From what I can see, the issue is fixed now. But simply, someone put html in their useragent, the site copied it as text, and included it as text in the html. The browser then interpreted it as html, and executed the javascript.
The fix is to parse inputs, and replace < and > with html entities. You can see this fix if you read the source for the page.
Although I agree with other comments in this thread, that this is something your app should log, there are scenarios in which this type of tool is really useful. Namely: Registration/Sign-in errors, in which it's going to be extremely difficult to identify from log files which tuple relates to the user having issues.
You're right - every user action / step is hard for support.
We tackled this problem with Usersnap (https://usersnap.com ) - devs will get accurate information (Browser + OS version and a screenshot) directly with the bug report!
Have you considered generating a unique URL for the requester (technical support) to share with the client, maybe with their name ini t? Once they visit it, pull their details, store it, and email it to the requester, or add it in their account.
Konqueror has been at major version 4 for the past 7 years or so. Also, these operating systems are called "FreeBSD" and "Linux". "amd64" or "x86_64" is the arch they're running on here.
I thought the purpose of the app was to demonstrate an intelligent parsing of the browser signature. After all, the user agent only tells part of the story.
Support. I work Support and Maintenance in an web agency and if I a client client calls up with an issue that I can't reproduce, the first question is what browser they use. There are a lot of inconsistencies between browsers and knowing it gives me one less thing to test with when I'm working on the issue.
This reminds me, have any of you guys run into the "dark side" of frequent browser updates? Couple months ago I file a support ticket on a website, they come back and say "I see you are using Chrome 33 and Firefox 24, we only support Chrome 27 and Firefox 19, please install those versions".
(Those were not the precise versions, but you get the idea)
As someone who uses these services in my job, I like the design a lot. A simple url and a simple copy button is great for these things (anyone who has done support will know what I'm talking about).
However, I get more information from whatsmybrowser.com
If someone could do a site that gives as much info as possible, including an Internet speed tests, I think it could become very popular.
IP address and GeoIP is pretty handy from a support perspective, plus anything such as ISP that can be inferred from IP address. The whatismybrowser.com has IP address but not the GeoIP.
More generally an embeddable 'contact us' form for people to use might be useful if it solves problems of having to setup captcha, email and so on that is hard to do correctly. On the back of the contact us form there could be all the useful support gubbins so that whomever is in support dealing with the 'complaint' sent on on the contact us does not have to ask the customer to go to some third party site to find out the browser/IP/screen size and so on.
"Google Chrome is generally considered the leader in supporting modern web standards, and can reliably handle most modern websites. It is also one of the fastest and most secure. "
I'm running dwb, version 2013.08.03 (either the maintainer for Fedora is slightly lazy or there hasn't been a new version in a while) on Fedora 20. It reports Safari 538 and OSX as the operating system. I've also got cookies disabled and it reports that I have them enabled, which is strange.
Interesting, because it does the opposite for me, i.e. it reports my primary monitor's resolution, despite the browser running on my secondary monitor!
I realise this is to assist with support, but why would anyone other than the owner of this site use it when they could just pull the user agent from their own logs when/if there's a need?
Every webapp I've ever written logs user agent in the audit trail because that's often useful both in support and detecting unwanted stuff. I'd have to assume that's a fairly common practise.
Barring an obvious use case I'm missing, it feels like a poorly written version of www.mybrowserinfo.com dressed up the theme de jour, minus the detail.
Them: "When I click the button, the menu shows up. But it disappears as soon as I hover over it"
Me: What's your username?
Them: jdoe@somehost.com
$ mysql -e "SELECT useragent FROM login_audit WHERE user = 'jdoe@somehost.com'"
+---------------------------------------------------+
| useragent |
+---------------------------------------------------+
| Mozilla/1.22 (compatible; MSIE 2.0; Windows 3.1) |
+---------------------------------------------------+
Me: thumping noises on wood
Them: Yes?
$ mysql -e "DELETE FROM users WHERE user = 'jdoe@somehost.com'"
Me: Problem resolved, goodbye.
(Admittedly this is probably why they don't let me do support, but the point remains, it's trivial and you should have this info.)
> What about someone who can't log in using a browser which is not their usual?
You're assuming a couple things about our hypothetical login_audit table, neither of which are neccesarily true and both of which would make our audit table functionally as useless (at least to me) as the OP's site
* That we only store the last useragent
* Only successful logins are recorded
In the latter case, I probably needn't (but I will) point out that failure to make any entry in the table would imply more serious connectivity issues being afoot.
I'd argue as your visitors scale, so should the ability to trace individual requests, and as your user-level support team scales, so do the tools you use to support them.
Another nice benefit is that building out a quick internal tool can be a great afternoon hack to clear your mind. It doesn't have to be good, just something to remove some pain.
We're tagging pretty much every request & correlating it with a user, and are able to pull logs pretty quickly. It's not hands-off, but we've built tooling to make it pretty straightforward to dig whats up.
http://www.whatsmybrowser.org/b/STOW3UD
Also the site completely breaks if I add rare unicodes at the end of the user agent:
🐧