Should Users be Permitted to Disable JavaScript?

Contributing Editor

Disabling JavaScript has been an option in browsers since Brendan Eich devised the language in 1995. Until now. Mozilla has removed it from Firefox 23 and the decision has been met with a hazy mixture of praise and condemnation.

While the web breaks down without HTML, JavaScript has always been optional. So are images, CSS, video, audio, Flash and any other media you care to think of. In an ideal world, developers would always use progressive enhancement to ensure their systems remain operational when JavaScript is disabled or fails. It rarely happens, of course.

During the past decade, JavaScript has become so ubiquitous, many sites implode without it. Some load a minimal empty page then fill it with Ajax-powered DOM manipulations and content. An HTML-only fall-back is not impossible, but rarely worth the effort.

Fortunately, you know what JavaScript is. You know how it works. You know what it does. You understand the consequences of disabling it. But you’re in a tiny minority of web users. For every web expert, there are hundreds of users who wouldn’t recognize the language if it came up to them wearing a “Hi. I’m JavaScript” t-shirt and slapped them vigorously with a wet copy of “The Art & Science of JavaScript”.

Do those users need protecting from themselves?

The debate was recently raised by Alex Limi in his article Checkboxes that kill your product. Alex argued that switching off images, JavaScript, menus, SSL and messing around with certificates is unlikely to be used by more than 2% of users. Yet, the options are readily available to everyone. At best, most users will ignore them. At worst they’ll tinker and fundamentally break their interwebs.

While the user-facing option has disappeared in Firefox 23, you can still enable or disable JavaScript by changing the javascript.enabled setting in about:config or using an add-on such as Web Developer, NoScript or Greasemonkey. An option should also appear in Firefox 24′s Web Developer menu.

Personally, I think Mozilla are doing the right thing. In the early days of motoring, drivers were expected to understand basic maintenance to keep going. Similarly, browsers have progressed to become mainstream applications used by everyone. Options which made sense in the dial-up days of the last millennium could be removed. Power users and developers will still want to disable JavaScript, but I suspect the majority already do so using more sophisticated methods than a crude global on/off switch.

Is there a downside? Some developers will view this as justification not to use progressive enhancement techniques. But developers will find technical reasons to rationalize every decision they make regardless of Mozilla’s policy.

Welcome to the always-on world of JavaScript.

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • http://niteodesign.com Blake Petersen

    After seeing this item pop up on Hacker News, I jumped on the Mozilla thread and voiced my appreciation that this step is being taken by Mozilla.

    However, the vast majority of others were speaking negatively about the switch, but I feel it was mainly the fact that no warning was given that their setting was turned back on and buried in the config. When it got down to the brass tacks of usability and the progression of the web, most were not able to provide adequate retorts.

    As soon as everyone gets their settings back in order, I am sure those others will feel the same about how easily the paranoid layman could disable everything for fear the NSA is snooping on them.

    Especially when trying to work with a not-so-robust SaaS tacked on “seamlessly” to a main site, often times the only solution is to leverage the brittle (now less so) front-end languages (javascript… and, uhhhmmmm… … yea) that could be easily broken by either JS or cookies being disabled by a user who heard back in ’98 that javascript/cookies were evil.

    Disabling Javascript should only be done with complete knowledge of the consequences of doing so. This assure that only experts fiddling in the config can do this.

    Gold Star for Mozilla!

    • mpi

      “no warning was given that their setting was turned back on and buried in the config. ”

      That’s a lie , DEVS have the ability to warn their user through the NOSCRIPT tag. and give me a break , it is not like the FF config menu is deep. You want to see a deep menu ? check Eclipse’s. FF is just playing its Nanny and take users for idiots.

      • http://www.optimalworks.net/ Craig Buckler

        Why do you need to warn users about JavaScript being disabled? Why is your site failing without it?

        I wouldn’t say Mozilla are taking users for idiots, but most do not have a clue what JavaScript is. Why provide an option which the vast majority of people do not understand? The fact is that it’s still there — but it now will be buried in the config.

  • http://brianswebdesign.com Brian Temecula

    I like to disable javascript when I think I might be clicking on a link to a questionable website. I use the web developer toolbar because it’s super easy to access, but I see no reason to take out the option. Who cares if the user wants to disable javascript? In most cases they will just be looking at a really messed up website that doesn’t work. On the other hand, while we’d love to pretend that making a website work without javascript is cost effective, it’s not. Take a look at the statistics of who comes to your website with JS disabled and you’re likely to find that it’s like 0.01%. It’s hardly worth wasting time worrying about people that don’t have JS enabled.

    • http://www.optimalworks.net/ Craig Buckler

      Thanks Brian.

      The problem is that someone could either disable JavaScript without realizing or not know how to fix the issue when website start to break.

      I use the WDT too — it’s far quicker than the options dialog (although it’d be nice if it were in the main block menu rather than a sub-menu).

      With regard to progressive enhancement, it shouldn’t cost significantly more time, effort or money since it’s a development approach rather than than a two-phase build process. Admittedly, it’s not worth the effort for projects such as canvas games, photo editors etc. but content-based websites should be fine. The key point is: do it from the start. Adding PE to a pre-built JavaScript-dependent site will be far more difficult.

      • mpi

        Please that’s non sense. When javascript is off , most websites display an alert message saying that javascript is off. So dont take users for idiots. There is no reason to remove option to disable javascript in the ff menu except to shove more Javascript down users throats. Flash was bad , at least you needed a plugin to enable it and you could easily block it. Javascript is becoming the unblockable Flash and will ruin user experience. But hey devs want to show of their new skills…

      • http://www.optimalworks.net/ Craig Buckler

        most websites display an alert message saying that javascript is off

        Do they? I don’t and I suspect few developers remember the noscript tag. You don’t need it if you practice progressive enhancement.

        JavaScript is not — and never can be — unblockable. You will still be able to disable scripting in Firefox, but it won’t be offered up as one of the first options for everyone. And I don’t really think most JavaScript is used to “show off skills” — the vast majority is used for form validation and statistics collation (Google Analytics).

  • Nigel Wade

    With such a tiny percentage of users that visit sites without JS enabled I can’t see that this really makes a difference, though for the most part I doubt ‘muggles’ ever look at the options of their operating system never mind their browser and other applications. Accessibility would be the only reason that I imagine any one would intentionally disable javascript and if Mozilla are confident that any users who would benefit from turning off JS (epiliptics and those with learning/dexterity difficulties are often cited as examples of users who benefit from no JS) can get this option with another browser or an add-on/extension (and I’d guess that these users are probably going to get assistance with these choices anyway) then it seems like a good choice.

  • http://www.pfuu.co.uk Pete

    Given that most Javascript blocking happens through extensions/addons nowadays then it’s not really going to be an issue.

    Javascript is never essential. Useful? Yes, but never essential. I can interact with Sitepoint by enabling two out of the fifteen or so urls that want to load scripts in the background. I probably don’t even need to enable those two either. If I go to a site and am faced with a blank page I need a reason to enable the root domain or I’m going to close the tab. All I’m asking for is a reason.

    The number of people who have js disabled is a relatively unknown quantity because you need js enabled for Google analytics to work properly. If developers want to dismiss that group then that’s their decision, but it’s not difficult to provide a fallback in the majority of cases.

    • Mike

      There are a huge number of websites using javascript frameworks that will simply not work if you disable javascript. For those it is 100% essential.

  • http://dailyprayer.us Mason Barge

    The nanny state strikes again! No, I don’t think Firefox should take out controls that let people customize their viewing experience any way they want to. It’s not like they are going to hurt the webpages they visit. And if you’re a developer and don’t want to take the time to allow progressive enhancement (or more accurately at this point, progressive degrading), it doesn’t give you the right to tell everyone in the country how they have to have their browsers set.

    • http://www.mikehealy.com.au Mike

      Except that Mozilla isn’t the State and users can easily opt out by choosing a browser that does what they want. Users are no more required to have JS enabled than Mozilla are required to offer the option for them to disable it.

  • wyatt

    Makes sense. Javascript is ubiquitous. Don’t forget their whole Firefox OS depends on it and so do plugins. I don’t think they should even allow it from the configuration,

    I’ve many customers with disabled javascript who complain their internet doesn’t work. They don’t know why it’s there. Someone told them it’s a security risk so they just turn it off.

  • Security Nut

    JavaScript, like Java, is an open door to hackers. Except for the exploits that use Adobe Flash to steal your computer admin rights, JavaScript and Java are the biggest dangers on your system.

    How about web site developers learn to correctly lay out their web sites in pure HTML and quit using tricky scripts present menus to their users?

    A web site that requires any Javascript or worse, Java, is the sign of lazy programmers!

    • jason

      That’s like telling people not to eat for fear they’ll choke on their food.

      • http://tldr-tech.tumblr.com/ tech

        that is a poor anology. people NEED food to survive but they don’t really ‘need’ JavaScript to browse the web.
        its almost like suggesting you don’t pay for a firewall or antivirus program because “life is always risky anyways.”
        maybe Firefox could comprimise by having some (in)frequent reminder that your JavaScript is turned off/ you’re missing the best of the web. Web site developers can easily tell you to turn on JS to be able to use their site, if they want to.

    • DJ

      There is absolutely no hard data to back this up. Might as well expand this to include PHP… ridiculous.

    • Angelo

      Are you actually serious?

      You: the user (looks that way to me), have access to real time fancy stuff like Facebook friends real time music, gmail, gmaps and many other fantastic applications because “us developers” did not stick to HTML only.

      This is called progress but you want everybody to stop innovating so you “feel” secure?

      Go back to your bananas cave boy!

    • http://www.50secondsnorth.com Patrick Samphire

      You do realise that javascript isn’t simply for fudging layouts, don’t you? Interactivity is a major part of many modern websites. They’re not all flat, static pages anymore, and haven’t been for years.

  • Allen Kamp

    Security is the main reason to allow the option. If it is the fear of users accidentally disabling javascript, images, css etch and thus ruining there browsing is the problem, then provide a “reset defaults” button. That has been the meme for breakable settings for hardware and software since day dot. It would make it easier for help desks everywhere. “Have you tried turning it off and on again…have you tried the reset button?”

    What is next? Disabling view source?.

  • Miss Potts

    I disable Javascript when I’m using satellite internet. It makes loading things much faster, because latency is really high with satellite. Of course when I get back on dry land, I use regular broadband and enable Javascript again.

  • Jacques Briet

    Ridiculous. Are those people paid by Google ?

    • http://www.optimalworks.net/ Craig Buckler

      Yes they are — Google advertising is a significant chunk of Mozilla’s revenue. But Google do not control Mozilla. Besides, why is it ridiculous? Does your car manufacturer give you tools to open up your engine and inspect components? You can get them, but they’re not provided to everyone by default.

  • mathieu

    I agree, JavaScript is so ubiquitous that disabling it make browsing a poor experience. However, as at least one person above noted, slow networks still exist and developers seldom take this into consideration. Loading unused JavaScript onto a page because it is easy and in your template makes your site ugly for some percent of your customers. I have the same complaint for lazy coding of images, but that is another topic. Sure, let developers expect JavaScript to be enabled, but they must not forget customers on slow networks!

  • http://www.itoctopus.com itoctopus

    Totally with Mozilla on this one – next step: standardize JavaScript and CSS across the board. It’s very annoying to test the website on all the possible browsers because of the differences between them. They should all use the same engine.

    There is a flip side to all this – you only catch malware when you enable JS. It’s a two edged sword.

    • http://www.optimalworks.net/ Craig Buckler

      Step back a decade and your wish for a single engine had been granted. IE6 was the standard: do you really want to return to those days?

      HTML, CSS and JavaScript are all standards. It’s just that you don’t necessarily need any of them — a page can be created in plain text!

      • Angelo

        At least with IE6 there was basically one platform to target, nowadays try to go to Facebook and create an app to run on the facebook website (platform, framework, whatever you wanna call it).

        Good luck with users using all different browsers and operative systems, good luck with third party cookies settings that behave differently from browser to browsers, before was easy to estimate a project (yeah the technology was restrictive but there were works around).

        Back to the article, yes I believe some key features like JS should always be on, yes I believe these people working for big corporation should be cooperating to provide us with better technology that permit us to expect predictable results without having to spend days debugging like mad to only find out this browser on that OS didn’t quite worked as it should.

        If the bankers could have morning meetings every day to fix libor rates why can’t these big corporations work together for a better web?

      • http://www.brothercake.com/ James Edwards

        “If the bankers could have morning meetings every day to fix libor rates why can’t these big corporations work together for a better web?”

        Because they don’t want to, and they don’t care about the web being better. They’re companies, remember. Fixing rates makes them money.

      • http://www.optimalworks.net/ Craig Buckler

        why can’t these big corporations work together for a better web?

        Great idea. We could call it something like “The World Wide Web Consortium”. Or WWWC. Or hey — what about a snappier W3C?

      • http://www.brothercake.com/ James Edwards

        W3C? I thought we were talking about companies “working together for a better web”, not “working disparately to advance their own interests”!

      • http://www.optimalworks.net/ Craig Buckler

        You old cynic!

  • McCoy Pauley

    And now you have one… less… choice.

    You people really don’t get what’s going on, do you?

    • http://www.optimalworks.net/ Craig Buckler

      Will you enlighten us?!

    • http://codyburleson.com Cody Burleson

      Don’t tell me… the Mozilla corporation is really just a front for Obama’s secret plan to overthrow the Internet and control us all through the mysterious, but suspiciously named “JS Puppet Master” protocol?

  • terry

    My only problem with not being able to easily disable JavaScript is being able to disable spamy pop-ups from spamy websites. Some sites are so bad that they block you from navigating away from the page. The only recourse at that point is disabling JavaScript. This will become much more difficult now that I have to remember to navigate to about:config and find some obscure config setting and remember to set it back. Just stupid Mozilla.

    • http://www.optimalworks.net/ Craig Buckler

      Or use an add-on or the option in the Web Developer menu (coming in Fx24).

    • Jose Almeida

      Terry, I understand what you’re saying but really, you should be using an add-on to do this for you.

  • http://singletreeproduction.com Evan Stewart

    Interesting. Makes sense to me. This seems to be a larger trend with software makers; take certain easy-to-find-but-rarely-used power controls away from users so that users will stop blaming the software maker for user caused mistakes.

  • http://www.brothercake.com/ James Edwards

    As to the question “should users be permitted” — it’s moot, because there’s nothing we can do to prevent it. If the config doesn’t provide it, a user script or extension can rip out the script tags.

    As to Mozilla’s decision, it won’t make any difference to anyone. It won’t stop users who understand these issues from disabling JavaScript. It won’t stop good developers from having to cater for JS-disabled users. And it won’t stop bad developers from rationalising their decision not to ;-)

  • http://www.redunser.co.uk Alan Ralph

    The flip side of this decision is two-fold. First, browser makers need to bear down hard on removing any and all potential for malicious Javascript code to break through the security mechanisms in the browser and access information it shouldn’t be able to. Second, web developers need to build in some kind of fallback for people visiting their site over a slow connection, ideally with just enough function to still be usable.

  • Dick Ober

    Have any of you Firefox/Aurora users ever encountered ‘issues’ when entering data in an online form? You really have to work at it, up to and including Release 22.0. Turn off JavaScript and those ‘issues’ magically go away. Did the devs fix that yet? Because, if you Google it, this has been an ongoing issue for quite some time.

    Just sayin’.

    • http://www.optimalworks.net/ Craig Buckler

      It sounds like you’re using forms which have dodgy JavaScript form validation. I doubt that’s Firefox or any other browser at fault.

      • Dick Ober

        I’m using NMS FormMail Version 3.14c1 (http://nms-cgi.sourceforge.net/scripts.shtml), un-modified. Written in Perl. No JavaScript form validation on the page (unless it’s somehow built-into the NMS and I didn’t notice it). Example pages here – “http://members.caara.net/update-info/” and here: http://members.caara.net/. (Gosh, I hope it’s not an issue with NMS.)

        btw, the actual issue is, as you are typing along entering data in a field, not every character you type is actually entered – it “skips” characters. Sometimes you have to enter the same character several times before it will appear in the field. Turn JavaScript off and everything goes well.

        IE (all), Chrome, Opera, Safari, all good. Why is it only problematic in Firefox/Aurora? Why is it perfectly OK in Firefox when I disable JavaScript if I’m not using any JavaScript?

        If it IS the NMS, that’s too bad because it has some nice features, but I’m not going to continue using it if it’s the culprit here. Thanks very much for your interest.

  • pong

    Saying users should move to more sophisticated solutions like NoScript is a big mistake. In the recent Tor security breach, it turned out the Tor Project enabled javascript by default within the arcane preferences system of NoScript. For users of vulnerable TBB packages, ionly those who turned off javascript using the global switch would have been protected from the javascript attack.

    A much better solution is to make the options dialog box simplified by default, with an easy to find advanced button that allows all the under-the-hood options to be reached by interested users. The about:config system is a real hell and much more dangerous than the hitherto standard global switch.