SitePoint Sponsor |
|
User Tag List
Results 1 to 25 of 26
Thread: Can javascript be relied on?
-
Dec 15, 2006, 19:12 #1
Can javascript be relied on?
Hi,
I am building my site in php and have found the amazing world of ajax. I have always been weary towards using javascript in the past as I am worried that some browsers won't support it or that users will have turned javascript off.
I now see hundreds and hundreds of sites on the internet which use javascript extensively. Am I living in the past, or should I still be weary of javascript?
The main reason I ask is because I want to use ajax for users to change their password. If javascript is not working on their browser, they will not be able to change their pass.
Thanks
Guy
-
Dec 15, 2006, 19:44 #2
- Join Date
- Apr 2006
- Posts
- 802
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Javascript is fine for lots of things, but security isn't one of them. You picked one example most people would advise against using javascript.
And if you don't want javascript for anything else, don't worry- be wary.
-
Dec 15, 2006, 19:53 #3
- Join Date
- May 2006
- Location
- Aurora, Illinois
- Posts
- 15,476
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Think of JavaScript as an enhancement to your Web site, rather than one of the building blocks necessary for Web site development and you'll be fine.
Save the Internet - Use Opera | May my mother rest in peace: 1943-2009
Dan Schulz - Design Team Advisor | Follow me on Twitter
SitePoint References: HTML CSS JavaScript | Become A Guru
WordPress SEO Checklist | What WordPress Plugins Do You Use?
Web Standards Curriculum | Image Free Equal Height Columns
-
Dec 15, 2006, 20:26 #4
Thanks for the replies - just as I thought.
I will stick to using javascript for preliminary form validation .....
Thanks
-
Dec 16, 2006, 05:03 #5
-
Dec 16, 2006, 17:13 #6
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
There are no security issues with Javascript itself as all Javascript has access to is the current web page and other pages from the same site that it either opened, was opened by, or are displayed in other frames.
Javascript itself has minimal access to the browser functionality (all of which can be overridden by the browser owner). The only files it can read and write are cookies. The only other access that it has is to communicate with the server via Ajax. Those security issues that are blamed on Javascript are usually the person having not distinguished between Javascript and ActiveX which Internet Explorer uses with Javascript to create about 600+ security holes in the browser. As IE6 produces warning popups every time you visit a web page with activex disabled to block the security holes but Javascript still enabled many IE6 users turn off Javascript as well simply to get rid of all the stupid popups.
Any security issues relating to using Ajax relate to not implementing proper server side security measures the same as you would use if you were writing it exclusively server side. You can't rely on Javascript to implement the security that your application requires.Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
-
Dec 16, 2006, 20:24 #7
- Join Date
- Nov 2004
- Location
- Nelson BC
- Posts
- 2,310
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
According to this site:
http://www.thecounter.com/stats/
the number of users who have javascript disabled floats between 4 and 10%, depending on the month. I'm sure someone will disagree and say that it's not accurate but whatever, lets use those numbers for argument's sake.
A good percentage of those will turn on javascript if confronted with a page that they want to access that requires javascript, and tells that so in a nice non-threatening way.
That is for the general public. In a corporate environment, you may have the luxury of requiring javascript to be turned on for all machines (or off I suppose).
Therefore, if you're coding a corporate system, you can go ahead and use javascript all you want, if it's in the specs. If you're coding a public internet site, you have to figure out if you can live with (a percentage of 4-10%) not bothering with your site because it uses JS, and if not, go ahead and do all the extra work to make it work both ways.
-
Dec 17, 2006, 00:17 #8
- Join Date
- Mar 2005
- Location
- USA
- Posts
- 5,482
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Many web-apps require JavaScript, but there is a big difference between web-apps and normal web pages. The purpose of normal web pages is to provide information to the public, while a web-app's purpose it to allow the user to perform a task.
Roger Johansson made a blog post about this recently: You cannot rely on JavaScript being available. Period.We miss you, Dan Schulz.
Learn CSS. | X/HTML Validator | CSS validator
Dynamic Site Solutions
Code for Firefox, Chrome, Safari, & Opera, then add fixes for IE, not vice versa.
-
Dec 17, 2006, 07:06 #9
-
Dec 17, 2006, 08:04 #10
- Join Date
- Dec 2002
- Location
- Alabama, USA
- Posts
- 2,560
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
This question comes up ever so often - but this one has turned into a great thread. Excellent replies by everyone!
Originally Posted by felgall
Cross-Browser.com, Home of the X Library
-
Dec 17, 2006, 11:37 #11
Would also like to point out, as a case study, these forums use JavaScipt and Ajax a lot, but I guess that 'we', the targeted users, are the type of people to realise that we need to turn JavaScript on to use this site, so it does not matter that these forums rely on it.
-
Dec 17, 2006, 12:49 #12
- Join Date
- May 2006
- Location
- Aurora, Illinois
- Posts
- 15,476
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Actually, this site didn't use a lot of JavaScript until the vBulletin upgrade a couple weeks back
.
Save the Internet - Use Opera | May my mother rest in peace: 1943-2009
Dan Schulz - Design Team Advisor | Follow me on Twitter
SitePoint References: HTML CSS JavaScript | Become A Guru
WordPress SEO Checklist | What WordPress Plugins Do You Use?
