document.write (DW):
-
Executes where encountered by User
-
Can be used for adding script elements
-
Only works while the page is loading; If you call it after the page is done loading, it will overwrite the whole page.
Why It Is Used:
-
You can overwrite the entire content in a frame/iframe
-
Way to embed inline content from an external script (to host/domain)
-
It is the most reliable way for the content (Widget or Ad) to “know” where the HTML author intends for it to be placed.
-
Scripts can have a negative impact on page performance and modern browsers have taken to blocking scripts. DW can be used to inject and bypass these blocks.
-
It works everywhere, all the time
Why It Shouldn’t Be Used:
-
Serializes the rendering engine to pause until external script is loaded. This could take much longer to load than an internal (none-DW) script.
-
Browser must download, parse, and execute the first external JavaScript resource before it executes the document.write() that fetches the additional external resources.
-
No single script should have the right to control (alter) a page before it’s ready to be viewed
Common Examples:
-
Twitter Stream
-
Google Analytics
What We Could Do To Improve User Experience with Tag Auditor:
-
Look for DW in the code
-
Make a note in the Db (Flag)
-
When a Tag is seen firing from a Tag Manager AND placed directly on the site
-
Cross reference the flag
-
Display a option to show with/without DW Relationship(s)
-
Like New Tag & Non-Secure Filters
What Authors Can Do To Minimize The Use of document.write
-
Use safer embedding tools like:
-
Google Caja: https://developers.google.com/caja/
-
Ad Safe: http://www.adsafe.org/
Comments
2 comments
Call Center DBS - 08159650666
WhatsApp DBS Indonesia - 08159650666
Please sign in to leave a comment.