Meta-refresh doesn't work? - html

I have a page using something along the lines of
<meta http-equiv="refresh" content="0;url=http://example.com/" />
but for certain users on a certain workstation this doesn't work. The is in IE. Is there something wrong with cookies or a setting somewhere which would cause this to fail? I never heard of such a thing.

The problem is that when IE sees this:
<meta http-equiv="refresh" content="0;http://www.example.com" />
it expects the contents attribute to contain a number. The only time IE will check for a URL is if the content attribute contains "URL=" so the redirect that is most usable in all browsers is this:
<meta http-equiv="refresh" content="0;URL=http://www.example.com" />
The above example would redirect immdetiately but if you changed the 0 for another number it would wait that many seconds. Hope this all makes sense, it should work just fine but I still think my first idea was the better one.

There is a security setting in internet explorer that does not allow meta tag refresh. It is under the Security tab, then choose Custom Level and the Meta Tag Refresh under Miscellaneous. If that is disabled, it would stop the meta refresh from working.
Aside from being able to disable it selectively, it is automatically disabled if you set IE's security level to 'High' [observed in IE9].

is it a really old version of IE? if so, try:
<meta http-equiv="refresh" content="0;url=http://example.com/"> </meta>
It needs a white space. HTML editor will complain, but just ignore it.

Check out this solution. It handles both javascript and meta-refresh at the same time:
Meta-refresh and javascript

The META tag is not an empty tag and does not have a closing tag in HTML, only in XHTML. (If you are really are sending XHTML, it may not work right on older versions of IE anyway, there are only workarounds to send XHTML to older IE versions.)
Try:
<meta http-equiv="refresh" content="0;url=http://example.com/">
W3 Schools META Tag Description
You might also try:
Checking the major and minor versions of IE. You can do this on the help->about menu option.
IE has historically gotten all confused by filenames and MIMEtypes. Make sure that you are sending your HTML as an htm or html extension file, and that those filetypes are set up on your server to send text/html mimetype.
Make sure your server isn't sending a conflicting meta refresh http header.

In case anyone tries to use meta refresh to redirect to new URL in Facebook applications ( either Page Tab app or IFRAME app ), the tag is disabled by Facebook somehow.
Workaround is:
<script>
top.window.location = 'http://example.com';
</script>
Remember to target "top", as Facebook applications are in IFRAME.

Just a wild guess: maybe there are some adblockers installed on those machines where the redirect does not work.
Can't think of any other reason why this common technique works on some machines while it fails on others for you.

Related

How can I get an html5 page to render in MFC

I need to render an HTML5 page with jQuery in a CHtmlView in an MFC application.
The page renders rather pathetically, and I get a syntax error when it gets to the jquery script tag.
I've tried the following:
<meta http-equiv="X-UA-Compatible" content="IE=11">
It did nothing. I even upped the MSHTML browser version to 11 in the registry and get the same syntax error. I really do not want to go back to IE6-style javascript. Can someone help me please?
Apparently the meta tag does solve the issue. What I didn't realize was that my html view was running in a frameset, and the directive is ignored in a frame of a frameset. Does anyone here even remember framesets? Anyway, adding this line and removing the frameset was the answer:
<meta http-equiv="X-UA-Compatible" content="IE=11">
If you don't set the correct browser Emulation for your application this will not work.
Please read this MSDN article.
So create an entry for your application in FEATURE_BROWSER_EMULATION and set the Version to 11000!

X-Frames-Options in the meta tag

I've created an test application where i look into the different defense techniques against Clickjacking and other UI redressing attacks. One of the most used techniques is the X-Frames-Options along the Frame-Busting code. What i fail to understand is the reason why the following isn't recommended, and according to OWASP: (https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet) doesn't work (Even though it works in my test applciation, i can't frame the page if the following is included)
<meta http-equiv="X-Frame-Options" content="deny">
Any explanation or link to an answer would be greatly appreciated.
Apparently this is because the META tag might not be received until information has already rendered in the subframe. This still works in browser such as Chrome and Firefox, but is ignored by IE.
According to many resources (not only your URL, but also e.g. this one) the <meta> tag should be ignored.
If your browser does not do so, that does not mean that all browsers don't do that as well. So to be on a safe side you must specify the HTTP header.
The question why so? Probably one of the reasons is the same why they tell to avoid using the following:
<meta name="robots" content="noindex" />
The reason, in my opinion, is that to get this meta tag you need to download and parse the whole page. To read the HTTP header you don't need to do so.
In this case HTTP header is just more efficient way to speed up the browser, so that could be the reason of forcing you to kill the meta tags.

