154

I really don't understand what the problem is with those people who ask you not to use JavaScript on your site.

Why the paranoia? https://www.beholdgenealogy.com/img/no_javascript.gif

I went through all sorts of trouble trying to remove a couple of JavaScript scripts I used on one of my sites to appease a couple of "complainers". A month later, after a relentless attack by spam bots, I decided I better add the JavaScript spam prevention code back in.

JavaScript is obviously used by a lot of programmers. It is currently the 6th most popular tag here at Stack Overflow. It is used on practically every single website that I know of.

The claim that it is a security risk seems bogus to me. I've had JavaScript on in my browser for as long as I remember, and not once have I found out that anything malicious has happened.

JavaScript has, of course, been extended into AJAX. And AJAX is the thing that makes the wonderful world of Web 2.0 work. And that includes this wonderful Stack Overflow site.

So is there something I'm missing? Is there something wrong with JavaScript that I'm not aware of?


Follow-up:

I am flabbergasted by the response to my Question.

The responses are strong and vociferous from the Anti-JavaScript people.

There was one pro-JavaScript comment, and it was voted down (as I write this to -2) by the others.

I turned JavaScript off to add this follow-up. I immediately notice three obvious things (There might be more):

  1. A big annoying white on red banner at the top of each page saying: "Stack Overflow works best with JavaScript enabled". (Annoyance)

  2. Comments cannot be viewed at all or added. You can't vote up or vote down. You can't select the accepted answer. (Loss of functionality)

  3. Of course none of the AJAX stuff works. I don't have access to the line of editing tools above this entry box, and I can't see the preview as I type this. (Inconveniences)

So as far as I am concerned, turning your JavaScript off results in Annoyances, Loss of Functionality, and Inconvenience.

I'm sorry for the handicapped people who have no JavaScript support, but I still don't get why so many of you are so religiously against using it.

Personally, I love what AJAX and its beautiful interfaces and enhanced functionality are doing to the Web. I try to add such features to my site and it annoys me when the Anti-JavaScript people ask me - no, demand of me to take it out because they can't access them.

But how many of you use Stack Overflow with JavaScript off? None I would expect. Your answer would be that you turn it on for sites you trust like Stack Overflow.

Okay. If I make a site that uses Ajax or JavaScript, then I'm fine with you turning it off until you decide to trust my site. But don't expect me to be required to give you all the functionality that I do to people who trust me. Even Stack Overflow doesn't.

If someone wants to embellish this idea, I'll give them the accepted answer.


Also see the question: Is it worth it to code different functionality for users with JavaScript disabled?

and my answer to that question (which, when I last looked, had been voted down by the Do-Not-Use JavaScript people).


Followup. I found the following opinion about JavaScript at the WP-SpamFree WordPress Plugin page:

"Most of the spam hitting your blog originates from bots. Few bots can process JavaScript. Few bots can process cookies. Fewer still, can handle both. In a nutshell, this plugin uses a combo of JavaScript and cookies (on steroids) to weed out the humans from spambots, preventing 99%+ of automated spam from ever getting to your site. Almost 100% of web site visitors will have these turned on by default, so this type of solution works silently in the background, with no inconveniences. There are extremely few users (less than 2%) that have JavaScript and/or cookies turned off by default, but they will be prompted to turn those back on to post their comment.

Stats show that among all Internet users, less than 2% have JavaScript turned off, and less than 1% have cookies turned off. This requirement isn’t anything out of the ordinary because most modern websites require the use of JavaScript and cookies for key features — AJAX, for example, won’t work if JS is disabled.

Overall, the very few that might be inconvenienced because they have JS and cookies turned off will be far fewer than the 100% who would be annoyed by CAPTCHA’s, challenge questions, and other validation methods."

8
  • 1
    BTW in your example use JS to stop spammers if JS is not available show CAPTCHA, there you go you got something cool for JS owners and you got CAPTCHA against spammers and non JS users.
    – dr. evil
    Dec 18 '08 at 9:48
  • 2
    Well you did basically ask for reasons not to use JS, no surprise you got em, these are mostly well thought out answers imho :)
    – annakata
    Dec 18 '08 at 16:12
  • 16
    My son was very young when he taught me never to ask a question when I might not like the answer. ("Should we go to school now?", for example.) You seem to have had a firm idea going in, and seem annoyed at finding people who disagree with you. Why did you ask in the first place? Jun 19 '09 at 19:08
  • 3
    David: I have a lot of javascript coding that adds functionality and prevents spam on my websites. But every so often I get complaints - no, objections from some people about it. If I'm going to go through all the work to make my site non-javascript friendly, then I want to understand first what are the reasons why they are doing this. Do they have valid worries about Javascript, or are they just paranoid people who will not fly on a plane because they hear about plane crashes?
    – lkessler
    Jul 18 '09 at 14:55  
  • 3
    @Exception: Because a lot of the spam are single comments that are sent at periodic intervals, e.g. 24 hours.
    – lkessler
    Aug 25 '10 at 4:42  

33 Answers 33

122

Javascript is not good or bad, in the same way that a hammer is not good or bad. It's what you do with it that is good or bad. Many of the sites that use Javascript, use it where it is not actually necessary.

Some reasons why Javascript should not be overused:

  • search engines don't pick up script-generated content
  • creating a nontrivial script that works in all browsers can be tricky
  • many basic things can be achieved using CSS instead, which degrades more gracefully
  • XSS (as recursive mentioned) can make bad things happen to your visitors if you screw up (although scripts might still be injected even if your site is Javascript-free, of course)
  • you might think that every browser nowadays supports Javascript, but with more and more people using script-blocker extensions like NoScript for Firefox, this does not have to be true

Bottom line: Javascript should be used to enhance the website, but so far as humanly possible, the site should still work without it.

6
  • 2
    Forthing. Although I'd add some reasons why it SHOULD be used: 1) enhance usability and create a more dynamic feel (live form validation, drag and drop, etc, etc, etc), 2) AJAX, 3) security (as mentioned in the question), 4) it is an awesome and fun language (on a conceptual basis) if used properly Dec 18 '08 at 15:55
  • 15
    The reason most users run NoScript is to rid themselves are annoying ads and techniques where Javascript is used badly. Jan 6 '09 at 17:52
  • 2
    Excellent answer, Thomas. Javascript is excellent for enhancing sites, but the core functionality should still be there, even if Javascript is disabled. Jan 13 '09 at 23:24
  • 1
    I wish I could upvote more than once - an excellent answer with a perfect synopsis at the end. I wish JS was used on all site to enhance the experience, not define it. Jan 20 '09 at 23:05
  • 2
    I can't personally verify this but apparantly, Google Bot can now read JS. One of many example threads: webmasterworld.com/google/3032332.htm
    – jsims281
    May 11 '09 at 12:21
104

My feeling is that turning Javascript off in your browser is like taking all the lightbulbs out of your house in case you get electrocuted, but then complaining that it's dark at night time.

I'm not going to put objects in front of you to trip over in the dark, but don't expect me to go buying flashlights for you.

2
  • 2
    Funny, but not an accurate analogy. It's more like storing your extension ladder in a locked garage - there for when you need it, but not readily accessible to the burglar. Jan 21 '09 at 0:38
  • 37
    Javascript's like an extension ladder when you're in a two storey house with no stair case. I mean, downstairs it's liveable, but upstairs you get a view!
    – nickf
    Mar 5 '09 at 15:59
66

My take on the whole issue is as long as you're coding your Javascript to add to the users experience in a positive way, you're using Javascript correctly. The reason many disable it is because there are many terrible developers and companies out there that abuse Javascript for advertising, spam, harassment, and other nefarious ends.

Javascript brings a whole new experience to uses via Ajax, and several other frameworks/applications and shouldn't be ignored completely. There are compatibility issues galore but so does CSS and standard HTML, but we still use those day in day out.

I agree with an above post, "Javascript is not good or bad, in the same way that a hammer is not good or bad. It's what you do with it that is good or bad.". And the same could be said for any programming language.

And for those turning off Javascript entirely, you're missing out on a world of convenience and neat tricks that have helped push the web into the so called 2.0 and 3.0 web experiences.

32

I'm pro-Javascript. People that disable it have only themselves to blame. I haven't read a single reason in this thread yet that would justify doing so.

However search-engine optimization and acessibility are serious concerns for some websites, so that is a reason to cut back on the JS goodness.

That said, I too first check if a particular effect can be achieved with pure HTML/CSS, and only then resort to JS if nothing else works (or I need a very complex behaviour).

6
  • 1
    'People that disable it have only themselves to blame.' Sorry, that's wrong. Webmaster are to blame, if they lose the user, that don't use Javascript for one of the many reasons (Security, avoid annoyances, javascript-unable-appliances, accessibility etc.)
    – Mnementh
    Dec 17 '08 at 12:17
  • 1
    read my comment, and you will see why it's bad.
    – dr. evil
    Dec 18 '08 at 9:42
  • 1
    @Pedr - Javascript doesn't automatically mean accessibility problems.
    – Vilx-
    Dec 11 '13 at 14:08
  • 2
    @Pedr - Usually accessibility problems exist because nobody thought about accessibility in the first place. And they will still be there even if you don't use a single line of Javascript code.
    – Vilx-
    Dec 11 '13 at 14:26
21

The browsers used by blind/disabled people have limited or no javascript support.

7
  • 10
    Not to really disagree with you here but this isn't entirely true or accurate - there's plenty of "blind" users who use screenreaders attached to IE/FF/Safari and "blind" is an unfortunate umbrella term for a range of accessibility problems.
    – annakata
    Dec 17 '08 at 10:24
  • 1
    The blind people I know usually use Internet Explorer or Firefox with screen readers such as WindowEyes or Jaws. Dec 17 '08 at 18:09
  • 2
    I suspect the disrepancy here relates to me living in a non-english language country. The multi-lingual support for WindowsEyes is still fairly slim. I'm adding a slight edit
    – krosenvold
    Dec 18 '08 at 9:29
19

Just make sure that a webpage's basic functions work for everybody. There are valid reasons that webpages should be usable without JavaScript: Accessibility (a.k.a. for users that have to access webpages via non-standard browsers), machine readability (a.k.a. search engines, ...), even some nasty ads can go away if you disable Javascript. And yes, a page could request some stuff from somewhere else without you noticing, but it could also do that with a simple iframe or an img...

However that does not necessarily mean, that all functionality needs to be available. If it protects you, require JS for comments (as long as you can live with some people not being able to leave comments). That's a business consideration you've got to make. Noone can expect you to leave out your security just to allow them to be paranoid.

It's your webpage after all.


BTW: Yes, I'm very aware that this is a very controversal view, especially because it has "religion" involved.

Being on the "ripped off" side of the medallion for some time might have affected my point of view a bit, so I'm very much into protecting myself (as the person running a website) BEFORE protecting others. Obviously that does not give an excuse to allow the users to be attacked (i.e. you've got to do everything possible to avoid XSS, XRS, ...), but if you can help yourself (and - in fact - your users, because nobody wants an endless list of spam comments) by adding javascript to your comment mechanism: do it!

5
  • 2
    How in Turing's name could a site's security depend on using Javascript? The USERS security depends on NOT using it, and that's not paranoia, that's a simple fact becoming more and more true; XSS means you can't trust ANY site not to try and infect you with a trojan. Dec 17 '08 at 10:59
  • 2
    JacaScript can help to support the security of the website OWNER, who's the person spending money for it. Why on heaven's name would he put up a webpage that can hurt himself? He needs to do everything that could protect HIMSELF (and then second: protect the users, i.e. do everything to avoid XSS).
    – BlaM
    Dec 17 '08 at 11:13
  • 1
    @Zoredache: No one is talking about having JavaScript being the ONLY protection. However it helps greatly against spammers today.
    – BlaM
    Dec 19 '08 at 10:34
9

My 2c (and why I disable every Javascript feature I can in Firefox aside from basic Javascript):

Client-side scripting is typically associated with annoying client-side behavior. From popup windows, to window move/resize, to status bar overwrite, to blinking images, to browser-specific interfaces: virtually everything annoying in the early days of the web was enabled by Javascript. Now, of course, there are many other ways to annoy, and a similar number of blocking addons, but Javascript is the grand-daddy of web pain and frustration.

I'd guess that (aside from security issues and legitimate complaints), that's the primary reason for residual Javascript hate.

4
9

I'm not surprised that there is a vocal anti-javascript bloc among developers. Its a language with a checkered past. The flexibility of the language backfired, resulting in a web that sometimes feels like a stinking pile of badly written javascript hacks.

But I have a feeling that a lot of the anti-js sentiment comes from the time when js as what you used to make your cute flying mailbox animated gif open your guestbook in a new window, or what generates the storm of pop-unders when you try to leave a porn site (don't pretend that isn't what annoys you about js! You know I'm right!).

Javascript is evolving. In the last couple years it has been embraced as a first class language, suitable for serious application development. You can decide to use NoScripts or the like, and only turn it on case-by-case, but you're going to find yourself turning it on more and more often.

Other answers have mentioned the accessibility issues, and of course the security issues, and others still have talked about solutions to those issues that don't include "ditch js" (how do you impliment keyboard shortcuts without js??). I welcome high expectations, but you can't bitch and moan without also talking about solutions.

Javascript is not the problem. As a designer I build sites with accessibility, security and compatibility in mind. I do so assuming js will be turned on. I contend that this is a reasonable design assumption. Things should degrade gracefully of course, but opinionated developers who turn off js to make a point are not users I design for.

1
  • 1
    Keyboard shortcut w/o JS ==> accesskey="X" - but +1 for informative post overall. Jul 22 '10 at 5:30
9

Although this question is old, it's just popped up and I feel I'm in a position to give people here a different perspective.

The main argument I've seen in the past from developers is that JavaScript can isolate people who need to use screen readers. I am visually-impaired and I have been that way since I was 3 months old. I've only ever had to use a screen reader whilst waiting for my eyes to heal after operations have been carried out.

The last operations were in 2005 and 2006 and I actually used a different screen reader each time. They are far better than what they used to be, believe me. The support is much better in general than what it was years ago. So to help back that up a bit, here is WebAIM's screen reader survey for 2011 with the most important parts paraphrased and quoted below:

** Percentage of users whose screen readers were detected with JavaScript: 98.4%

10.4% of respondents to the October 2009 survey indicated that they have JavaScript disabled in their web browser. As respondents submitted responses to this survey we detected the presence of JavaScript. We found that very few respondents had it disabled or unavailable in their web browser. Of the 19 respondents with JavaScript disabled, 12 were using Firefox (presumably with the NoScript add-on enabled) and 5 were using Lynx with Linux.

** Note: Only 1245 "valid responses" were received for this survey.

On top of this, the Royal National Institute for the Blind (RNIB) website makes heavy use of JavaScript. The RNIB is the primary organisation in the UK which supports those with visual disabilities.

Something more important

That said, what I believe to be far more important for allowing equality for the disabled on the web, is for people to actively incorporate accessibility standards into their work. If you take nothing else from my answer, please do something in your workplace to improve the accessibility support for those who want to use the Internet in the same way that you and I can. You can find details of the Web Accessibility Initiative (WAI) here and the current Web Content Accessibility Guidelines (WCAG) here.

8

Some mobile browsers do not support Javascript and relying on Javascript might render them unsupported.

5
  • 2
    As does using long lines of text, big pictures etc. I've often thought the idea of browsing on tiny screens will always be a second class experience. Dec 18 '08 at 17:30
  • 6
    and Javascript works on some mobile browsers.
    – Jimmy
    Jan 6 '09 at 17:50
  • 9
    so the question becomes - why is the mobile device using a crippled excuse for a browser, and how does it become my problem? I know, I know, it's my problem because I'm being paid to make it my problem, but seriously, javascript is pretty standard - how do they get away with making stuff without it? Jan 14 '09 at 1:06
  • 2
    the same way that Apple gets away with not supporting Flash on the iphone?
    – nickf
    Jan 16 '09 at 0:15
8

The claim that it is a security risk seems bogus to me. I've had Javascript on in my browser for as long as I remember, and not once have I found out that anything malicious has happened.

I'm sorry but this is a pretty lame excuse. Because you got lucky, you didn't visit so much dodgy websites or you kept your windows update all the time it doesn't mean others will do that as well. And there is still 0day attack window (time between the exploit and patch release) which is all about being a target and luck.

Defence in depth is crucial, 95% of the browser client-side attacks uses Javascript to deliver the exploits. Therefore disabling javascript is a really smart idea.

Secondly usability and accessibility issues. Javascript is a big problem.

Finally CSRF is nothing to do with Javascript in most of the CSRF attacks you don't even need Javascript. (you only need it if it's a POST request, and even in that case you just need to make a huge CSS and submit the hidden form in any click to the page. so still you can do it without javascript)

XSS is client protection and not the website. If your website is free from Javascript, you can still be vulnerable to XSS. Not using Javascript as a developer is not going save you against XSS. But as a visitor of the website disabling javascript can protect you against XSS.

3
  • 8
    I guess people who visit "dodgy" websites all their time who don't have their Windows up-to-date better turn off Javascript. :-)
    – lkessler
    Dec 18 '08 at 14:40  
  • 1
    @lkessler: Malicious Javascripts not only delivered by bogus sites, but by normal websites that are hacked. In the past that already happened to trustworthy instances. Also you cannot check in before, if a link leads to a 'bogus' site. If you load it, the scripts are already executed. A shortened URL doesn't help either.
    – Mnementh
    Jul 23 '10 at 10:54
7

Doing government websites and others there is a requirement for accessibility. These specifications are quite rigid, and require the site to work without javascript. That doesn't mean you can't use javascript, but just that the site needs to degrade well and still work without the javascript. This is a lot of extra work, so some just say don't bother and go with the least common denominator.

1
  • 5
    I've always felt that if you want to cater for blind/disabled people it is better to provide a seperate text only site. For example the UK's Food standards agency provide both food.gov.uk and text.food.gov.uk Dec 18 '08 at 17:33
7

Javascript is a major attack vector for drive-by downloads.

Many browser vulnerabilites can only be attacked through javaScript, and about half the security alerts issued about browsers read "while we're working on a patch to this vulnerability, you can protect yourself against it by disabling scripting".

On what machines do you think those spam bots are running? Nowadays, most of them fell victim to a drive-by download on some website that used Javascript to attack a browser vulnerability, and in many cases the malicious code got into that website through an XSS attack. A study conducted by Google last year found 10% of all websites they surveyed to contain such attacks!

So yes, Javascript (Flash too, btw) is very much the problem, not the solution, and it's becoming a bigger and bigger problem. Eventually it will be too big to tolerate; you better be prepared to find a way to make your website work without Javascript when every single Joe User out there has (or closely knows someone who has) had their ebay acount, paypal account or even bank account broken into, and is told they could have avoided it by deactivating Javascript in their browser.

Of course, this is a worst-case scenario, and maybe browser developers will manage to get their act together, or some sort of sandboxing technology for Javascript engines (or the browsers themselves) becomes prevalent, though that would still do nothing to counter XSS.

But saying that Javascript is not a problem right now betrays appaling ignorance in someone who develops web apps professionally.

4
7

Is there something wrong with Javascript that I'm not aware of?

Javascript annoys me when it is required for the site to function, especially for things that should not depend on it (like opening a link). Basically your site should work perfectly with Javascript disabled - the Javascript should just make it nicer to use.

Say I have javascript disabled (for whatever reason - security, paranoia, CPU usage, ad-blocking etc), I should still be view that picture, albeit not with a fancy Lightbox effect, or submit a form, again albeit without dynamic in-line error reporting)

There's nothing "wrong" with Javascript, it just shouldn't be obnoxious, or mandatory.

7

I use NoScript in Firefox, and by default no Javascript will work. I allow scripts on a case-by-case basis.

Therefore, if you want me to let you execute Javascript at my browser, you need to give me some reason to do so. Some reason that I can see without turning it on, because I don't turn scripting on without a reason.

This doesn't mean I expect full functionality without JS. This means I have to have enough functionality to see what I'll be getting by turning it on, and enough to give me some sort of feeling of trust. This isn't necessarily ideal from a security standpoint, but it's what I'm comfortable with.

There's also my feeling that people who demand Javascript for even partial functionality are likely to put style way over substance, so there likely isn't anything I really want there anyway.

1
  • 6
    Why don't you just use gopher though? Dec 19 '08 at 22:57
6

We are worried that by visiting an evil site, it will attack our internal network, make a request to another site that I am logged into, or perhaps things like the myspace worm.

I choose to use the firefox plugin noscript. This allows me to whitelist sites I trust.

Of course we also get annoyed at stupid things web developers try to do with javascript like break the back button, prevent me from saving images, popups, etc. Disabling javascript makes the web a far less annoying place.

3
  • 4
    "Disabling javascript makes the web a far less annoying place" and also makes it an uglier less user-friendly place. Maybe you should also deactivate viewing images, because images may contain malicious things as well. How about Java? You can turn that off in Firefox as well.
    – lkessler
    Dec 18 '08 at 17:31  
  • 3
    Java in the browser is probably something more people disable than Javascript.
    – Matt H
    Jul 21 '10 at 1:01
  • 1
    Javascript is so involved in a webpage that it's harder for people to conceive disabling it, while Java is a bit separate. I'd say that the only thing separating JavaScript from Java in this issue is really that so many people already recognize that Java is a bad thing and that it's OK to disable it. But well, why don't we all enable support for all macros in all files in LibreOffice or in Microsoft Office? After all, disabling the execution of arbitraty code is something only "Do-Not-Use Macros" people do.
    – njsg
    Jan 18 '13 at 17:49
5

As far as I'm concerned, as long as you follow the practice of Progressive Enhancement, you can use as much javascript as you feel is necessary to create your web application.

The users who run into your site with JavaScript disabled or not supported will still have full functionality. The rest of your users will see your animations, AJAX calls (and thus less postbacks or redirects), and other dynamic features.

It requires more work, but it really is the best solution. Remember that there are limited cell phone browsers, old computers with old browsers, alternative browsing methods (screen readers, crawlers/indexers), and people who purposefully turn JavaScript off. It may not even be the majority of your users, but it can very useful to cater to them.

3

"To Javascript or not" has valid, compelling reasons on both sides of the argument, which is the definition of a "religious argument".

I prefer to develop websites with Javascript not because it makes it easier (it definitely doesn't!) but to meet the requirements of the people I am delivering to, that the application be all whizzy and modern. However, building in Section 508 compliance will probably come as a shock to the project sponsors.

2

My feelings about JavaScript can be read at my answer to another question. I'm definitely pro-JavaScript. However, after reading through the forum thread you linked to I have two thoughts.

  1. Some users will refuse to use JavaScript, as you have seen from other answers to this question. There is no way to change this fact. You have to decide if you are willing to lose those users. If you aren't, then you must provide an alternative method.
  2. My suggestion to you for your particular problem is to use your spam prevention JavaScript for users who have it enabled. For users who do not, implement a CAPTCHA solution. This gives the majority of your users the better experience, while providing the small minority the opportunity to use your site with slightly more inconvenience.
2
  • 1
    I'm not saying use CAPTCHA instead of the JS approach. I'm saying put the captcha solution in a <noscript> tag.
    – Benry
    Dec 19 '08 at 6:33
2

Where I work we place quite a lot of emphasis on website accessibility. Unfortunately, this means that excessive JavaScript use is hard to justify.

Every piece of JavaScript we use requires back up functionality to be in place for people who don't have JavaScript support (for example people who rely on using screen readers for browsing web sites).

I love JavaScript and the power it gives you on the client side but in the end we build sites that we want as many people as possible to be able to access and this therefore means that JavaScript use is limited.

Sometimes it's just easier and quicker to build the functionality without using JS rather than doing the same thing twice.

1

Cross-site scripting is a major concern. Also, just because you have not found out that anything bad has happened is not a reliable indicator that it hasn't.

4
  • 2
    In fact, XSS is not really related to your use of Javascript in a Web page. It's mostly the injection of external Javascript on your Web site by some other means (that are usually totally unrelated to JS).
    – mmx
    Dec 17 '08 at 6:51
  • 3
    Your point is? How the Javascript got where is irrelevant to the user, what's relevant is that they can protect themselves from the attack by disabling Javascript, and that's a perfectly legitimate reason why they might visit your site with Javascript disabled. Dec 17 '08 at 10:27
  • 1
    Even disabling javascript in your browser will not protect you from all XSS attacks. (Ok, so XSS is really a misnomer - its HTML injection, and I can do a LOT with that, no scripts needed).
    – AviD
    Jan 7 '09 at 0:54
1

For me I try to limit my use of JavaScript because of multi-browser compatibility issues.

Also, from a personal rather than programming perspective, I use the ScriptBlock Firefox extension so it means sites with heavy amounts of JavaScript can often appear blank...and since I only ever enable scripts for sites I trust I end up ignoring sites that require it...

For me, JavaScript is a use only as absolutely needed addition to a site.

0
1

Javascript can certainly be used to make a site more accessible. Look at Google's Keyboard Shortcuts Beta

If you visit this site without javascript, you'll see that it acts no differently from a typical google search. Visit it again with javascript enabled, and you'll find that the "j" and "k" keys will move to the next and previous search results (respectively), and navigate to the selected item upon pressing the enter key.

It is the responsibility of the developers to consider accessibility (such as alt text, etc.). A common problem is that some developers rarely make it a priority.

