Should browsers still allow users to disable JavaScript?

・1 min read

We asked the question "Should browsers still allow users to disable JavaScript?" in the State of the Web Survey we just finished up with, and the results might be surprising.

Nearly forty percent of our lovely community members voted that browsers should no longer allow users to disable JavaScript.

The feelings involved here cannot fully be expressed merely as a binary. What are your thoughts on this subject?

DISCUSS (81)
 

As long as JavaScript can still be used to abuse the user and their experience on the client-side, yes browsers should still allow JavaScript to be blocked.

While it may degrade their experience to do so, it is a conscious choice by the user in this case and not something forced upon them by malignant code.

That's my .02 anyway. 😎

 

I buy this. Frankly I’m pretty amazed by this vote split.

 

I am too Ben. Very interesting. Thanks for calling it out.

I wonder if the split is maybe correlated between older and younger developers? It would be interesting to see if there's any particular pattern amongst the voters on each side.

 

I am not amazed by this vote split. This is a classical example of self-selection bias.

 

I totally agree with you Steve. There are for example a lot of paranoid Linux guys that are using the Web in a Javascript free way. I know a couple :D. We shouldn't exclude them when developing browsers and Web pages. I always think about how my site works without Javascript and that all content is accessible in a certain way.

 

Thank you jshamg. I'm a Linux guy myself. 😎 Though not a paranoid one... well... anymore. 😂

I'm glad that you're considerate and inclusive of your user's situations and content accessibility. We should all follow your example. 👍

 

but does that come with the need of a version of web that just works without JS? now with the rise of all cool JS frameworks and paradigms things are much different than just losing small part of something when JS doesn't work, the whole site even doesn't render. so while it is upto user to disable their browser from executing JS but the site owner/developer should make sure they address those users.

 

Just for performance reasons, you shouldnt require Javascript for your side to load. If you write your app in JS, get Node to render it on the server for you like in the old days.

I really get annoyed when a page just presents a basic shell and starts loading content with JS, for no particular reason. Design your websites so they are usable even without JS, it's not that hard

apps delegating heavy lifting to browsers is also for saving server resources :)

 

I firmly agree the consumer should be allowed to disable whatever they want.

But please understand, from my perspective as a one-dev shop at a nonprofit, I can't be all things to all people. I wish I could. But it's just not possible. So, when I build a JS-dependent page, it gets a noscript saying, "Sorry. Wish we could do better but we don't have the resources."

Does that suck? Kinda. Am I ok with it? Totally.

 

Hi, actually that's far better message than saying 'please enable Javascript' you are doing good

 

Have you considered how it might be cheaper to write a website with a progressive enhancement mindset instead? (obviously depends a lot on what you're building)

 

I recently had a conversation with @mangel0111 in the comments of his post How to survive to Chrome for Android disabling JavaScript for 2G or slower connections?.

My answer is yes:

  • yes because some websites are out of control on how much JS they deliver
  • yes because of trackers (kudos to Firefox that's going to disable them by default)
  • yes because a sizable chunk of the planet is still on 2G/3G (even in first world countries)
  • yes because a sizable chunk of the planet is still connected through satellite (even in first world countries)
  • yes because this "sword of Damocles" looming over use might force us web dev folks to rethink our choices and put the user back at the center. This made me think quite a bit: Dear Developer, The Web Isn't About You

I love JS but it's admittedly easy to lose perspective and go down the rabbit hole.

Update: another nice article about this subject is The Bullshit Web

 

This is exactly the thing that was referenced when I had this convo IRL.

Chrome JS disabling on 2G is exactly the antithesis to this discussion.

I think we need to realize the difference between things that should be more like documents and more like rich applications.

DEV is rich, but it's like documents. If you come from Google to a post, you're here for the document. If you come to comment, message, react, interact in other ways, you're here for the application. Both are relevant use cases. The further you get into interactions, the more likely it will be that something might work, but the basic experience is document-driven.

Not that we do everything right but that's how I think about it.

 

Agree Ben.

Hopefully no one will introduce a standard HTTP header to tell the browser if the page is just a document or an app :D

 

Thanks for the link to the Dear Developer article! I enjoyed the read.

 

I was going to point out the Android Chrome 2G plans too. Not only will browsers continue to allow users to block JavaScript, they may also choose to themselves.

Great other reasons here 👍

 
 
 

It doesn't matter whether a user can block JavaScript or not.

Loading scripts normally relies on the network, there is always the chance that the load will fail and the user will be left without the site's JavaScript anyway. Or it will partially load and only part of the JavaScript will be available.

This is not the user's fault, nor the developer's fault. But regardless, you now have a user on your site without JavaScript.

1% of all JavaScript requests on Buzzfeed timeout, that's 13 million requests a month.

It is up to developers to make their sites work (or at least fallback gracefully) whether JavaScript is or isn't available. The reason for JavaScript being unavailable, whether it's user choice, network conditions or browser interventions, is unimportant. Building a resilient experience is the only way we can serve our users best.

 

It is up to developers to make their sites work (or at least fallback gracefully) whether JavaScript is or isn't available. The reason for JavaScript being unavailable, whether it's user choice, network conditions or browser interventions, is unimportant. Building a resilient experience is the only way we can serve our users best.

Quote of the day for me.

 

My thoughts on the subject at hand are what I have expressed numerous times over the past few days alone: We should actively contribute to the common knowledge. It is our job to explain why "oooh, it's shiny" also means "oooh, it runs other people's code on my computer".

38.9 percent - a surprisingly small number! - of all voters seem to consider their web browser to be a replacement for an actual operating system. Now DEV is rather web-focused in some aspects, and you'd get very different results in a C community or something...

There is no excuse for a website to not display anything without JavaScript enabled. Many web developers make that mistake though, thinking that "nobody disables JavaScript anyway". Let us change that!

 

I feel my article about ads is relevant here. The primary use of JavaScript appears to be invade user's privacy and inject stuff from external places.

I'd be happy with an option to disable third-party JavaScript. Only JS coming from the same domain would be allowed.

 

disable third-party JavaScript

I like that idea a lot.

 

It's not hard to serve the script from your domain instead, just use a reverse proxy. This is not really a solution at all

It makes a difference though. A reverse proxy avoids one of the problems with tracking by third parties. No longer does the Google CDN get knowledge of everybody who accesses your website.

Security is also improved since the domain of origin of this script is the same as the host domain. Combined with limited third domain access it neuters some of the abuse that JS can currently do.

It also serves all the content from one domain, allowing a single HTTP connection to be used. This reduces connection overhead and speeds up the page.

It also forces the content to be handled by the host domain, which then puts a little bit of pressure to not overload the hosting.

 
 
  1. Your chart lacks labels.
  2. YES. My computer is my property. It is not the property of web developers. Asking such questions is akin to asking "Should TV stations allow audiences to use their remote controls?"
 

Thank you Carlos for bringing this up (#1).

@ben : Please use labels. You're using blue for no and red for yes. Come on - that's crazy!

 

Of course a user should be allowed to disabled JavaScript, or images, or CSS, or any other thing. Their browser, their bandwidth, their connectivity fees, their choice.

That doesn't mean that sites can't say "Hey, friend - we need JavaScript to be useful; if you don't enable it, you won't be able to use our site." (Same last sentence as the paragraph above...)

:)

TL;DR - 38.9% of respondents need some perspective.

 
 

I honestly don't feel like it's that hard of a question, but I guess it is more divisive than I thought. I feel like for many things, you can opt in or out -- don't want to use Photoshop? Use Gimp! Hate Java? Use only Swift-based stuff! (I am making stuff up here.)

But you really can't do that for the most part with the Internet. There's mostly just one of it, and you use browsers to interact with it. You caaaaaaaaaaaaaaan argue that "people who don't want to use Javascript can just skip the Internet" but that seems a) well, rude, frankly and b) the Internet is pretty solidly filling a real big spot in the world that is not easily replaceable.

Doesn't mean your site has to do a damn thing for them. (I mean, I personally think you probably should, but.) If you don't want people with no Javascript to use your site, that's just fine, then just ... offer them nothing, I guess, or offer them a really shitty user experience?

I just honestly cannot fathom any reason for feeling that users shouldn't be able to disallow it on their own browsers.

 

I can only assume that the 38.9% that said no fall into three camps:

  • They don't know what JS is
  • They've never been on the receiving end of JS-based abuse
  • They're developers who care a little bit too much about whether the JS code they've slaved over gets seen.
 

People are reading this question in (at least two) different ways:

  • Should it be technically possible to disable loading of .js files?
  • Should websites that use JavaScript still offer (however minimal) usability when JavaScript has been disabled?

For me the answer to the first question would be an unequivocal 'yes', while for the second one it would be 'no, not necessarily'.

 

Content is the reason users are coming to your site. Javascript should be used to enhance the experience. Your site should degrade gracefully allowing users to turn off JS and still access the content they came for.

 

Reading the answers (except @rhymes answer, sory if I missed others...), I notice that even if internet is supposed to be worldwide, in the developers mind it is thought only for occidental world (I am guilty of that too).
We often forget that there is a lot of people in the world with a very limited access to the web, and js can ruin their access to your creation.

It is not really the internet I want to see.
It's nice to have js, but it should also work without it.

 

It's a little dispiriting how I'm not surprised about these results but this is one of the reasons I wrote

It needs to be made clear that there are technical, ethical and business reasons to only use Javascript if it's necessarry

A lot of people reacted quite angrily (outside this website) to the article as they seemed to think I "hated javascript". I don't, it can accomplish wonderful things for websites. What I hate is it being the go to solution for everything ignoring all of the trade-offs you make when you decide to use it.

My colleague and overall amazing guy

gypsydave5 image
and I have a plan to try and help address this concern which hopefully we can show everyone soon-ish
 

Yes they should, probably not browsers like Google chrome but browsers like Tor should definitely keep this feature for security reasons. Believe it or not the dark web is mostly just HTML and CSS with super minimal JavaScript.

 

Sounds like sites on the dark web are written by people who know what they're doing.

 

Cool! How does one access the dark web, by the way? Through Tor?

 

It's not a separate web, it's just websites that ain't on google.

Yeah your totally right, but some websites on the 'dark web' can be used to track you. In fact, that's why everyone using Tor never go fullscreen since they can potentially find out what device one is using. Since dark web websites get minimal traffic, it's easy to map out the regular users if their screen sizes stayed consistent.

 

Kinda, Tor is just the 'first step'. Since there is no Google alternative for the dark web (which is one of the reasons why it is 'the dark web') you will need to find out the links yourself. I heavily recommend using a VPN as well as the tiles OS (made for Tor) on a virtual machine. BTW The 'hidden' wiki is not close to the real dark web.

 

There are systems that aren't worth the effort to make them work without JS, but there's a lot of things out there using JS that really shouldn't be. Ads for example.

What HTML, JS, and browser developers need to be doing is adding more granularity so you can say: "I want to block ads from using JS", "I want to block automatic video playing", etc. things that are consistently abused on the internet. Also adding questions like "do you trust this website with access to your GPU" would be nice. That way the need for browser-wide blocking of JS is going to be significantly reduced.

Brave seems to be showing the way forward with this, unfortunately with it's almost non-existent extension library I can't yet switch to using it, and their built-in ad blocking is no where near as good as uBlock Origin and Privacy Badger combined.

With uBlock Origin when I just see an annoying element on a site I can just block it, and I find that incredibly important a feature. With uBlock Origin and Privacy Badger I can feel fairly safe using the internet with JS turned on.

If there's additional security layers forced on advertisers and other scum of the earth that don't care at all about the people they infect with their code, then I might tolerate the internet without blocking all ads too.

 

Also why people build simple homepages relying solely on client-side rendering with React and the like is beyond my capability to comprehend. I can understand having a few added things via JS, dialogs, and the like, but relying on JS to just render it is .. simply wrong.

Also if done properly with server-side rendering then that's ok too, but let's face it. People just say you can do server-side rendering with these things, but never do it.