Why does Chrome not redirect using meta refresh

An application that I work with has a PL/SQL package that creates a page and uses a function to create META tags.
It creates a webpage with a META tag exactly like this :
<META HTTP-EQUIV="Refresh" NAME="Refresh" CONTENT="1; URL=PaymentSubmit.html">
The problem is that Chrome does not like the NAME="Refresh" attribute. It does not redirect the page, although it does redirect properly in IE and Firefox
If I remove the NAME attribute, so that it looks like this it works in all browsers :
<META HTTP-EQUIV="Refresh" CONTENT="1; URL=PaymentSubmit.html">
What's going on here? I can't find a W3C standard for META redirect, so does every browser make up it's own rules ? I'm not sure if it ever worked in Chrome, but since I never heard any bug reports I assume it used to work in Chrome.
Anyone have a similar problem ?
Thanks
If you check the w3c wiki you can find the following quote:
Exactly one of the name, http-equiv, and charset attributes must be specified.
It mean's it is not valid html that both - name and http-equiv attributes are set.
Read this W3C's HTML and XHTML Techniques test on meta refresh:
Find all meta elements in the document. For each meta element, check
if it contains the attribute http-equiv with value "refresh"
(case-insensitive) and the content attribute with a number greater
than 0 followed by ;'URL=anyURL' (where anyURL stands for the URI that
should replace the current page).
The behavouir of the other browsers is not wrong, but chrome is more strict.
More details about the correct behavouir - and the valid reference - are available at http://www.w3.org/TR/html5/document-metadata.html#attr-meta-http-equiv-refresh
As far as browser support:
The support for <meta> refresh is there even in IE6
The syntax to be used is:
Place inside <head> to refresh page after 5 seconds:
<meta http-equiv="refresh" content="5">
Redirect to http://example.com/ after 5 seconds:
<meta http-equiv="refresh" content="5; url=http://example.com/">
Redirect to http://example.com/ immediately:
<meta http-equiv="refresh" content="0; url=http://example.com/">
If you plan to support javascript disablers (Which I don't think you should do :)
Do this:<noscript><meta http-equiv="refresh" content="0; url=url here"></noscript>
It is not a part of HTTP standard.
However, there are alternatives:
For refreshing the page after 5 seconds, do the below:
<body onload="javascript:setTimeout(function(){ location.reload(); },5000);">
If you want to redirect after 5 seconds, then do the below:
<body onload="javascript:setTimeout(function(){ window.location = 'http://example.com';},5000);">
If you want to redirect immediately:
<body onload="javascript:window.location='http://example.com'">
But there isn't any alternative for javascript disablers (yippee!!)
Conclusion:
So, my suggestion, would be to use my javascript alternatives, because they are not going to be replaced.
But <meta> refresh tag may be discontinued in the coming years.
More reading : http://en.wikipedia.org/wiki/Meta_refresh
For the <META tags, Microsoft has published specific guidelines:
Page and site guidelines for SEO
Specifically, for the <meta http-equiv="refresh"> element, Microsoft states the following:
A page redirect should provide both a message with the new page location and sufficient time for users to read the message. A page redirect with a time-out period of less than five seconds may result in a lower search-engine ranking.
To redirect a page, consider using an HTTP redirect instead. An HTTP redirect is more likely to transfer the authority of the old page to the new page.
Personally, instead of a <meta refresh tag, I would recommend you use a 301 Redirect. In PHP you could do, for example, the following:
<?php
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://www.yourdomain.com/newpage");
?>
This method is better than the <meta refresh because usually a 301 redirect includes the address to which the resource has been moved. Web browsers will typically follow 301 redirects to the new location automatically, without the need for user action.
According to some definitions of 301 Redirect, it would even preserve old positions:
A 301 redirect should be used whenever a website is moved to a new domain name (URL) so that search engines will quickly change their indeces and, in theory, preserve the search engine rankings that the site had at the previous domain.
All this is in line with the fact that many shady websites use <meta refresh to open unwanted websites (spam/ advertisements etc.). Hence I would conclude that the refresh meta tag should not be used.
For the other meta tags, please read the following: 18 meta tags every webpage should have.
Keep in mind that not all meta tags are of crucial importance; for example, Google says it does not use the keywords meta tag in web ranking.
But remember: it is Better to have, and not need, than to need, and not have.
Just don't use the <META refresh ;)

avoid a page being added to browser history when redirecting using a meta http-equiv tag

I have a web page, that redirects to the desired destination url using:
<meta http-equiv="refresh" content="0; URL=$destination.url" />
I would like to avoid the first page being in the browser history.
In particular, in mobiles (Android, iOS, etc) I would like the back button to skip the redirecting page.
Your two options are to either use a real HTTP redirect, or to use JavaScript's location.replace.
The former is better, but if there's some reason you can't do it, location.replace can work as an alternative:
document.location.replace(redirectURL)
location.replace actually replaces the current location in the browser history, so the back button will not go back to the redirection page. If you do this you may also want to include a meta refresh with a short timeout as a fallback if you expect any of your users to not have JavaScript.
You can't.
If you want to redirect, use an HTTP redirect. <meta> redirects have many flaws, and this is one of them.

any side effect if I add ' <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">' on my page?

HTML5Boiler plate suggests we put this one in our HTML page if we favour Chrome over IE
(which is my case)
<!-- Always force latest IE rendering engine (even in intranet) & Chrome Frame -->
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
We all understand how it works.
If the user is using IE but it has also installed the Chrome Frame the chrome frame will be used to run the page (which is probably much faster when it comes to execute my js)
The question: is there any 'bad' side effect ?
any particular reason why I should not add that snippet ?
Thanks
The only downside I know about this snippet is that validators don't accpet yet the content value of this meta (even if they should), so if it seems annoying to you, just remember you can also specify it inside an .htaccess (as suggested also on html5 boilerplate site)
See https://gist.github.com/1292092 for an example of htaccess inclusion
See also this thread about meta validation
This does not have any downsides.
This will force the browser to render as properly as it can, ignoring those awful IE Compatibility modes.
This will not break the browser, just peacfully explain to it, that this page doesn't wish to be experimented with, and just to be shown properly.
There are in fact downsides to this meta tag (along with conditional comments) which is why we recommend you reference it from the server. See this issue for details.