Very often I use the expression "UA detection is a future fail strategy". It's a quick sentence with punch which makes angry some of the people in User Agent Detection business. They try to do a good job at providing the most complete, up to date, database of user agent strings and their relative capabilities. The issue is not in the intent of their database. The issue is often how the identification is used and how the code is shaped with regards to this identification. It is not an issue only related to UA databases. We see it every day in small pieces of codes.

Today I was checking the code of http://login.yahoo.com/ which is basically the portal for people to get identified when they have to access one of the Yahoo Web properties where it is required to have a login and password. I found this little piece of code:

if ( navigator . userAgent . indexOf ( 'Firefox/6' ) > 0 ) { style = '' ; } else { style = "left:70px;" ; }

Quite a simple piece of code. Let's see on my current desktop in the Web Console.

> navigator.userAgent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0" > navigator.userAgent.indexOf('Firefox/6') -1 > var ua = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/6.0" undefined > ua.indexOf('Firefox/6') 69

Logical and working as expected. But now let's go back to the future… with Firefox 60.0

> var ua = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/60.0" undefined > ua.indexOf('Firefox/6') 69

Oooops. It means that the script will kick for Firefox version 60 to 69 and 600… You got the idea. This code is probably not used anymore, but it's here because people have forgotten about it, but one day the condition it was supposed to meet or not meet will come back for any kind of reasons.

Otsukare!