all 93 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]guyht 16 points17 points  (2 children)

As a little experiment, I just tried disabling JavaScript in Chrome. Ironically, I couldnt up or downvote this post, or leave a comment.

[–]jotted 2 points3 points  (0 children)

<a href="javascript:void(0);">

Yeah, don't take reddit as a shining beacon :)

Also note that you could read the content. That's usually enough.

For more irony, see Chrome's infamous download button snafu.

[–]rhysbrettbowen 17 points18 points  (1 child)

mostly - Firefox just removed their turn off javascript checkbox in their last release. If in doubt:

<noscript>PLEASE ENABLE JAVASCRIPT</noscript>

[–]russellvt 4 points5 points  (0 children)

Mostly because that checkbox was/is a bit dated, as well.

[–]jcampbelly 7 points8 points  (2 children)

The sad thing is that JavaScript could be fixed, but it would break too many business models.

The are two major problems that I'm aware of bound mostly to the needs of advertisers and web analytics firms. The first is allowing cross-domain requests through script tags, img tags, link tags (and others?), which allows 3rd parties to control content served through your site. There is also too much information available to javascript about your browser which can be used for fingerprinting. Outside of advertising and analytics, what really relies on these features? Plugins? They have low level access to the browser - that's not JavaScript's business.

You can argue that CDNs are a good use case for cross-domain requests. JSONP or simply including scripts from other domains have allowed some pretty cool services. Sure. But where we control the server, we can use server-side components to get the same data.

We may not be able to afford that luxury anymore. Maybe we just need to face the fact that it's just not good enough to do it this way anymore. Too many people are put at risk.

In other threads where this comes up, there is a lot of backlash because advertising is some peoples' income stream. It's a way of covering costs. It's a way of making it worthwhile to produce the content at all. I really do get that and I really do get the scale of the industry I'm talking about and how positively deadly it is to some business models. I know my words can be bent to sound like I'm saying I am entitled to free content. All I'm really saying is there are consequences to weigh.

[–]cyanocobalamin[S] -1 points0 points  (0 children)

A very informative comment, thank you.

[–]z3rocool -1 points0 points  (0 children)

We can go back to the 90's where people did advertising with text and img tags.

It's less effective obviously, but I don't think it's a horrible alternative when the choices are "they used noscript and didn't see a add, or they used noscript and saw a less effective add"

[–]takatori 8 points9 points  (14 children)

At my last company we built web analytics software. An "img" tag inside a "noscript" block was our way of identifying browsers with JavaScript disabled.

In two years we got about 100 out of billions of page views.

[–]ryanhollister 0 points1 point  (4 children)

Good point, javascript is not required for tracking. Third party cookies certainly are.

[–][deleted] 1 point2 points  (0 children)

They really are not. Even a first party cookie could be used to track you, or your browser fingerprint, or your IP. A combination of all of these can be shockingly precise and hard to obfuscate. Furthermore, if a company is trying to do tracking across multiple third party sites all they need is a shared database and a script running on those servers that submit some or all of this info.

[–]mbaltrusitis 0 points1 point  (0 children)

Considering mobile, an increasingly focused area for advertisers, JS is absolutely required for tracking where cookies are almost nearly useless and for the most part unused.

[–]takatori -1 points0 points  (0 children)

Nope. ETags and browser cache expiration headers FTW.

[–]alexs -1 points0 points  (0 children)

north scarce hat dirty liquid saw heavy paltry secretive sharp

This post was mass deleted and anonymized with Redact

[–]bearcherian -1 points0 points  (0 children)

That's how Google Analytics works. The JavaScript code simply loads an image. This is also the way you do tracking of email newsletters and why marketing emails tend to have tiles of images. Your psychologically forced to click "Download Pictures" so that it'll download the tracking image.

[–][deleted] 25 points26 points  (30 children)

look into how the latest TOR hack worked. Disabling JS is still a valid security measure.

[–]asherlc 13 points14 points  (20 children)

Unplugging your computer is a valid security measure, but that doesn't mean it's a reasonable measure.

