Why is JavaScript considered bad by some? [closed] - javascript

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Why is JavaScript allowed to be disabled in the browser? (i.e. Why is it considered bad?)

<body onload="for(i=0; i<1000000; i++){window.open(
'samplesite.com?pageid=' + i);}">

Why is javascript allowed to be disabled in the browser? (i.e. Why is it considered bad?)
Because it can be grossly misused (blinking images, anyone?), may slow the browser down and of course there's always the (very justified!) fear of exploited security holes.

First of all with Javascript you can create events that the user might not want you to, like e.g. changing the size of the window...
On the other hand think about people who are somehow limited... What if your user was blind and uses a screenreader while your page continously changes its content somehow... There are many reasons against Javascript when it comes to accessibility...

Back in time, it used to be:
A source of annoying cursor-following animations (I am sure you remember stuff, like raining sheeps or clocks following your cursor... I want to find the smart*** who thought of that and slap them with a trout)
Considered insecure
Served no purpose but bog down the browser
However, over the years it has become more advanced and applied with more thinking behind it.

Historically it has been a huge security problem for web based services. Also with any technology that is exploitable and has a low technical barrier for entry it ends up the tool of the low brow trouble maker (script kiddies). Quick searches for javascript or xss in a security exploit database will show hundreds of pages of vulnerability.

JavaScript is often considered dangerous or at least annoying for two reasons:
Websites can suddenly do stuff that you don't want them to do, e.g. open popups
Websites can suddenly keep you from doing stuff that you want to do, e.g. disabling right-clicks
Now, in the vast majority of cases JavaScript is harmless and can really enhance the user experience (Ajax comes to mind). But all it takes is one malicious site that uses JavaScript to do evil (TM) things like Cross-site Scripting. For that reason it is commonly considered best practice to disable JavaScript globally and to allow it for just those sites or domains that you explicitly trust. In this day and age being paranoid on the Internet is actually a good thing.

It's a weakly-typed scripting language. Programmers who usually use "big strong" languages look down upon such nonsense. Shame on you for even considering using it, and my God have mercy on your soul.

It can cause security problems. Especially in old versions of IE (not so much anymore).
Or maybe it has something to do with Stallman's ranting ;-)

The main consideration is security. Drive-by downloads that exploit browser security holes via JavaScript are currently the most common way for malware to spread.

As well as what others have said it confuses search engines. The more 'dynamic' content you add the higher the chances it cannot be indexed. In addition the Internet is used by many as a reference library. Books in a real library do not change things around while you are reading the page. You may think of your site as an "application" but your users may prefer to treat it as a "document".
In short JavaScript obfuscates information, sometimes to the point of completely denying access (i.e., the JavaScript code is buggy and crashing). A classic example of this was that I was unable to watch the Live8 concert broadcast by AOL a few years back because the JavaScript code was so poorly written it didn't actually work on my girlfriends' AOL browser (ironic I know). I tried to get to the movie URL directly but the obfuscation was so complex I couldn't find it. It did nothing to endear me to AOL.
BTW, I happen to be one of those people who disable JavaScript by default. If I need it I can enable it for a specific site or page in 2 seconds (really) using the NoScript add-on for Firefox.

Some companies, or business units, have a policy of not allowing javascript turned on, as there are concerns about any risk of security exploits, and that may be the biggest problem, that since it can't be locked down securely then it must be disabled. If you can run javascript in a strict mode, that doesn't allow ajax requests, for example, then you may find that more people are willing to use it on computers that are concerned about security.
As long as a user can go to a website, and information can be sent transparently over the Internet regarding what a user is doing, then these security concerns will exist.
For example, I could have a Firefox plugin that appears to be useful, but, it can do possibly send unwanted info to a website.

Because it shifts load from the server to the client and there is no way to control to what extent.
I work with Javascript every day and respectfully acknowledge what it has made possible, but sometimes when I browse a very simple page, and the interface reacts lightning fast because there is nothing to render but pure, simple HTML, I think that that used to be the original purpose the purpose of the internet. You can, and I am exaggerating only little, browse these pages with a 600 MhZ Pentium with 128 megabytes of RAM without problems. While for a Javascript-heavy, effectful "rich" website, you need massive resources on the client side for a halfway smooth experience, and you need to update your equipent almost as often as gamers do.
Also, I generally feel some, not hostility, but slight annoyance towards Javascript because it massively increased development costs by adding a host of incompatible target platforms, version, obscurities and specialties to cater for, as well as a generally bug-prone, hard to debug and volatile environment to work in.
That said, I think the industry owes the creators of JQuery, Prototype and the likes big, big thanks, among many others.

JavaScript, as the inventor of JSON called it, is the virtual machine for the world. It's where billions of people are. This great exposure comes with some dangers other languages do not have to face.
Example. Write a site that just 'redirects' you to another site, where you can sign in. If you are not completely in control of your browser/URL etc. some JavaScript just could have loaded the page content from another site and will log your keystrokes. This could be achieved with a few lines of JavaScript. It's not really the fault (if it's a fault at all) of JavaScript, but all the components (browser, HTML, and this vast space, we call Internet).

Why is javascript allowed to be
disabled in the browser? (i.e. Why is
it considered bad?)
Because browsers are not prefect! And Its give you the way to safe yourself when you need it.
When security risk found out, they will just post in their home page
Please disable javascript until its fixed
Like this, (I dont have offical page right now, so googled from somewhere)
http://browsers.about.com/b/2009/07/16/firefox-3-5-users-should-take-action-immediately.htm
However, until a fix is released, I
recommend that you either disable
JavaScript completely or use another
browser.

There are a few rare instances where JavaScript can be dangerous (but so can anything, including the massively ubiquitous Flash). The reason users actually do disable it or use addons like NoScript is largely unjustified paranoia.
In the end, users don't stick with behavior that breaks the websites they want to experience. So, I wouldn't expect JavaScript paranoia to be a long-term issue as only more and more sites depend on it (like this one).
It's similar to the hype we saw around cookies several years ago.

It can crash the browser, or do annoying things to users.
However, now a days Javascript has become such an integrated part of the internet (Gmail, bill paying for many companies sites, ect) that if you did disable it then browsing could arguably be difficult for you unless you had exceptions.

JavaScript has some very "odd" language features, like the handling of missing semicolons at statement endings by just ignoring the parse error ("semicolon insertion") or the behaviour of the typeof operator (array is an object).
You really need to know the language to know which things you should do and which are bad.
But there are also really good points about the language, like that it fully supports functional programming.

It is bad only you visit questionable sites. Without javascript you won't have apps like gmail, yahoo finance, etc.

Why is JavaScript allowed to be disabled in the browser?
Perhaps because computers are tools that serve humans? Computers speaking to computers via a protocol can mandate specific behaviour. Developers writing software for users have no such luxury.
It would be pointless for browser vendors to mandate that JavaScript "must" be enabled, since there are plenty of people who can't or don't want it. Especially since 90% of the time it's just being used by some spotty hipster to animate a cat picture.

Related

When is it OK to use Javascript and when not?