Web Standards Curriculum | Image Free Equal Height Columns
-
Dec 17, 2006, 21:50 #13
- Join Date
- Apr 2006
- Posts
- 802
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
My goal is to produce sites that never even hint to a user that he is missing something if he can't run javascript.
Scripts and apps add value to a site, making it easier to navigate or more useful to the visitor, or easier on the server by reducing downloads.
When they start being the purpose of a site, however,
or even its main asset, you need better content.
-
Dec 17, 2006, 22:33 #14
- Join Date
- Sep 2005
- Location
- Tanzania
- Posts
- 4,662
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by mrwooster
-
Dec 18, 2006, 00:22 #15
- Join Date
- Sep 2005
- Location
- Sydney, NSW, Australia
- Posts
- 16,875
- Mentioned
- 25 Post(s)
- Tagged
- 1 Thread(s)
It is okay to use Javascript on a site as long as the site is still usable for those who don't have Javascript enabled. Best solution is to build the non-Javascript version first and then add the Javascript that enhances the site functionality for those with javascript enabled.
The only types of site that I can think of that can legitimately assume that javascript is enabled are intranets (wher you control the browser configuration as well as the site) and sites where the content is actually about Javascript itself (where obviously people need Javascript enabled in order to see the demo scripts function).Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
-
Dec 18, 2006, 06:43 #16
- Join Date
- Oct 2004
- Location
- Troy, Mi
- Posts
- 231
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I think you aren't taking into account the webcrawlers that google, yahoo, msn, and many other search engines are using to mine content. The crawlers don't support frames, javascript, or CSS; they are looking for content. I think that if you take away the "bots", you'll find that there's a very small percentage of internet users with javascript disabled.
-
Dec 18, 2006, 08:22 #17
- Join Date
- Sep 2005
- Location
- Tanzania
- Posts
- 4,662
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
What about content generated by javascript? Do the bots 'see' elements created by it, in the same way Firefox's DOM inspector and its View Selection Source do?
-
Dec 18, 2006, 16:35 #18
- Join Date
- Oct 2004
- Location
- Troy, Mi
- Posts
- 231
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Not as far as I know. As a rule of thumb, the bots will follow the href in a link. What I try to do is intercept normal HTML page behavior with JavaScript so if a user has it turned off, they have to wait for page reloads, etc. If they have JS enabled, the page will have the extra "niceties" like Ajax-generated content, etc.
If you make the content *only* available via JavaScript, the design should probably be refactored.
-
Dec 18, 2006, 16:53 #19
I have just noticed, for example on the sitepoint site, if you turn javascript off, links such as the search link, which normally pops up a little box using javascript, still work, but they link you to the full search page instead.
As you say, javascript should be used to enhance your site, but your site MUST still be accessible with javascript turned off.
-
Dec 19, 2006, 02:29 #20
- Join Date
- Jan 2005
- Location
- Too far up north
- Posts
- 1,566
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
MUST is a very strong word. Again, depends on the target audience and what kind of feature the website has. Take the organize sets in Flickr as an example. Or a chat functionality. Everything MUST not require to work with JavaScript off.
-
Dec 19, 2006, 04:01 #21
-
Dec 19, 2006, 04:05 #22
- Join Date
- Mar 2006
- Location
- Sweden
- Posts
- 451
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
No, not really. But you could javascript-redirect to a page, and if a user hits that page, you know that the user has javascript enabled.
-
Dec 19, 2006, 04:10 #23
- Join Date
- Jan 2005
- Location
- Too far up north
- Posts
- 1,566
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
... or make use the <noscript> tag
-
Dec 19, 2006, 13:20 #24
- Join Date
- May 2006
- Location
- Aurora, Illinois
- Posts
- 15,476
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Or just make the JavaScript unobtrusive in the first place, and use it to either modify or flat out replace existing content.
Save the Internet - Use Opera | May my mother rest in peace: 1943-2009
Dan Schulz - Design Team Advisor | Follow me on Twitter
SitePoint References: HTML CSS JavaScript | Become A Guru
WordPress SEO Checklist | What WordPress Plugins Do You Use?
Web Standards Curriculum | Image Free Equal Height Columns
-
Dec 20, 2006, 05:19 #25
- Join Date
- Oct 2004
- Location
- Troy, Mi
- Posts
- 231
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I think the funniest thing about unobtrusive javascript is that it brings me back to '96 when I wrote my first web "site" (it was really cheesy, but what do you expect when it's your first time?).
My first site, and several sites thereafter, relied on good HTML markup that functioned well from page to page. Even with the advent of PHP and ASP/VBScript, you still needed to make sure everything worked right.
With JavaScript becoming more popular as of late as well as the introduction of a plethora of libraries and helpers, people are suddenly worried about "what if javascript is turned off? Now my site won't' work!". We need to maintain that 90's mentality of building solid websites that function great without javascript (or CSS) - with the painful page reloads and everything - then "dress them up" with javascript to give the users a rich experience.
Of course, that doesn't mean we have to revert back to tables for layout, blockquotes for indentation, etc. It just means that it's important to code each page, template, and widget to be semantically correct and clean (a.k.a. devoid of inline event handlers and tags used to make stuff pretty). It's a lot easier than it sounds, and you'll end up with a much more maintainable code base once you're finished; the only changes you'll probably have to make for site enhancements will be to your .js files instead of your HTML.
Bookmarks