lynx-dev JavaScript only sites [www.nai.com] (was: PROBLEM TO USE A SITE)

[David Woolley]

> >"Scripting is disabled. If you want to use the site, you must enable
> >it". How could I solve this problem? If it is not possible, could you
> >try to enhance Lynx to allow me to use www.nai.com?

This has been discussed many times, but basically to do it properly is a
major job, which makes it difficult for a project that is maintained by
volunteer effort.  You either have to have lots of heuristics for common
Javascripting tricks (and maintain them as the tricks change over time)
or you have to re-implement the IE document object model, or simulate
it on top of Lynx's internal object model.

It's almost certain that producing a text only version of Mozilla would
be a better technical approach.

However, if the site is who I think they are, I can't imagine that they
have no US federal or state governmental organisations as customers.  A
more effective approach might be to approach the contract compliance
officers in various places in the USA and point out that the site is
violating the W3C Web Contents Accessibility Guideline that sites must
provide alternatives for browser without scripting - we don't want to
do business with you is only an alternative if "you" means the whole of
the US public sector.  For details of the WCAG, see http://www.w3.org/WAI/.
(Contract compliance tends to be based on priority 1 requirements; I
hope the scripting one is priority 1, but I'm not sure and am offline
at the moment.)

In my view, such pages are not really HTML, although they are
unfortunately quite common, and UK content providers don't care,
because the number of people who run non script browsers is commercially
insignificant (that could mean as much as 20%, but is actually much less)
and the number of people aware of the security risks is also negligible.
NAI ought, themselves, to be aware of security issues!

At least you didn't get BT's (www.bt.com) page not found page, which is
completely blank without scripting and might not even have an HTTP
error status code.  Their response was upgrade, but I was already using
IE 5.01, but with scripting off for security reasons!

(Scripting is theoretically safe, but many holes have been found in IE's
scripting security over the last year, and many people probably have
not applied the critical updates that fix them.)

PS I've now checked some things:

- NAI are who I think they are;
- alternatives to scripts are a priority 1 requirement;
- the scripting on the site is broken (NS 4.05 generates an error message,
  which is clearly an error in the script).

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden