, which plugins, etc. -- exactly the kind of thing we discussed about NS version sniffing. So if this is the way it's done and the result, yes, I'm very glad that we didn't go that way.

Continuing down, it just goes from one script to another:

Code: Select all

</script>
<OBJECT ID="IERJCtl" WIDTH=0 HEIGHT=0
CLASSID="CLSID:A5DC33CE-214B-4c26-8596-8A45456C9EB8"></OBJECT>
<script language = "JavaScript">

Here's the only place I saw, at a brief glance, that wasn't entirely inside script tags:

Code: Select all

</script>
<link href="/includes/bindata.html" rel="stylesheet"
type="text/css">
<script language="javascript">

And then it ends:

Code: Select all

</script>
</body>
</html>

So yeah, written in pure JS -- and pure BS, I agree.

[Alan Baxter]

http://noscript.net/faq#qa3_17

[GµårÐïåñ]

@Alan, not exactly what I was having trouble with but thank you. I was curious as to why the page is not loading AT ALL. I harvested its code, stripped the JS and it loads fine locally, so I am trying to figure out why it won't get that far.

@Tom, I know the web going that way but not to the point of crippling function. As far as the sniffing part, its not the problem and it gets a bad rap, there are millions of sniffs just designed to load the proper CSS and this and that for which browser you are using, which version to see if its compatible with a technology or use an alternative.

I personally don't see where people get the idea that sniff=bad, like if someone were to ask you for id to let you in the bar or not, its only practical to weed out the underage. Anyway, maybe I just see it differently being a programmer, I am not sure, for me its function not intrusion as the information you are sniffing is not being hacked away from the user, or stolen, or extorted from them, its being disclosed freely by the browser they are using. Why do you think we edit our useragents, block headers, and referrers, because we CHOOSE not to give that information, otherwise to grab something that is already there is just...is.

Anyway, thank you both, I guess I will have to keep banging my head until I figure this out. I just thought I throw it out there just in case someone had already figured it out. Thank you all.

[Tom T.]

http://noscript.net/faq#qa3_17

JavaScript links auto-detected on an otherwise empty page

It was more fun figuring it out for myself.

[Tom T.]

@Tom, I know the web going that way but not to the point of crippling function.

I didn't say I liked it, just made the observation that that seems to be the trend. I hate it.

As far as the sniffing part, its not the problem and it gets a bad rap, there are millions of sniffs just designed to load the proper CSS and this and that for which browser you are using, which version to see if its compatible with a technology or use an alternative.

Understood, but in this case, *the entire page* was JS, and much of it was this sniffing, leaving only an empty page. E. g.,

Code: Select all

function winIE5upPlyrDetect(){
var player;
var iectl;
try {
iectl = new ActiveXObject("Shell.Explorer");
}
catch(e){
}
try{
player = new ActiveXObject("rmocx.RealPlayer G2 Control.1");
playerVersion = (player.GetVersionInfo());

Find out if you have this, and if so, load some ActiveX junk; find out if you have that, then do something else... We go to pages to *get* information, but this one takes 100% and gives none. Extreme case, but it's what gives it a bad name.

for me its function not intrusion as the information you are sniffing is not being hacked away from the user, or stolen, or extorted from them, its being disclosed freely by the browser they are using.

What percent of users have any idea how much information they are giving away? Very few, in Average-Land. So they can't possibly give informed consent. Just like most don't know how many scripts are being loaded, or from where. 45 million NS users out of how many global users? A billion? Two billion?
I think our different POVs are that you're a developer and I'm an extremely privacy-sensitive user. I know that's a losing cause:

"You have zero privacy now. Get over it."

- Sun Microsystems CEO Scott McNealy, January 1999,

But I do what I can.

Anyway, thank you both, I guess I will have to keep banging my head until I figure this out.

I thought Alan's FAQ (and my display lol) pretty much answered why nothing else displayed, but if you discover something else, I'm sure it will be interesting to all. GL.

[GµårÐïåñ]

I suppose but you know why I had to ask, time is a luxury I don't have lately and figured I might pick your brains to help me along Thank you both, really. I just hope if it is something I am overlooking that hasn't been discussed already, maybe Giorgio, therube or the rest of the users will chime in and offer some assistance. Otherwise, on my own it is

I didn't say I liked it, just made the observation that that seems to be the trend. I hate it.

I know you didn't silly, I was just saying I hate that they would be stupid enough to pull this crap, I mean its idiotic.

Understood, but in this case, *the entire page* was JS, and much of it was this sniffing, leaving only an empty page. E. g.,

Find out if you have this, and if so, load some ActiveX junk; find out if you have that, then do something else... We go to pages to *get* information, but this one takes 100% and gives none. Extreme case, but it's what gives it a bad name.

Yeah and I think that might be what's killing it, instead of sniffing and moving on regardless, its sniffing and sniffing and looping into a never ending going no where idiocity. Agreed, it takes and never gives back, its almost like the crap dell called a redesigned website for a while that was so broken it got hijacked like so many times they had to shut it down and notify the DFS customers.

What percent of users have any idea how much information they are giving away? Very few, in Average-Land. So they can't possibly give informed consent. Just like most don't know how many scripts are being loaded, or from where. 45 million NS users out of how many global users? A billion? Two billion?
I think our different POVs are that you're a developer and I'm an extremely privacy-sensitive user. I know that's a losing cause:

BECAUSE I am a developer I am a privacy nut and take time to learn and make adjustments to cover my butt. Unfortunately people truly don't know how much they are giving away. I mean just the useragent, headers and post information is often enough to violate someone. I mean we have fun by customizing and spoofing our headers so when some geek is looking at the logs they get something funny, like I have mine on one machine "I'm a little green alien who escaped from area 51, wanna play?" I have gotten so many people who know that's me come to me and say they saw it in the raw server logs and it made their day. So on and so forth. I mean I even added the information I was pushing for in my own useragent and figured the rest can decide for their own I guess. Even with NS and all the blocking in the world, just your access to someone's webserver is giving up so much information about you, its ridiculous, unless you know how to trim it down to something pretty sterile.

I thought Alan's FAQ (and my display lol) pretty much answered why nothing else displayed, but if you discover something else, I'm sure it will be interesting to all. GL.

Your post and Alan's were wonderful and absolutely helpful, I thank you thoroughly for it. I just refuse to believe that a site can be this truly dysfunctional, so I guess I am just trying to find a shred of good in the possibility that I missed something, which I will share of course if I figure out. In the meantime, I thank and appreciate both of your assistance and I am fairly firm in the belief that it did address it. My apology if my persistent appeared to suggest otherwise, I am just hoping its something of a glitch that can be overcome somehow. That's all, wishful thinking I guess.

[Tom T.]

I just refuse to believe that a site can be this truly dysfunctional...
I am just hoping its something of a glitch that can be overcome somehow. That's all, wishful thinking I guess.

I've seen many others that are this dysfunctional (like the Ford site quoted in FAQ as an example of this).
The only glitch is in the dev's brain. Yes, wishful thinking to hope that that can be overcome.

[GµårÐïåñ]

I've seen many others that are this dysfunctional (like the Ford site quoted in FAQ as an example of this).
The only glitch is in the dev's brain. Yes, wishful thinking to hope that that can be overcome.

I know, I have seen many but usually not something that bugs me THIS much, I mean they expect people to download the stupid player and many need it or have to go get it and then I get the constant, why is this coming up like this and that and I am like, just allow it and move on and they say what if this was something that was malicious you said no allowing unless I trust them, I don't trust Real. And I am sitting there thinking, I have to agree in spirit to that, they are right, this is asinine. So I figured if I can find a bypass to it without having to tell them to temporarily allow, then good, if not then I guess I risk the user getting into the habit of temporarily allow to make it work without thinking properly through the whole, am I sure I want to do this mindset. Anyway, did anyone notice how Dell has a script specially designed to cripple the function of Firebug? I mean seriously, who wants to steal their crappy code anyway that they want to block you from seeing it. I mean seriously? I just adblock it and viola, good to go