Is it good practice not to use much javascript/jquery? Should we avoid it as much as possible (for good accessibility)?
When is it OK to use JavaScript and when is it not in web design and development? In what scenarios and with what conditions?
Update:
I'm asking regarding public websites.
I have to respectfully disagree with the posters that say that you shouldn't use JavaScript, or use it sparingly, or have it degrade gracefully.
The reason is that the vast majority of people nowadays has JavaScript enabled and appreciates the desktop-like experience it can provide from a website. Really, who doesn't have JavaScript enabled? People act as if this is a statistically significant group. It is not.
Not using JavaScript is a little bit like nitpicking about variable sizes (oh, I can use a 16-bit integer here instead of 32-bit to save some memory). Unless you are doing some monster project for hundreds of thousands of people, where the ROI of the time you spend on making your website degrade gracefully is actually positive, you should use JavaScript as freely as you like. The two people that can't access it because they disabled it are paranoid and probably not the kind of people you want as customers anyways.
Just my 2 cents.
+1 to everything Mr. Expert said.
One more thing to add: it is not good for accessibility to have critical functions of your website rely on JavaScript. If JS is disabled in the user's browser, they should still be able to submit all forms, click all buttons, et cetera. Your website must degrade gracefully in the absence of JavaScript.
One note for forms:
Where possible, use the Hijax approach to submitting forms. Make them work using traditional page refreshes, and then use JavaScript to "hijack" the form submission and do it with AJAX instead. If the client has AJAX disabled, the forms will still work fine.
Before I say anything, let me make it clear that all of this is relative - its all about YOUR TARGET AUDIENCE. The answer can be on opposite ends of the spectrum if majority of your target audience is disabled people in Africa and my target audience is gamers in South Korea.
First, look at the ratio of JS enabled vs JS disabled in your target audience. For an average website, it is 100:1.
Second, consider bandwidth. jQuery minified and gzipped is 24K. But do all browsers work properly with gzipped contents? Choose the right UI framework or choose whether to use one at all, depending on your target audience's bandwidth. If your target audience is young people with heavy-usage broadband plans, they won't complain if the framework is megabytes in size. But when your website targets remote villages in some country for a relief effort or educational program or something then avoid such frameworks - they can barely get access to the Internet.
Third, for accessibility, two things are important:
Anyone should be able to see/hear/know the contents in your website.
Anyone should be able to perform all important functions in your website.
Once you take care of these using the minimum denominator technologies for YOUR target audience, you can always use javascript to pretty up things and enhance existing basic functions (auto complete, AJAX submit, etc...)
To sum it up, gracefully degrade.
Accessibility aside, I don't agree that we should gracefully degrade in the case where someone has JS disabled!
For desktops with browsers, saying that When people don't have javascript enabled, your website should degrade gracefully is like saying Your game engine should gracefully degrade to DirectX 6 because some people use Windows 95.. Doesn't make sense anymore. Note the word anymore. It used to make sense when JavaScript was only there on 50% of browsers and it was an emerging technology.
Anyone have any good reason why my 3D game should be able to degrade gracefully and use DirectX 6? Its moot. What DOES make sense is, my game uses DirectX 11 on Windows 7 but degrades gracefully and uses DX10 in Vista or even DX9 in XP.
Come on.. look at some stats. JS enabled to Disable ratio is like 100:1
Again the whole thing changes if 80% of your audience uses some upcoming web browser in a mobile device with shaky JS implementation to see your website.
If majority of your target audience/device has JS enabled, use it well. If they don't have, then don't. You just have to give them what they can use and see.
There will always be a minority, but if there is a pre-requisite to see a website and it is fairly widespread, they should have it installed/enabled or else its too bad for them. You certainly don't want paranoids in your target audience.
End of the day, only you will have the information that will help you decide how much you should use JavaScript. It is always dictated by your target audience and their devices.
If you are developing a simple website, then you should only use JavaScript to enhance the user experience, and it should degrade gracefully for those that do not have it enabled. If your website is content-centric, then that's how you should treat it: content first, JavaScript-based bells and whistles second. There should not be a single piece of required functionality that does not work without JavaScript enabled.
However, if you are making a web application, then go nuts with it. Web apps are supposed to use JavaScript, so it doesn't make sense to cater to people who have it disabled; if they really want to use your produce, they will enable JavaScript (or use a difference device). It's not worth all the trouble making it work without JavaScript enabled. That's like arguing that you should not give your video game good graphics because lower-end computers will not be able to run it: the people who really want to play your video game will upgrade their machine.
mhr's answer, "Always, as long as it degrades gracefully", is a good baseline. I would add that reasonable exceptions can be made where Javascript provides application functionality (your site is a "web app" rather than purely informational) that has no server-side equivalent. So for example, "graceful degradation" as a rule should not prevent you from building a web-based drawing tool (which would be, at best, unusably onerous if it degraded gracefully to forms and server-side functionality). It should, however, prevent you from requiring Javascript to access any content which that drawing tool publishes to an audience other than the content creator (because the content creator, self-evidently, has already accepted that Javascript is required for their usage of the site).
With all my respect to Mr J. Nielsen: Conservativism in design can be really senseless in terms of evolution an progress. When flash first appeared (with the first versions of actionscript, really take-away programming) a lot of noisy-glossy over animated interfaces raised, most of them almost impossible to operate in terms of usability. But the fact is that, form all those futuristic experiments, some qualitative improvements have arisen in terms of UI.
With javascript something similar happened: what was a merely widget is becoming more and more popular even transcending the presentation layer to handle some business logic: the RIA (Rich Internet Applications) are gradually relying on javascript for the user experience.
To use or not to use javascript?
I think every tool oriented to improve usability and interaction is welcome in a brand new world that evolves continuously and that is way too far to have a sharpen shape, direction or just a simple plan underneath.
What others are saying here is completely true: it is not worth thinking of the one or two that still have javascript disabled, as game producers don't care too much if your computer stinks and they keep pulling the limits of graphics. Thanks to this, we are no longer playing PACMAN (only if Google wants) and we can enjoy Assassins Creed.
NASA is a great example of how not to use JavaScript in a public website - they appear to be using JS to serve browser specific style sheets resulting in an unstyled mess with JS disabled.
The primary use of JavaScript is to write functions that are embedded in or included from HTML pages and interact with the Document Object Model (DOM) of the page. Some simple examples of this usage are:
Opening or popping up a new window with programmatic control over the size, position, and attributes of the new window.
Validation of web form input values to make sure that they will be accepted before they are submitted to the server.
Changing images as the mouse cursor moves over them: This effect is often used to draw the user's attention to important links displayed as graphical elements.
Because JavaScript code can run locally in a user's browser (rather than on a remote server) it can respond to user actions quickly, making an application feel more responsive.
On a public website it's ok to use JavaScript as long as the information that your site contains is still available and usability is still good for people without JS.
If you're in a more controlled environment like a companies intranet or something, you can maybe rely a lot more on JavaScript.
Also if your site is more an application than a document and it's functionality is just not possible without JS, you can of course use it.
You can also just accept the fact that some people will have problems using your site but rely heavily on JS anyway. That's your choice.
With javascript we can have a client / server relationship with users, in the sense that we can use their cpu power to build the page and free some resources from our servers. we deliver the code and data and their browsers put them together and it is as it should be. :)
Sincerely
Babak
well i am not agree with your point that not to use java-script and jquery regularly.
now a day browser are compatible with javascript.And if you have to develope a website in which validation is required u have to prefer javascript(for client side validation).
Your site should degrade gracefully, if only for one reason: NoScript. That Firefox extension depends on whitelisting to allow sites to run Javascript. That implies that sites that I've never visited before will not be allowed to run Javascript. It's a good way to prevent a lot of phishing attacks and cross site scripting (XSS) attacks.
Sites have to earn my trust first. Yes, Ebay and Amazon may heavily depend on Javascript, but a site like www.buyviagracheap.com may not.
And if, with Javascript disabled, you have nothing to show for, I'll press "back" quickly before you can say "but...", and never come back.
If, however, I like what I see, I may enable Javascript for your site and improve my experience. So there's no need to provide full alternative functionality with Javascript disabled.

Is graceful degradation in the absence of JavaScript still useful?

When even mobile browsers have JavaScript, is it really necessary to consider potential script-free users?
Yes. Your web pages aren't just consumed by people: they're consumed by search engines, and crawlers, and screenscrapers. Most of those automatic tools don't support Javascript, and essentially none are going to generate UI events or look at deeply nested AJAX data. You want to have a simple static HTML fallback, if nothing else then so that your web pages are well indexed by the search engines.
Forget the crazies who disable Javascript; think of the robots!
Yes.
People can (and do) browse with javascript disabled. If your site will work without users having to explicitly enable javascript for you, that makes them happy.
Exactly how relevant depends on your target audience, of course.
I would argue that you shouldn't go significantly out of your way to accommodate for non-JS users for the following reasons:
All Modern Browsers Support JS
This is a snapshot of browser usage
today:
http://www.w3schools.com/browsers/browsers_stats.asp
Even the oldest common browser, IE6,
supports basic JavaScript and AJAX.
If you decide not to integrate
certain features b/c of a JS
dependence, this proves that you are
essentially doing it for people who
started with JavaScript enabled and
explicitly chose to disable it. I
think these people should expect for
some features, and perhaps even
entire sites, not to work as a
consequence.
Few People Willingly Disable JS
Building on my point above, average
web users don't know or don't care
that JS can be disabled in browsers.
It's largely a tech savvy crowd who
knows how to do this (myself
included), and as tech savvy users we should know when to
turn it back on as well.
Cost of Support
In light of the above, consider that
choosing to accomodate users who have
primarily willingly disabled JS comes
with a very real cost. If you are
managing a large project with heavy
UI requirements, you can easily burn
a lot of developer hours
accommodating for what is a very
small user preference. Check your
budget. If it is going to take 2 devs
working 40 extra hours each on the project
to accomplish this feat, you are
easily going to burn a few thousand
dollars on what is essentially a
non-issue for the vast majority of
your users. How about using that time
and investment to further buff up
your core competency?
Precedence
I may very well be wrong on this, but
I think it would be difficult to find
major media or social sites that
don't rely on JavaScript for some
portion of their functionality to
work. If major businesses that rely
on the operation and accessibility of
their site to stay in business aren't
doing it, there's a good chance it's
because it isn't needed.
CAVEATS:
Know your market. Continue to build XHTML/CSS that is semantic (preferably by using the RDFa W3C recommendation). Still strive to make your sites accessible to the visually impaired. Don't believe everything you read. ;)
DISCLAIMER:
My argument above is largely dependent on how you define "graceful degradation." If you mean all the links still work, that's one thing, but if you mean all the links still work and so does the wombats game, that's another. I'm not trying to argue for making your site so JS dependent that non-JS users can't access any portion of it. I am trying to make an argument for the acceptability of certain features, even some core features, being reliant on JS.
It is relevant and it will be relevant even after 10-20 years when javascript might be supported everywhere. making things work without javascript is important development technique because it forces you to keep things simple and declarative. ideally javascript should be used only to enhance experience but your website shouldn't depend on it.
there is clear advantage from maintenance point of view to have most of the code in declarative format (html+css) and as little as possible in imperative (javascript).
My position:
I browse with NoScript, so if I come on your site it will be without benefit of Javascript. I don't expect the full user experience.
What I want, before turning on JS, is to be assured that you're reasonably competent and not malicious, and that I actually want what you're using JS for.
This means that, if you actually want me to use your site, you should allow me to look around, using links. (If I see a site that's totally useless without Javascript, I generally think the designers were incompetent.) You should let me know what sort of functionality I'll get from enabling Javascript, and you should present the site in a legitimate-seeming way.
I don't think that's too much to ask.
graceful degadation / progressive enhancement / unobstusive javascript is absolutely relevant!
as with all accessability issues: just imagine for one second what it's like to be the one on the outside who can't use the page.
imagine you're travelling around the world, you're in some hotel or internet café with really old computers, old software, old browsers, you want to look up your flight and you realize you can't because of some javascript incompatability in the old browser you're using.
(try 'old mobile phone' or 'stuck behind a corporate firewall' for different scenarios)
image what a world of possibilities opend up to blind people with screen readers and the web, and image what it's like to find these possibilties closed again because of javascript.
so much for appealing to your better nature.
you might also want to do it
to keep your site accessibly for search engines.
Yes, it's relevant. Mobile browsers in use today do not all have Javascript enabled. It's available on new phones, sure. But there are millions and millions of people like me, who have phones running older browsers, and for all of us, a JS-required browsing experience is just plain broken.
I don't even bother visiting sites that didn't have progressive enhancement in mind when they coded. I'm not technically behind the times. My phone is a year old. But I'm not going to re-up my contract and buy a new phone because of a crippled web experience.
It depends on who your target audience is. I have JavaScript turned off by default and turn it on when I know what the site's intent is.
It's generally much faster to browse with Javascript disabled (digg.com is lightning without JS), which is why it's popular.
In Opera it's really easy: you simply press F12 and untick the javascript option. I always browse without Flash, Java (not javascript), animated images and sound. I enable Flash on a per-site basis, eg YouTube. Sometimes I turn off JS temporarily if my system is slowing down.
And don't forget about:
Screen readers (I think they mostly have JS disabled)
Text browsers or other very old systems
Ad blockers (if your filename happens lands under their radar)
Any old browser that either doesn't support JS at all or the JS breaks (e.g. IE6 doesn't support some modern JS stuff).
The solution is to use progressive enhancement rather than graceful degradation, i.e. start with the basic HTML and add CSS. Then add Javascript and/or AJAX to parts of the site.
For example, if you had a site like Stack Overflow, voting up an answer could submit a form normally. If JS is enabled, it would do an AJAX request, update the vote count and cancel the form submission, without leaving the page. SO doesn't do this though...
I for one always have NoScript turned on unless I trust the site for a number of reasons including cross-site-scripting, click jacking, and HTML injection. It's not me being paranoid, it's because I know a lot of developers, and know most of them have no idea what web security is, never mind how to avoid vulnerabilities.
So until I trust a site there's no chance I'd let it do anything fancy.
For the unfamiliar, there are some interesting blog entries on the subject:
Protecting Your Cookies: HttpOnly
Cross-Site Request Forgeries and You
Sins of Software Security
Top 25 Most Dangerous Programming Mistakes
I'm going to have to make a case for the other side here. Peoples reasons for designing sites without javascript are largely idealistic. Given an enough time and money and the goal is achievable and will certainly open your website to the largest possible number of people. However in reality doing this will slow your development, increase the number of test cases that you have to deal with, and ultimately affect the quality of your application for those users that do use javascript.
In my opinion it is perfectly reasonable to choose to make your site only compatible with js enabled browsers and tell those users that dont have it that they are missing out. This allows you to concentrate on creating rich content that the majority of users will be able to view.
There are of course exceptions to this rule, but if you are looking to create a good website for the majority of users, or have a client who is after a flashy website with limited time or money then taking the decision that it is js enabled browsers only is a reasonable thing to do.
The real question is not whether it is relevant, but whether to use Graceful Degradation, or Progressive Enhancement as your scripting strategy.
I'm actually in an interesting position when it comes to graceful degradation of JS. I'm working on a web application that bots and crawlers have absolutely no business looking into. There's nothing they can gleam that should be indexed.
The informational site accompanying the web application, however, should be indexed, and therefore JS degrades gracefully there.
In the web application, if you don't have JavaScript enabled, you're probably not supposed to be there. It's intended to be a rich interactive experience. The web application actually requires JS to be enabled, and for you not to be sitting behind a corporate firewall.
We're not serving anything malicious, its just our intent and purpose for the web application that's different. The goals of our web application and those of our informational site are completely different.
I use JavaScript. I always keep my browser up-to-date. But sometimes, my Internet connection is so bad that scripts just don't load.
There are also cases when:
Some scripts load, but others fail, in which case parts of a website stop functioning
Scripts are loading, but I want to hit "submit" without waiting for that fancy frilly menu
A script malfunctions because it was partially loaded and then cached at that half-stage
I'm in such a hurry that I just decide to use Lynx.
Now, I'm not saying my Internet is bad all the time, or even most of the time, but it does happen. With the Internet expanding rapidly to many rural areas across the world, I'm sure I'm not the only one. So apart from bots as Nelson mentioned above, it's another thing to keep in mind. (Hint: check your demographics).
If you don't want the page to work when Javascript is off then just have that be the message in html, and if javascript is on, by using unobtrusive javascript you can get rid of that message and make visible the rest of the application.
Depending on what you write for, in terms of javascript version, you may need to degrade if the browser the user has doesn't not have the latest version, so gracefully handling that is also important.

Should your website work without JavaScript [duplicate]

This question already has answers here:
Do web sites really need to cater for browsers that don't have Javascript enabled? [closed]
(20 answers)
Closed 9 years ago.
We're developing a web application that is going to be used by external clients on the internet. The browsers we're required to support are IE7+ and FF3+. One of our requirements is that we use AJAX wherever possible. Given this requirement I feel that we shouldn't have to cater for users without javascript enabled, however others in the team disagree.
My question is, if, in this day and age, we should be required to cater for users that don't have javascript enabled?
Coming back more than 10 years later, it's worth noting my first two bullet points have faded to insignificance, and the situation has improved marginally for the third (accessible browsers do better) and fourth (Google runs more js) as well.
There are a lot more users on the public internet who may have trouble with javascript than you might think:
Mobile browsers (smartphones) often have very poor or buggy javascript implementations. These will often show up in statistics on the side of those that do support javascript, even though they in effect don't. This is getting better, but there are still lots of people stuck with old or slow android phones with very old versions of Chrome or bad webkit clones.
Things like NoScript are becoming more popular, so you should at least have a nice initial page for those users.
If your customer is in any way part of the U.S. Goverment, you are legally required to support screen readers, which typically don't do javascript, or don't do it well.
Search engines will, at best, only run a limited set of your javascript. You want to work well enough without javascript to allow them to still index your site.
Of course, you need to know your audience. You might be doing work for a corporate intranet where you know that everyone has javascript (though even here I'd argue there's a growing trend where these sites are made available to teleworkers with unknown/unrestricted browsers). Or you might be building an app for the blind community where no one has it. In the case of the public internet, you can typically figure about 95% of your users will support it in some fashion (source cited by someone else in one of the links below). That number sounds pretty high, but it can be misleading; turn it around, and if you don't support javascript you're turning away 1 visitor in 20.
See these:
https://stackoverflow.com/questions/121108/how-many-people-disable-javascript
https://stackoverflow.com/questions/822872/do-web-sites-really-need-to-cater-for-browsers-that-dont-have-javascript-enabled>
You should weigh the options and ask yourself:
1) what percentage of users will have javascript turned off. (according to this site, only 5% of the world has it turned off or not available.)
2) will those users be willing to turn it on
3) of those that aren't willing to turn it on, or switch to another browser or device that has javascript enabled, is the lost revenue more than the effort to build a separate non-javascript version?
Instinctively, I say most times the answer is no, don't waste the time building two sites.
My question is, if, in this day and age, we should be required to cater for users that don't have javascript enabled?
Yes, definitely, if the AJAX functionality is core to the working of your site. If you don't, you are effectively denying users who don't have Javascript enabled access to your website, and although this is a rather small proportion (<5% I believe), it means that they won't be able to use your site at all, because the core functions are not available to them.
Of course if you're doing more trivial things with AJAX that just enhance the user experience but are not actually central to the core functionality of the site, then this probably isn't necessary.
Depends really.
I personally switch off JavaScript all the time because I don't trust lots of sites.
However, since you users have explicitly asked for your application, you can assume they will trust it and there is no point in doing extra work.
More, if you have that strong AJAX-affinity requirement, the question seems odd enough.
This is a bit like beating a dead horse, but I'll have a go at it, sure.
I think there could be two basic approaches to this:
1.
Using ajax (and, basically,
javascript) to enhance the experience
of the users, while making sure, that
all of the application's features
work without javascript.
When I am
following this principle, I develop the
interface in two phases - first
without considering javascript at all
(say, using a framework, that doesn't
know about javascript) and then
augment certain workflows by adding
ajax-y validation (don't like pure js
validation, sorry) and so on.
This means, if the user has javascript disabled, your app shall in no way break or become unusable for him.
2.
Using javascript to its fullest, "no javascript - no go" style. If javascript is not available, the user will not be able to use your application at all. It is important to note, that, in my opinion, there is no middle ground, - if you are trying to be in both worlds at once, you are doing too much extra work. Removing the constraints of supporting no-javascript users, obviously adds more opportunities to create a richer user experience. And it makes creating that experience much easier.
I think that depends on the type of web application you are going to build. For example in an e-commerce application the checkout process should propably work without java script because there are some people who deactivate js for checking out (in our experience). In a web 2.0 application in my opinion it isn't necessary to support non-js browser experience.
Developing for both also complicates the development process and is more cost intensive. you have double your web test efforts (testing with and without js) and also think different in the planning phase.
I think it depends on the market segment you're aiming for, if you're going for a tech crowd -such as Stackoverflow.com, or perhaps slashdot- then you're probably fine in expecting users to have JS installed and active.
Other sites, with a medially tech-aware audience, may suffer from users knowing enough about JS-based exploits to have deactivated JS, but with not enough knowledge to enable Scriptblock (or other browser-equivalent).
The non-tech aware audience are probably with the tech-crowd, since they possibly just don't know how to disable JS -or why they may want to- regardless of the risk.
In short, you should cater to spiders without JavaScript enabled, but only to the degree necessary to index the data that you want to expose to the public. Your browser requirements of IE7+ and FF3+ exclude far more people than the total number of people who disable JavaScript. And of those who do disable it, the vast majority know how to enable it when necessary.
I asked myself the same question the other day and came up with the answer that in order to use my application one must have Javascript enabled. I also checked various Ajax powered sites. Even Stackoverflow.
But considering this fact I also believe that you do need to support some degree of prehistoric applications. The main idea is to not let application break when users don't have enabled Javascript. Application should still display relevant data, but its functionality would be limited.
To add to some of the old discussion on this page. Google is now searching JavaScript: http://www.i-programmer.info/news/81-web-general/4248-google-now-searches-javascript.html
This is an issue that I was thinking about just a few days ago. Here is some information
In Google Chrome there is no way (menu/option) inside the browser to turn off Javascript.
Many websites including those from leading names like Google, etc., will not work without Javascript.
According to stats over 95% of visitors have Javascript enabled now.
These stats made me think. Do I have to break my back writing a lot of background code and everything for users who have disabled Javascript?
My conclusion was this. Yes, I have to include Javascript support, but not at the cost of sanity. I.e. I can afford to give it a low priority.
So I am going to have support for non-javascript browsing, but I will build most of it after my site is deployed.

Is it safe to assume Javascript is always turned on? [duplicate]

This question already has answers here:
Closed 13 years ago.
Duplicate:
Do web sites really need to cater for browsers that don’t have Javascript enabled?
Only supporting users who have Javascript enabled.
How common is it for Javascript to be disabled
How many people disable Javascript?
I've been doing web applications on and off for a few years now and each application I write seems to have more javascript than the previous one.
A frequent comment is: "But what if the user turns off Javascript?".
I take the point, but I've never actually seen a user do this. Not once.
Have you?
This comes up about every other week or so. Did you search first?
See these:
https://stackoverflow.com/questions/121108/how-many-people-disable-javascript
https://stackoverflow.com/questions/379735/how-common-is-it-for-javascript-to-be-disabled
Only supporting users who have Javascript enabled
Do web sites really need to cater for browsers that don't have Javascript enabled?
The main points are:
Google doesn't use javascript when indexing
Mobile browsers (smart phones like the iPhone) sometimes have bad or non-existent javascript
Screen readers don't do javascript well, if at all, and many developers are legally required to support them.
Thanks to filters like NoScript, the number of people browsing with javascript disabled (at least initially) may actually be going up.
So yes, you still need to worry about it.
It depends entirely on what sort of coverage you require.
Do you need 80% 90% 100% of users to be able to use your site / application?
People DO turn off Javascript. The question is, does your site need to work for those people? Can it just tell them to turn it on if they want to continue?
Yes, it happens.
NoScript is a Firefox add-on - downloaded by plenty of people.
No Script
You should always make sure your site works without javascript.
People turn javascript off for security reasons. Companys sometimes have javascript forced off at their inhouse computers. Also spiders don't have javascript so your site not working without javascript is bad SEO practice.
5% of users have JavaScript turned off.
It has become a standard at my office (for better or for worse) to assume that the user has JS installed and turned on. The number of people who have it turned off is getting smaller and smaller every day, but this still doesn't mean that you should forgo performing the necessary validation for submission on the server side as well just in case (as well as some other scenarios).
I would say that it is not safe to assume javascript is always on, but it is safe to REQUIRE javascript be turned on.
In other words, you don't need to jump through hoops to make something work without it, just display a message or redirect.
Javascript is an essential technology, and it's not unreasonable to require it.
It's rare, but it's possible. If you are launching an application for "everyone" to use on the internet, then yes, you'll have to prepare for such an event. It really depends on your target audience, but the safest assumption is that someone will have it turned off.
From a security perspective, you definitely need to handle this situation, as turning off JavaScript (or worse yet hijacking the scripts you wrote) is an easy to bypass business logic and validation, if it isn't double checked on the server. Requiring it to be turned on is not a good enough defense for stopping people in this situation. Remember you're requesting that the browser tells you what it enabled and disabled. The user (or attacker in this case) is in control of the browser, and you can't trust what it says as it's easy to modify the HTTP headers.
Depends on who your target audience is. Some users turn off JS for various reasons. Usually, they will enable it for individual sites that need it, but they might not do that if you don't tell them they need it.
If your site just fails to load correctly, they'll assume it's broken. If it shows a "you need JS to view this page" message, then at least they'll know what to do.
Some will then enable Javascript for your site specifically, but some won't, and they simply won't be able to use your site, unless it is functional without Javascript.
It's rare, but it happens. It really depends on who your user base is. If it's for corporate users, a lot of them have default security settings with javascript disabled. If it's for... pretty much anyone else, odds are they'll have it turned on.
I run by default with javascript off for new sites (NoScript) plugin. I think many tech-savvy users do the same. At least the ones who are paranoid about XSS attacks.
It is best practice to code for users that have JavaScript turned off.
As web developer your goal should be to provide the core basic functionality (without JavaScript). This enables all users to fully use your site. Then through the use of JavaScript, in a process known as "progressive enhancement", spruce up elements of the site for users that have JavaScript turned on.
And in the case where JavaScript is off...your site should gracefully degrade.
Web development is one of those arenas where you can't expect anything. Code for all users to maximise your site's accessibility.