1

I think a lot of users dislike javascript because it is yet one more thing that takes control of usage out of the user's control.

Besides the security concerns, javascript is very, very easy to do badly. Novice interface designers can cram tons of useless gimmicks into a webpage and set off a cascade of side effects that the user cannot control.

My personal pet peeve is the "Are you sure you want to leave our wonderful site?" popups that show up apparently at random.

No code should be configured in such a way to wrest control from the user. Every interface should have simply one user-action to one result correspondence. A button shouldn't have result A on Monday and result B on Tuesday. (Or worse, the button behaves differently depending on many times you have hit it previously!)

Javascript can be a joy on the site of a responsible and competent developer but if even just 5% of sites use javascript incompetently, abusively and even criminally, a lot of users will decide the benefits just aren't worth the hassle.

Your site might have a lot of nifty javascript features but if the next site I navigate to uses javascript to insert a trojan, the benefits that your javascript provides won't offset the damage caused by the next guy.

1

As this website needs javascript (at least if you want to access all features), you will only have a few users here, that are skeptical against Javascript. But it is true, that Javascript is the main vector for installing malware on end-user-computers. Many sites are infested, and the maintainer of the site don't even notice, because the site works as expected, but additionally is malware installed secretly. Besides that Javascript is often used for annoying stuff. Some appliances doesn't support Javascript or don't support it well. Javascript also can make a website problematic for blind users. So a mentionable amount of users can be scared away from your website by making Javascript necessary. Optional Javascripts don't prevent these users.

A good website-example is the Wikipedia. It uses some Javascript, but works perfectly without it.

EDIT: Twitter shows clearly the security-problem with Javascript. Some may argue, that is a problem with wrong code at Twitter, but if even such a big website cannot keep XSS out, how is it with local and small websites? It's not uncommon, that hacked websites execute silently malicious Javascript. Turning Javascript off is at the moment the best solution to that problem.

3
  • 1
    This website does not need Javascript. Although voting and comments, unfortunately, do.
    – singpolyma
    Dec 18 '08 at 17:04
  • 2
    "that Javascript is the main vector for installing malware on end-user-computers" - care to elaborate on how JS installs malware on your computer?
    – nickf
    Dec 22 '08 at 10:52
1

interesting discussion!

With jQuery now there's no argument left for cross browser problems. These have gone away. I appreciate the concerns about bling people and am not qualified to comment on the current situation here. There is also the mobile issue.

In my experience there's never enough budget to build two or three versions of a site and some functionality you just can't do without js. Ajax and jQuery are just a joy.

I would suggest that the users who want to control js use FF with no-script. They can then turn it off/on as they wish. But I would suggest they stop visiting sites that cause them problems. I suspect these people are spending a lot of time on very trashy sites if they are annoyed by ads and pop-ups. If I come across a site like that I leave immeditiately. There is never a site I've visited that's annoying that I can't do without.

If the developers have to compromise the users have to grow up.

0

This backlash against Javascript, which is a lot more common than you'd think, makes me wonder how the notion that "client apps are dead and Web apps are the future." You hear this all the time. I don't really understand how both of those notions can be so prevalent. I'm not talking about social bookmarking web sites, but actual applications.

0

I found the following comment at: http://www.exaflop.org/pivot/entry.php?id=115

I believe 2 [requiring javascript] isn't a major issue in that you can put a message on your comment form to the effect that if you are unable to use the form, please send an email and you'll add the comment for them. Maybe that will put some people off, but it shouldn't ... Besides, many people are now using conventional Javascript browsers with screen reader software instead of the old text mode browsers like Lynx, so this problem should diminish for disabled users. As for the tin-foil-hat-wearers that disable javascript in their browsers out of paranoia, they can stay silent for all I care :).

0

obviously, a large percentage of the web requires cookies and js (heard of facebook?)... I'm kinda shocked by those who choose not to use cookies or js as it obviously creates an issue where the client is making a poor user experiec

1
0

People who have JS turned off don't deserve the 1000s of extra hours to make every site have 2 versions: a nice one, and a shit 1999 one. They deserve to have their limbs torn off their bodies by tying them to fat people chasing donuts in opposing directions.

By supporting them we encourage them, like the support for IE6 that went on for 5years too long. Don't give them the option to be cunts. Using something like NOSCRIPT is fair enough and prevents all the problems people are talking about. Then, when they visit your site, they should bloody well enable javascript.