ZF-6891: ReCaptcha rendering could cause sporadic page errors in IE6-7 based browsers

Description

Hi all!

I've heard from time to time from visitors of my site a complaint, they can't use registration form (with ReCaptcha) of the site with their IE6-7 (and also with some IE-based browsers, like Avant Browser) because page emits "Internet Explorer Cannot Open the Internet Site- Operation Aborted" error or just renders invalid. I failed to reproduce this error myself for long time and had no idea about the cause of the error. This error cost me about 50-70% of IE-users wanted to register in my site. That is a high cost, isn't it? Yesterday I was able to reproduce it and find the solution, and I want to share it.

I'll try to write short and clear: The root cause of this error is that Zend_Service_ReCaptcha uses "Challenge and non-JavaScript API" method to render ReCaptcha ( http://recaptcha.net/apidocs/captcha/client.html ). The key of challenge method is to produce

script tag directly in a place of page where ReCaptcha widget should be located. When browser loads a page, it fetches script over a net and executes it. During that execution, the script does a lot of document.write() (and possibly modifies .innerHTML or do appendChild() and so on) that causes unclosed DOM container modifications. This behavior could cause sporadic errors in IE because of the process of page DOM loading could be incomplete to the time of DOM modification.

Please, take a look into Microsoft Knowledge Base article http://support.microsoft.com/default.aspx/kb/… for more information about the error.

ReCaptcha is widely used in rather complex forms on JavaScript-rich pages with complicated DOM structure. When this error arises, it breaks complex JavaScript startup code causing at least page malfunctioning.

This error is VERY hard to reproduce (you may Google for it and find a discussions like http://nirmaltv.com/2007/08/… ), because there are a lot of things to affect. Some of visitors never encounter that bug, some - encounters it always, some - from time to time. I think, the following things (timimg things) could effect: - network connection speed - if the recaptcha script is browser or proxy (!) cached - overall computer performance - ?

I was able to reproduce the error with my registration form in IE6 only when I cleaned browser cache and navigated to a local development version of site. Doing the same with public production site didn't reproduce the error.

I wrote a small test trying to reproduce the bug (I'll attach it later) and it worked (produced the bug) first 2 or 3 runs, but after that it started to run clean (without the bug). I have no idea for now, how to make make it show the bug again... May be there should be more complex DOM, may be there should be more complex (long-run) JavaScript startup code. I don't know. The only thing I know for sure - the problem with my registration form is in ReCaptcha (btw: the bug never occurs, if I remove ReCaptcha from the form).

One possible solution is to use AJAX API to load and instantiate ReCaptcha widget after DOMContentLoaded (or body onload) event signalled. I'm going to code this method, but it would be a very quick&dirty method due to a lack of free time and I don't think it worth committing in ZF project. But if someone wants it as starting point - I'll share it, just let me know...

//going to send a link to this page to ReCaptcha team

Comments

test page to produce "operation aborted" error. It showed a bug first times for me, but then it started to work clean. I don't know, if it would work with you. (it may require to fix a path to ZF lib)

Please, take a look into the following sample code. It is almost an exact copy of registration form, I mentioned in my report. This code reproduces the error every time I run it (requires Dojo installed in /js/dojo folder under htdocs. Dojo can be downloaded from http://dojotoolkit.org/downloads).

Clear IE6 cache (it may be not necessary for the first try, but IS necessary for any subsequent tries) and navigate browser to this test page. Page will start to load and in some moment it will display an "operation aborted" error. To that point a "register" button usually doesn't get instantiated. If the test works fine, try to run it on a old-slow PC, like Athlon / Pentium 1500Mhz.

I've just found a ReCaptcha's bug tracker and it happens the bug had been filled about 4 months ago: http://code.google.com/p/recaptcha/… . No reaction since that time and that is strange for me, because it was relatively easy for me to find the source of the bug and solve it...

Hmmm... It looks like ReCaptcha's team isn't going to fix it: http://groups.google.com/group/recaptcha/… Site owner should lose many customers until he/she realizes, he can't use a ReCaptcha's Challenge API.....

This is an improvement, not a bug. Zend_Service_Recaptcha operates correctly, however the Recaptcha javascript causes this problem. I may be improved by adding support for Recaptcha's AJAX API as an alternative.

Resolving as a known Recaptcha issue. Fixing it within the framework is not possible without rewriting the component to use the AJAX method instead. Will look into this for ZF 2.0.