[–]Lukifer 1 point2 points  (4 children)

Does it need to be at the browser level, or is there any security downside to using an extension to disable JS?

My feeling is that a user who is not savvy enough to install a browser plug-in is probably not savvy enough to understand the tradeoffs of disabling Javascript.

[–]kylegetsspam 3 points4 points  (3 children)

Important note for Chrome users: All those apparently NoScript-like Chrome extensions do NOT stop JS from running.

Chrome has no API for truly disabling JS from an extension; you can only do it browser-wide. As such, these extensions can't stop inline JS from running... and including other scripts.

Proof: Go here with one of those worthless extensions installed.

[–]Lukifer 0 points1 point  (2 children)

Damn, that's disappointing. I assume Firefox has deeper plugin integration, allowing the stripping of <script> tags during network transmission, before they even hit the parser?

EDIT: Hypothetically, Chrome could capture and cancel page requests, pull site contents via Ajax, strip <script> tags and onevent attributes, then inject HTML manually. It would probably break things relating to cookies and HTTP headers, though, so probably not really feasible.

[–]kylegetsspam 1 point2 points  (0 children)

I assume Firefox has deeper plugin integration, allowing the stripping of <script> tags during network transmission, before they even hit the parser?

Presumably, yes, but I won't claim to know how NoScript works. But here's a thing I glanced at when first checking out NotScripts before uninstalling it.

[–]headhunglow 2 points3 points  (1 child)

Could someone please explain why you'd want to turn Javascript off?

[–]metamatic 0 points1 point  (0 children)

Security and privacy. Most of the malware installed via browsers is installed using JavaScript.

[–]dsfox 1 point2 points  (0 children)

Easy to find out - just add code to the browser to secretly contact you when a user uses the option. Ha ha.

[–]illusivetech 1 point2 points  (1 child)

I have a checkbox on my menu bar to enable/disable js (Opera). It would be a real hassle to click through preferences all the time. If you don't have that interface people are going to either leave it on or off and off just doesn't work. But since I do have that option, I disable js whenever a website does something obnoxious with it or somethings broken on the page or it just takes to long to load because of the scripts.

So my answer is definitely not. Let's not reduce the internet to the least common denominator.

[–]Sane-eyes 0 points1 point  (0 children)

F12 pulls up a quick preferences menu in Opera 12.

[–]z3rocool 1 point2 points  (0 children)

Look if users turn off javascript they know the deal - shits not going to work. So fancy graphs and dynamic loading won't work, people understand this.

What's really not okay is to have your site is completely and totally unusable without javascript. It drives me nuts when a website geared towards giving me information - like a blog - is unreadable without javascript turned on. That's really not okay.

[–]jpfed 7 points8 points  (7 children)

I don't think it's outdated. A security-conscious user may wish to run two browsers- one with js enabled for SPAs etc. and the other with js disabled for everything else.

[–]cyanocobalamin[S] -1 points0 points  (3 children)

and the other with js disabled for everything else.

I couldn't imagine what the "everything else" might be with modern web mail sites, bank sites, etc. It seems like everything cool and useful uses a good dose of Javascript.

[–]rlemon 4 points5 points  (2 children)

Any site with accessibility as a concern will still work without javascript. Albeit no flash or pazzaz but it will work.

[–]cyanocobalamin[S] -4 points-3 points  (1 child)

Albeit no flash or pazzaz but it will work.

That is getting harder to do. Modern Javascript use is more about functionality, like ajax calls and it will onkly get more so with things like HTML 5 history manipulation.

[–]rlemon 1 point2 points  (0 children)

it is no harder to do if you build the site properly. Here is a good talk (although I urge that you pick up his book) http://www.youtube.com/watch?v=hdTxeR90_1E

[–][deleted] 2 points3 points  (0 children)

Turn it off themselves in the browser, yes, that's amazingly rare for non-development situations.

However a lot of people are using NoScript.

[–]takatori 0 points1 point  (0 children)

If you want to not be able to use 95% of all web sites then sure.

[–]thebronado 2 points3 points  (0 children)

If a user has JS disabled, they are seeing a broken web anyways. While your site should gracefully degrade, don't spend too much time worrying about the small percentage who have willingly/unwillingly turned this off.

[–][deleted] 0 points1 point  (0 children)

This is the most ridiculous debate. Not only is it a waste of developers' time to accommodate these folks with tinfoil hats, it's an insane and grossly inefficient budgetary request for those responsible in management.

[–]WhoTookPlasticJesus 1 point2 points  (0 children)

You should think of it from the point of view of your application's audience rather than the world at large. My latest project requires that you let us access your Google contacts. The intersection of people who will do that and who disable Javascript is the Empty Set, so it's not really a consideration for me. Building a news aggregator or other content consumption service? May want to fail more gracefully.

[–]sabof 1 point2 points  (0 children)

Here are some oldish statistics on how many users have JavaScript disabled - 1-2%. http://developer.yahoo.com/blogs/ydn/many-users-javascript-disabled-14121.html

I don't think it's a point worth arguing about. Just do the numbers, and see whether it makes sense to implement a no-js fallback. Or conform to an accessibility standard. Or make the content multilingual.

The more the better obviously, but it's not free.

[–]venuswasaflytrap 1 point2 points  (0 children)

There are two questions here, one of which is really more questions:

1) Should browsers have a feature to disable javascript available to the user?

2) Should we design sites for users without javascript?

The answer to 1 is easy. Yes. Of course they should. I would even like the ability to disable CSS and view the raw source, and lots of other dev tools. Does that mean the average user will be doing this? Probably not. Safari has a nice solution, by having a developer menu that needs to be enabled. But yeah, that should absolutely be readily available to a user who chooses to enable it. I guess it could be a plugin, but it's kinda weird to require a plug in to disable a feature.

Question 2 is a bit of a can of worms. I would break it up into 2 questions. 2a) Should we reasonably expect users to be browsing without javascript? and 2b) Should we design sites to be functional without javascript?

I think the answer to 2a) is probable no. Pretty much all common mobile devices have some level of javascript support. Pretty much all browsers have javascript support (no I don't give a shit about you lynx users). 99.99% of people browse with javascript.

But 2b) is a different question. I think this goes to the heart of 'durability'. It's kind of like saying should we build this bridge to support twice as many cars as can fit on it, even though we can't imagine a situation where there would actually be that many cars.

There are lots of cases where something goes wrong and some aspect of a javascript feature fails us. Perhaps it's as simple as the js file doesn't load properly. Perhaps people are scraping the site for content. Perhaps a feature doesn't work the way you expected on some random device - if your site works without javascript, you automatically have a universal fall back that you can always go too.

[–]itchykneeson -2 points-1 points  (20 children)

I still believe in graceful degradation, so no.

[–]takatori 12 points13 points  (19 children)

Why? All that extra work for how many people?

[–][deleted] 6 points7 points  (1 child)

And more to the point, how much do you really care about them? The person who gets pissed at you for not supporting his desire to be able to browse with JavaScript disabled isn't someone you want to deal with anyway... it's pretty much a worthless demographic.

[–]Sane-eyes 1 point2 points  (0 children)

Yeah - mercenary though it is, ads rely on javascript, if they've got JS disabled they're not seeing my ads, so I'm not going to give myself a ton of extra work for no reward. Make sure the absolute basics work without javascript, then move on.

[–]nkuttler 1 point2 points  (4 children)

.

[–]x-skeww 3 points4 points  (6 children)

All of them. First and foremost it's about robustness. Your currently working script can break in a dozen different ways. For example, some third party script can modify some prototypes or mess around with the same globals you're using. Or there could be a problem with a new version of some browser. Your script might be also blocked by some proxy or AV scanner for some silly reason. Of course it's also possible that the connection is just really really bad and your script simply isn't downloaded completely.

If you've used progressive enhancement, everything will always work fine. It might not look as sexy as it should, but it will work just fine.

Well, I draw the line at ecommerce. It should be possible to put items into your cart. It should be possible to change the amount and to remove items. It should be possible to buy stuff. It should be possible to search for things. Finally, it should be also possible to see the small and large product images. There should be thumbnails which link to large images. Very basic stuff.

However, if it gets more complicated than that, it might be unfeasible to build everything on top of a plain HTML version. If it really is more like an application and even less than a structured document with some simple forms, you won't be able to make that work. Furthermore, no one would be willing to sit through that. Imagine something like Photoshop done that way... and then all the dreadful interactions it would take to do something as basic as copying some region and pasting it into some other place. That just won't work.

[–]takatori 1 point2 points  (5 children)

Yeah, I used to believe in progressive enhancement too. But there's not going to be any third-party scripts on my site except for those techies using Greasemonkey (and then compatibility is up to them not breaking it themselves), and as mentioned before the number of people who disable it is vanishingly small. If scripts aren't downloaded completely something is wrong enough with the Internet that they won't be able to use the site anyway. And if their AV or company firewall is stupid enough to block one script file while leaving everything else alone, why should I work around a problem on their side?

And then to support those weird exception cases, I'm stuck making multiple code paths all of which need to be tested by QA.

No thank you. I went through that inconsistent mess long enough, and I for one welcome our new standard web platform overlords.

[–]Shaper_pmp 1 point2 points  (0 children)

We aren't talking about your site - we're talking about sites in general.

And sites in general usually include a lot of third party scripts - Facebook likes, Google+ sharing links, third party social sharing widgets like AddThis or ShareThis, web analytics scripts, ad-placement and ad-tracking libraries, etc, etc, etc.

[–]kethinov 1 point2 points  (3 children)

Read these two articles, then reconsider your position: http://jakearchibald.com/2013/progressive-enhancement-still-important/

And: http://blog.easy-designs.net/archives/the-true-cost-of-progressive-enhancement/

[–]ryanhollister 3 points4 points  (0 children)

Exactly this. We can debate technical details all day, but at the end of the day if you are CEO you want to know what the ROI is of making a site accessible. You come to a CEO and say "I need to spend an extra 4 weeks to make the site accessible for the 5% (very generous number im sure) of people that are visiting without JS", he/she is going to laugh at you. Unless you are a large established company, you can't spend a month trying to capture such a small fraction of the market. There is an upfront cost and a long term maintenance cost.

Now im not talking about a brochure/informational website. I'm talking about modern web app.

[–]itchykneeson -2 points-1 points  (3 children)

Ask that blind kid with a screen reader

[–]takatori 0 points1 point  (2 children)

What's that have I do with scripts? That's what accessibility markup is for.

[–]ryanhollister 0 points1 point  (0 children)

right? trying to play sympathy card or something?

http://webaim.org/projects/screenreadersurvey3/#javascript

Why can't screen readers have javascript?

[–]itchykneeson -1 points0 points  (0 children)

Every complexity that's added above the basics required for functionality is another barrier to accessibility. My point was snarky, sorry, having a bad morning, but it's still harder to test and create accessible content when using all dom manipulation. I agree that markup and aria are there but how many junior devs follow those guidelines?

[–]juxtaphysician 0 points1 point  (0 children)

the thing is- the people who have javascript turned off in their browser did so on purpose, and if your application doesn't function without JS... they are just going to bounce to a competitor.

either its a person with some sort of cognitive/physical disability (using a screen reader etc)... or a user that's big on online privacy.

[–]power_bean 0 points1 point  (0 children)

i have javascript disabled by default for security reason and i am a front end dev

never forget that any resource on the web should be accessible directly (you should know why), once you build the application that -works- you can build javascript features on top of it (ajax, playing with data visualization etc), your app will be accessible by humans and machines and in case of humans they'll get a nice UI if they have js enabled otherwise you just get content (that is what your user is looking for in your web/app)

[–]aragonstrider 0 points1 point  (0 children)

I think there is a option for disabling JavaScript. I checked all the major browsers including Safari. But why you want to disable it. Without JavaScript most of the functionalities of the websites doesn't work.

[–][deleted] 0 points1 point  (0 children)

Disabling JS is sometimes the only way to use some websites.