Disabled JavaScript myths

A lot of people are debating on whether or not is it worth developing for users that have disabled JavaScript or not. I already talked about this, so instead I am gonna bust a few myths that are supposed to be reasons for disabling it:

1) Using JavaScript is insecure.

JavaScript is a programing language, not a security hole. Calling JavaScript a security hole is the same as calling any other programming language a security vulnerability. In fact JavaScript’s DOM environment is one of the few that makes a difference between user and non-user generated events on a very deep level.

2) JavaScript is a privacy threat.

JavaScript has nothing to do with privacy, cookies should be disabled for better privacy, but then very few login systems would actually work.

3) JavaScript saves bandwidth.

Well actually quite the opposite is true, while you do not download the JavaScript source files, you actually end up downloading a whole page on every interaction instead of partial page replacements with AJAX. Also JS files are cached so a lot of common knowledge on interaction could be cached, thus requiring only the least amount of information from the server.

I assume most users who disable JavaScript simply don’t understand it or have a computer and browser combination from the last millennium, or maybe simply feel to classy or old schoolish for this. I wonder how many of them leave Flash enabled…

This entry was posted on Wednesday, October 13th, 2010 at 9:34 pm and is filed under AJAX, JavaScript. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Disabled JavaScript myths”

  1. Antal István Miklós says:
    October 13, 2010 at 9:41 pm

    RT @djdarkman: Disabled JavaScript myths http://bit.ly/agwkTS

  2. eglasius says:
    October 13, 2010 at 10:09 pm

    So stuff like this doesn’t exist: http://eu.techcrunch.com/2010/09/21/warning-mouseover-tweets-security-flaw-is-wreaking-havoc-on-twitter/?

    There are plenty other examples.

    Nowadays we can expect JavaScript, but that doesn’t mean you disregard valid concerns just like that.

  3. István Miklós Antal says:
    October 14, 2010 at 11:46 am

    That is Twitter’s fault, they fixed it, Game Over. It doesn’t mean I should always cripple my browser, just in case.

  4. javascript says:
    October 15, 2010 at 2:18 am

    Disabled JavaScript myths: http://bit.ly/dBxdrl via @addthis

  5. raveren says:
    October 22, 2010 at 9:57 am

    Javascript opens up vulnerabilities on the browser to steal user cookies. So the first two points are invalid and irrelevant.

    The third one is just weird – most probably meaningless filler.

  6. István Miklós Antal says:
    October 24, 2010 at 3:49 pm

    How does JavaScript opens up that vulnerability? And what can you do with a cookie? If I secure my site from the server side and not let third party script get on my site, I doubt that you could exploit anything. It’s not JavaScript that enables XSS, it’s the server side mistakes.

Leave a Reply

You must be logged in to post a comment.