SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 26
  1. #1
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy Can javascript be relied on?

    Hi,

    I am building my site in php and have found the amazing world of ajax. I have always been weary towards using javascript in the past as I am worried that some browsers won't support it or that users will have turned javascript off.

    I now see hundreds and hundreds of sites on the internet which use javascript extensively. Am I living in the past, or should I still be weary of javascript?

    The main reason I ask is because I want to use ajax for users to change their password. If javascript is not working on their browser, they will not be able to change their pass.

    Thanks

    Guy

  2. #2
    SitePoint Guru
    Join Date
    Apr 2006
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Javascript is fine for lots of things, but security isn't one of them. You picked one example most people would advise against using javascript.

    And if you don't want javascript for anything else, don't worry- be wary.

  3. #3
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Think of JavaScript as an enhancement to your Web site, rather than one of the building blocks necessary for Web site development and you'll be fine.

  4. #4
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the replies - just as I thought.

    I will stick to using javascript for preliminary form validation .....

    Thanks

  5. #5
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Schulz View Post
    Think of JavaScript as an enhancement to your Web site, rather than one of the building blocks necessary for Web site development and you'll be fine.
    Depends on the target audience me thinks. Many great web applications would never seen the light today if they had that attitude.

  6. #6
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,819
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    There are no security issues with Javascript itself as all Javascript has access to is the current web page and other pages from the same site that it either opened, was opened by, or are displayed in other frames.

    Javascript itself has minimal access to the browser functionality (all of which can be overridden by the browser owner). The only files it can read and write are cookies. The only other access that it has is to communicate with the server via Ajax. Those security issues that are blamed on Javascript are usually the person having not distinguished between Javascript and ActiveX which Internet Explorer uses with Javascript to create about 600+ security holes in the browser. As IE6 produces warning popups every time you visit a web page with activex disabled to block the security holes but Javascript still enabled many IE6 users turn off Javascript as well simply to get rid of all the stupid popups.

    Any security issues relating to using Ajax relate to not implementing proper server side security measures the same as you would use if you were writing it exclusively server side. You can't rely on Javascript to implement the security that your application requires.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  7. #7
    SitePoint Wizard
    Join Date
    Nov 2004
    Location
    Nelson BC
    Posts
    2,310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    According to this site:
    http://www.thecounter.com/stats/

    the number of users who have javascript disabled floats between 4 and 10&#37;, depending on the month. I'm sure someone will disagree and say that it's not accurate but whatever, lets use those numbers for argument's sake.

    A good percentage of those will turn on javascript if confronted with a page that they want to access that requires javascript, and tells that so in a nice non-threatening way.

    That is for the general public. In a corporate environment, you may have the luxury of requiring javascript to be turned on for all machines (or off I suppose).

    Therefore, if you're coding a corporate system, you can go ahead and use javascript all you want, if it's in the specs. If you're coding a public internet site, you have to figure out if you can live with (a percentage of 4-10%) not bothering with your site because it uses JS, and if not, go ahead and do all the extra work to make it work both ways.

  8. #8
    CSS & JS/DOM Adept bronze trophy
    Join Date
    Mar 2005
    Location
    USA
    Posts
    5,482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Many web-apps require JavaScript, but there is a big difference between web-apps and normal web pages. The purpose of normal web pages is to provide information to the public, while a web-app's purpose it to allow the user to perform a task.

    Roger Johansson made a blog post about this recently: You cannot rely on JavaScript being available. Period.
    We miss you, Dan Schulz.
    Learn CSS. | X/HTML Validator | CSS validator
    Dynamic Site Solutions
    Code for Firefox, Chrome, Safari, & Opera, then add fixes for IE, not vice versa.

  9. #9
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Kravvitz View Post
    Many web-apps require JavaScript, but there is a big difference between web-apps and normal web pages. The purpose of normal web pages is to provide information to the public, while a web-app's purpose it to allow the user to perform a task.
    Very valid point. I have seen many web apps, such as mail clients which are coded entirely in JavaScript and Ajax. However, you would not want an 'information' site which would not work at all unless your users turned on JavaScript.

    Thanks

  10. #10
    I'll take mine raw silver trophy MikeFoster's Avatar
    Join Date
    Dec 2002
    Location
    Alabama, USA
    Posts
    2,560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This question comes up ever so often - but this one has turned into a great thread. Excellent replies by everyone!

    Quote Originally Posted by felgall
    Those security issues that are blamed on Javascript are usually the person having not distinguished between Javascript and ActiveX which Internet Explorer uses with Javascript to create about 600+ security holes in the browser. As IE6 produces warning popups every time you visit a web page with activex disabled to block the security holes but Javascript still enabled many IE6 users turn off Javascript as well simply to get rid of all the stupid popups.
    EXACTLY!!! Microsoft shoulders much of the blame for users thinking that Javascript is "not safe" - when the real culprit is ActiveX.

  11. #11
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Would also like to point out, as a case study, these forums use JavaScipt and Ajax a lot, but I guess that 'we', the targeted users, are the type of people to realise that we need to turn JavaScript on to use this site, so it does not matter that these forums rely on it.

  12. #12
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually, this site didn't use a lot of JavaScript until the vBulletin upgrade a couple weeks back .

  13. #13
    SitePoint Guru
    Join Date
    Apr 2006
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My goal is to produce sites that never even hint to a user that he is missing something if he can't run javascript.

    Scripts and apps add value to a site, making it easier to navigate or more useful to the visitor, or easier on the server by reducing downloads.

    When they start being the purpose of a site, however,
    or even its main asset, you need better content.

  14. #14
    I meant that to happen silver trophybronze trophy Raffles's Avatar
    Join Date
    Sep 2005
    Location
    Tanzania
    Posts
    4,662
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mrwooster
    Would also like to point out, as a case study, these forums use JavaScipt and Ajax a lot, but I guess that 'we', the targeted users, are the type of people to realise that we need to turn JavaScript on to use this site, so it does not matter that these forums rely on it.
    Well, this forum only uses javascript to add some niceties. It still works perfectly well without it, so I wouldn't say it relies on it.

  15. #15
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,819
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    It is okay to use Javascript on a site as long as the site is still usable for those who don't have Javascript enabled. Best solution is to build the non-Javascript version first and then add the Javascript that enhances the site functionality for those with javascript enabled.

    The only types of site that I can think of that can legitimately assume that javascript is enabled are intranets (wher you control the browser configuration as well as the site) and sites where the content is actually about Javascript itself (where obviously people need Javascript enabled in order to see the demo scripts function).
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  16. #16
    SitePoint Addict jtrelfa's Avatar
    Join Date
    Oct 2004
    Location
    Troy, Mi
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jimfraser View Post
    According to this site:
    http://www.thecounter.com/stats/

    the number of users who have javascript disabled floats between 4 and 10%, depending on the month. I'm sure someone will disagree and say that it's not accurate but whatever, lets use those numbers for argument's sake.

    A good percentage of those will turn on javascript if confronted with a page that they want to access that requires javascript, and tells that so in a nice non-threatening way.

    That is for the general public. In a corporate environment, you may have the luxury of requiring javascript to be turned on for all machines (or off I suppose).

    Therefore, if you're coding a corporate system, you can go ahead and use javascript all you want, if it's in the specs. If you're coding a public internet site, you have to figure out if you can live with (a percentage of 4-10%) not bothering with your site because it uses JS, and if not, go ahead and do all the extra work to make it work both ways.
    I think you aren't taking into account the webcrawlers that google, yahoo, msn, and many other search engines are using to mine content. The crawlers don't support frames, javascript, or CSS; they are looking for content. I think that if you take away the "bots", you'll find that there's a very small percentage of internet users with javascript disabled.

  17. #17
    I meant that to happen silver trophybronze trophy Raffles's Avatar
    Join Date
    Sep 2005
    Location
    Tanzania
    Posts
    4,662
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    What about content generated by javascript? Do the bots 'see' elements created by it, in the same way Firefox's DOM inspector and its View Selection Source do?

  18. #18
    SitePoint Addict jtrelfa's Avatar
    Join Date
    Oct 2004
    Location
    Troy, Mi
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Raffles View Post
    What about content generated by javascript? Do the bots 'see' elements created by it, in the same way Firefox's DOM inspector and its View Selection Source do?
    Not as far as I know. As a rule of thumb, the bots will follow the href in a link. What I try to do is intercept normal HTML page behavior with JavaScript so if a user has it turned off, they have to wait for page reloads, etc. If they have JS enabled, the page will have the extra "niceties" like Ajax-generated content, etc.

    If you make the content *only* available via JavaScript, the design should probably be refactored.

  19. #19
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have just noticed, for example on the sitepoint site, if you turn javascript off, links such as the search link, which normally pops up a little box using javascript, still work, but they link you to the full search page instead.

    As you say, javascript should be used to enhance your site, but your site MUST still be accessible with javascript turned off.

  20. #20
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    MUST is a very strong word. Again, depends on the target audience and what kind of feature the website has. Take the organize sets in Flickr as an example. Or a chat functionality. Everything MUST not require to work with JavaScript off.

  21. #21
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pepejeria View Post
    MUST is a very strong word. Again, depends on the target audience and what kind of feature the website has. Take the organize sets in Flickr as an example. Or a chat functionality. Everything MUST not require to work with JavaScript off.
    Fair enough.

    BTW: Is there any way in php to detect if JavaScript is enabled so you can alter your links / display a message as needed?

    Thanks

  22. #22
    SitePoint Evangelist
    Join Date
    Mar 2006
    Location
    Sweden
    Posts
    451
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, not really. But you could javascript-redirect to a page, and if a user hits that page, you know that the user has javascript enabled.

  23. #23
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ... or make use the <noscript> tag

  24. #24
    In memoriam gold trophysilver trophybronze trophy Dan Schulz's Avatar
    Join Date
    May 2006
    Location
    Aurora, Illinois
    Posts
    15,476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Or just make the JavaScript unobtrusive in the first place, and use it to either modify or flat out replace existing content.

  25. #25
    SitePoint Addict jtrelfa's Avatar
    Join Date
    Oct 2004
    Location
    Troy, Mi
    Posts
    231
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Schulz View Post
    Or just make the JavaScript unobtrusive in the first place, and use it to either modify or flat out replace existing content.
    I think the funniest thing about unobtrusive javascript is that it brings me back to '96 when I wrote my first web "site" (it was really cheesy, but what do you expect when it's your first time?).

    My first site, and several sites thereafter, relied on good HTML markup that functioned well from page to page. Even with the advent of PHP and ASP/VBScript, you still needed to make sure everything worked right.

    With JavaScript becoming more popular as of late as well as the introduction of a plethora of libraries and helpers, people are suddenly worried about "what if javascript is turned off? Now my site won't' work!". We need to maintain that 90's mentality of building solid websites that function great without javascript (or CSS) - with the painful page reloads and everything - then "dress them up" with javascript to give the users a rich experience.

    Of course, that doesn't mean we have to revert back to tables for layout, blockquotes for indentation, etc. It just means that it's important to code each page, template, and widget to be semantically correct and clean (a.k.a. devoid of inline event handlers and tags used to make stuff pretty). It's a lot easier than it sounds, and you'll end up with a much more maintainable code base once you're finished; the only changes you'll probably have to make for site enhancements will be to your .js files instead of your HTML.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •