- From: Christophe Strobbe <christophe.strobbe@esat.kuleuven.be>
- Date: Fri, 05 Sep 2008 11:29:16 +0200
- To: w3c-wai-ig@w3.org
Hi, At 09:48 29/08/2008, David Woolley wrote: >Ryan Jean wrote: > >>HTML: >><META HTTP-EQUIV=Refresh CONTENT="0; URL=test.htm"> > >This is explicitly a SHOULD NOT in the HTML specification. I >imagine they would have given it a MUST NOT except that the HTML >specification isn't normative for the "refresh" value in meta. > >This breaks the back button. In my tests, http-equive="Refresh" did not break the back button in Mozilla browsers (Mozilla, Firefox, SeaMonkey), Internet Explorer 6 and Opera (all only tested on Windows) if the timeout is 0 seconds, but it broke the back button in IE 6 on Windows 2000 (but not on Windows XP) if there was a timeout. See my collection of tests and test results at <http://purl.org/NET/error404/xp/scripting/redirect/>. (If anyone sends me test results for other browsers and platforms, I'll add them.) >Incidentally, this is a mix of HTML and vendor extensions to >HTTP. It will actually work with a real HTTP header, and on non-HTML content. >> >>JS: >>Window.location.href="test.htm"; > >This breaks the back button, so is an accessibility no-no. In my tests, this broke the back button in Internet Explorer 6 and Opera (because the redirect fires again) but not in Mozilla browsers. >Whilst I believe there are scripting techniques that don't break the >back button, not everyone has JavaScript, e.g. Lynx and Amaya have >no support, and many who do disable it for security reasons. One >common piece of advise in security advisories is to disable browser >scripting, and, in secure environments, the standing risk from such >a level of pragrammability is generally considered too high. Even though I prefer server-side redirects, there are situations where an author doesn't have sufficient control over the server to implement them. The Techniques for WCAG 2.0 contain the following relevant techniques and failures: * SVR1: Implementing automatic redirects on the server side instead of on the client side <http://www.w3.org/TR/2008/WD-WCAG20-TECHS-20080430/SVR1.html> (with example code in JSP, ASP and PHP, and an Apache configuration example) * G110: Using an instant client-side redirect <http://www.w3.org/TR/2008/WD-WCAG20-TECHS-20080430/G110.html> * H76: Using meta refresh to create an instant client-side redirect <http://www.w3.org/TR/2008/WD-WCAG20-TECHS-20080430/H76.html> * F41: Failure of Success Criterion 2.2.1, 2.2.4, and 3.2.5 due to using meta refresh with a time-out <http://www.w3.org/TR/2008/WD-WCAG20-TECHS-20080430/F41.html> Christophe Strobbe -- Christophe Strobbe K.U.Leuven - Dept. of Electrical Engineering - SCD Research Group on Document Architectures Kasteelpark Arenberg 10 bus 2442 B-3001 Leuven-Heverlee BELGIUM tel: +32 16 32 85 51 http://www.docarch.be/ --- Please don't invite me to LinkedIn, Facebook, Quechup or other "social networks". You may have agreed to their "privacy policy", but I haven't. Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
Received on Friday, 5 September 2008 09:30:37 UTC