Saturday, January 20, 2007

Designing IE Exclusive Sites Is Counterproductive And Puts Your Visitors At Risk

By Coenraad De Beer

Ever came across a notice reading: "This site has been optimised for Internet Explorer" or "This page requires Internet Explorer?" Did you ever have trouble opening a specific page and when you sent a complaint to the web master, you got a blunt answer: "Please ensure that you are using the latest version of Internet Explorer when visiting our site." So many web designers still use this outdated practice of designing web sites exclusively for Internet Explorer (or any other browser for that matter).

Excuse me for being so forthright, but designing a web site exclusively for a specific browser is downright stupid. The time when the Internet was monopolised by a single browser is long over. Internet Explorer, Firefox, Opera and Safari are some of the most popular browsers used by surfers today, with Internet Explorer and Firefox taking up the biggest part of the browser market share. It is a dreadful Internet marketing mistake and you loose thousands of visitors by focussing on one specific browser and shutting out the rest. But choosing the wrong browser does not only have economical effects on your web site, it also puts the security of your visitors at risk.

The history of Internet Explorer has been plagued by security flaws and rendering bugs. Many web designers know how hard it is to display a perfectly coded site correctly in Internet Explorer. A site may display beautifully in Mozilla Firefox, but may appear completely broken in Internet Explorer. The rendering bugs in Internet Explorer require clever tricks and "hacks" to work around them. This means double production time when developing a web site. You first need to develop the site in general and then test it with Internet Explorer to see where you need to employ these workarounds. By restricting your visitors to Internet Explorer only, you force them to use an insecure browser and you waste your time by patching its rendering flaws with clever workarounds. Who knows, a rendering flaw may be exploitable and you are promoting those flaws by forcing your visitors to use a browser that is the direct cause of the rendering problems of your site. By working around these flaws you may even make it easier for hackers to exploit them. I know I am exaggerating a bit, but I will feel much safer using a browser without these rendering issues. At least I know there is no chance of exploitation.

Another thing is the basic HTML coding errors that are automatically fixed by Internet Explorer. I have seen inexperienced web developers spending hours developing a web page, experiencing no problems when displaying it with Internet Explorer, but suddenly encountered difficulties displaying the page in Firefox. Firefox is not there to cover up for your mistakes, coding standards are there for a reason. Imagine developing a compiler for a programming language that has to fix common coding errors made by programmers. It is a complete waste of time and code, you can simplify the code of the program substantially by removing these useless error-controlling routines. It will make debugging much easier and faster. Why do you think does Microsoft take so long to get security flaws fixed, I reckon Internet Explorer has far more complex code than Firefox? You can cut your web development time in half if you test your web site in a browser like Firefox, which is far more compliant with W3C standards than Internet Explorer.

There is nothing wrong in "fixing" your web site for Internet Explorer visitors, you are only making your web site accessible to more users, without forcing them to use a different browser. But the whole irony behind "fixing" your web site comes down to fixing something that is not broken. A standards-compliant Cascading Style Sheet (CSS) must be amended with redefinitions of widths and heights to make your site compatible with Internet Explorer. When you run the style sheet through a CSS-validator, you will receive warning messages for a document that was actually 100% compliant before these changes. Some bugs are not always that easy to fix. For instance the transparency bug with Portable Network Graphics (PNG) files. You either must choose to keep the PNG files and live with the bug or convert all your PNG images to Graphics Interchange Format (GIF) files.

Every web designer must aim to develop a web site that is compliant with web standards, not a specific browser. An open source browser like Firefox supports most of the features in Internet Explorer and you can easily add functionality that is not supported by default, with the use of an extension. So this brings me only to one conclusion, web designers designing Internet Explorer specific sites are only spiteful. The only reason why you are unable to open a specific page, is not because your browser does not support it, it is because the designers are deliberately blocking it. Why block a browser, which most probably does a better job than Internet Explorer with that specific page of your site? I can only see it as childish jealousy over other browsers doing things better than Internet Explorer. You may end up creating security flaws on your own site by being so narrow minded and making things so complicated. If a web site requires a visitor to use a specific browser, it implies that that certain client side processing is required, that is dependent on a specific browser and cannot be done on the web server. That is extremely dangerous, especially when it comes to capturing sensitive information. The visitor never knows whether the web site owner wants to exploit a flaw in a specific browser or steal your private information without raising any alarms caused by certain browsers.

Many people may argue: "Hey you are fast to point the finger to other designers. You have a notice Best Viewed With Firefox displayed at the top of each and every page of your site, for every user not browsing with Firefox". But there is a huge difference between "Best Viewed" and "Optimised For". A site is best viewed in a specific browser, but you can still view it with any other browser. A pure standards-compliant web site should render correctly in any of the latest mainstream browsers, which is the main goal of HTML and CSS coding standards. It is not my fault if a browser cannot render my web site correctly when I adhere to these standards. Best Viewed With Firefox simply means that if my web site appears broken, then it is because you are using an inferior browser. Rediscover the web by using a browser that displays a site as it is supposed to appear on your screen, without the need of clever monkey tricks and coding workarounds. Do not let selfish companies force you to substitute your security for access to their web site.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.

No comments: