IE8 accelerator stops javascript timer

Question

We have an asp app on which people can take tests. On the test page, there is an asp control that shows the time remaining. When you right click that control, the javascript that provides the time is interrupted. To solve that, we disabled right-clicking. But now i've noticed that if you do a selection of some text and click the IE8 accelerator blue button, the javascript is also interrupted. Disabling the left-click is of course no option.

I've found an option in IE that disables the accelerator, so for us internally, the issue is solved. But we would like to find another solution, just because we cannot ask every one of our users to go disable that option on all their computers.

We prefer a solution that we integrate a fix in our code, so that the issue is resolved with an upgrade of our program. So if anyone knows if and how it is possible to disable/bypass/... Ie accelerator...

Thanks in advance.

Edit

Working with both a timer on the server and one on the client raises a new problem : where will you draw the line between the time difference on the server and the client. Anyway, this problem has not occured so far, so i guess people are too busy concentrating on the test then on finding a way to break down our system.

Edit 2

I tried using the method with onSelectStart, but no luck. This is my test html:

<html xmlns="http://www.w3.org/1999/xhtml" >
<SCRIPT LANGUAGE="JavaScript">
    function showObj() {
        //alert('?');
        return false;
    }
</SCRIPT>
<head>
    <title>Untitled Page</title>
</head>

<body onSelectStart="showObj()">
    <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. 
        Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. 
        Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 
        Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum."
    </p>
</body>

Answer 1

The solution is to disable the ability to select text. It doesn't sound like copy+paste is going to be necessary in the environment you're working in.

In most browsers, this is done using CSS: user-select: none; (with browser prefixes as applicable).

However, this CSS isn't available in IE (I'm not sure about IE9 though, so it may be worth including anyway), and since you're specifically asking about IE, you need an alternative solution. Fortunately, IE does provide one:

<div unselectable="on">...</div>

Unfortunately, the attribute isn't inherited, so you'll need to specify it on every element that contains text. (or you could write a Javascript or JQuery function that applies it to every element once the page has loaded)

Finally, and possibly the best option: There's also a onselectstart method which can be tied to an element. Something like this would disable text selection: onselectstart = function(){ return false; }. Even better, that should be inherited by child tags, so you could just put it on your <body> tag and be done with it.

Answer 2

If you are using a completely client-based timer to actually validate that people submit something in a certain time, cheating will always be possible. Someone can just drop a script on top of your page that kills the timer entirely, no matter what you do.

Seems that you should be using a server clock. If some customer does something that breaks an onscreen timer, well, there's nothing you can do about that. But as long as you validate the time on the server when people submit an answer, it will always be accurate.

Answer 3

Check out this post:

Disabling IE8 accelerators for an entire site

@EricLaw says no, you can't disable them for a site.

@mbenny says that you can mark content as contentEditable or unselectable

Answer 4

Same as validation, never trust data that comes from the client. What you really should be doing is recording, on the server side, the time that the test started, and then the time that the test was submitted. The clock on the user side should only be a nicety, but not relied upon, as there's no way to guarantee that it's accurate (for half a dozens reasons posted above).

The nearly fault-proof way is the user something on the server-side that is not in any way known of, interacted with, or modifiable by the end user.