ajax and accessibility

1) How important is it for the site to be accessible without javascript? I'm using a lot of ajax. I converted most of the site to be accessible without js, but the effort involved left me wondering if it was worth it.
2) What are the sort of scenarios (that occur fairly often) in which javascript might be turned off? (apart from people being paranoid and turning off js)
I'm developing the website that caters exclusively to the students in my university.I know that most (99%) of the users of the site will access it through a normal web-browser (no screen readers, or mobiles etc.)
I see that even large sites like digg, reddit simply stop working when I turn off js, without any attempt to provide html only access. Even in SO, it isn't possible to vote or view comments without javascript (though there are some nice error messages shown)
Edit: SEO is not a major concern, since it a very niche website, and marketing is done by other means. And right now, it has been indexed and is the first result when searching for the site name.
The most common non-accessible non-paranoid reason why JS would be disabled is when search engine bots come to index the content. You need to be able to handle that if you want to be listed properly on search engines.
EDIT for your edit: Fair enough. It really depends on your site's features. If it's a primarily informational site, then requiring JS is absurd. If it's more of a web application, then not requiring makes it much harder to use. Make the informational parts (if any) as accessible as possible, and do what you want with the rest.
The Importance of Being Accessible
It may be very important for your website to be highly accessible, especially if the site is being built for an organization which is subsidized by federal dollars.
The Rehabilitation Act was ammended in 1998, and now requires Federal agencies to make their electronic and information technology accessible to people with disabilities.
There are similar laws applying to e-commerce sites, applying to the online storefronts of traditional retailers.
You can look into Secion 508 for more info, but the main idea is that partial page refreshes won't be read by modern screen readers, and if your site needs to be accessible, the extra effort is required, and certainly worth your effort.
Many web frameworks are still in use which did not anticipate ajax, and it can require a lot of work-arounds to make things accessible. Still, it's really the best thing to do, even if you are developing a private website.
Here are a couple of other articles which deal with the topic:
Secion 508
http://www.alistapart.com/articles/saveaccessibility/
http://www.alistapart.com/articles/politics/
Users without javascript
As far as "turning off" javascript, users don't do this anywhere nearly as often as they did 5 years ago, though some still may. This will not likely be the case with your audience, and it's generally not considered the major concern it once was.
These days, the real concern is just client support. All modern browsers support enough javascript to allow you to do your work. It's the alternative clients, like the accessibility devices you mentioned, which may add requirements to your design.
If some of your audience works in a security-sensitive environment (government agencies, etc.), it may still be mandated that javascript is turned off on their work machines. This is also becoming less and less of a problem as time goes on, though it's a more common case than the paranoia issue you mentioned.
Of course, if you offer some support for those users, you won't have to worry about it.
It sounds like your site is going to be used in an educational environment; many countries have laws regarding the accessibility of sites in education. Beyond this, search engines and mobile browsers, as well as screen readers, will benefit from a standards compliant website.
That's not to say you can't use Javascript, just that you should be careful. In an ideal world you should be using XHTML for your content, CSS for your style, and Javascript for your behavior. On the latter point see these two Wikipedia articles:
http://en.wikipedia.org/wiki/Progressive_Enhancement
http://en.wikipedia.org/wiki/Unobtrusive_JavaScript
I asked a very related question here. Eventhough I say there that the main aim was not accessibility but ease of use, it might be an interesting read for you. I was one of the developers for my university websites and our lead was of the opinion that all websites in domains like education, non-profit organizations, govt organizations etc should be 100% accessible. Ideally you would want the pages to "work" without your CSS and client side code (JS/VBScript). We analyzed our pages using this and/or this to check our sites for accessibility.
blackberrys and other portable web browsers often have javascript off by default
It depends on your website.
If you are developing a web application intended for desktop users only, lots of Javascript is probably ok. Otherwise, strongly consider making your site accessible to mobile users, impaired users, or simply paranoid users who turn Javascript off. One of the best strategies to follow is that of graceful degradation, in which users without Javascript can still interact with your site, just without the flashy features.

Categories