 

I think because SSR is a bummer if you're not using JS on the server. A lot of frameworks don't support it, not easily at least. There's not that much documentation.

 

I have to say, I am surprised by the vote.

The user should always have the choice, there are a lot of exploits that abuse javascript and the users have the right to "defend" themselves.

If your site doesn't handle disabled javascript gracefully then it is your fault, not the users.

 

I think Javascript could be used to ask user: This site uses Javascript for interactivity, do you agree to run Javascript on this site ?

That's it. Treat running Javascript as Cookie. And let user accept it or not.
The merit here is: Please tell user what the javascript has done to user's site, let user know and let them decide on their own.

 

But isn't that a bad practice? I mean, not everybody knows what javascript is right?

 

oh god, no! and also take the f'in' cookie questions away already! they're worthless. (I know it's legally not possible at the moment, but the laws should be changed ASAP.)

 

As a free software guy, I want to run FLOSS as often as possible - and yes, JS on the web is mostly proprietary (although most people just tend to ignore that). Thus, I guess it's definitely important to give the end user the freedom to not automatically run proprietary software - and keep things like noscript around.

 

For anybody in the camp that thinks users shouldn't be able to disable JS, load up any news article from any news site in a browser with no extensions enabled & try the page both with & without JS enabled. Which would you rather use? I'll take the lightweight content without heaps of ad, popup & video scripts served up from JS any day.

The internet is both better with and without JS, and the user should be the one to determine if they want to run it or not on a case by case basis. As a developer you can decide what restrictions you want to place on the end user for the intended experience. If you want your site to not function without JS, that's fine, not optimal, but fine.

What I think mobile browser developers should do is surface a toggle to turn off JS more readily on a site by site or global basis rather than have it buried in the settings. That could make mobile browsing significantly better.

 

YES!

For the content discovery side of things, a good chunk of crawlers still do not run javascript (google being an exception).

Debugging why a social share (OG meta tags) is not working correctly would be a complete pain if one could not disable javascript see what is being served to the crawlers.

 

I don't disable Javascript. Most of the apps I write will not function with JS disabled. I am not aware of the use cases for running a browser with JS disabled in the web of today. (Maybe someone else can fill in that info.) But I support end users having the choice to do so.

 

Often sites that rely on JS to render content are difficult for accessibility programs to interpret, which matters greatly for people with vision disabilities and others. Many people also don't want to allow a site they may not trust to use their computer's resources to do who knows what--plenty of apps have even been caught mining cryptocurrency on client hardware with JS. Ever click a link to Imgur and have to wait 10 seconds... for an image? HTML/CSS has a very small attack surface. With all the security scares in NPM, are you confident that you aren't opening your clients up to unnecessary risks? I'm not.

As a developer, rendering on the server allows you to cache content much more aggressively, across multiple clients, and not just cache content per client locally. Sometimes I don't want to make a single page app. Sometimes, applications fit very well into the CRUD model, and it is just so elegant to do that server side and with forms.

 

There is lovely extension that does that job anyway to block javascript. My favorite being noscript

 

I moved on from NoScript to uMatrix. If you're interested in technology and you are fine with having to spend a couple of days to configure your whitelist, the two-dimensional matrix might be a superior choice than NoScript's "Yes/No".

 

Yes, I am aware of uMatrix and how it is designed to work with uBlock Origin which I have. Fortunately NoScript is working well and I am good with the "Yes/No/ behavior.

 

There's no reason to disable this feature.

The main reason devs seem to want this is so they can build cool stuff. It's like, hay I spent hours building this cool thing and you're not going to look at it? WTF!


If we can agree that the primary goal of web development is to create synergy between business needs and user needs, something like that. Then we can say as project value deliverability and user accessibility diverge, there is diminishing value. Diminishing value for the user to the business, and the business to the user.

If the needs of a project requires JavaScript but the user, for what ever reason needs it disabled, does it matter? Is this user "important" to the business? Does this business have any actionable value to the user?

It's the job of developers to bridge the business <-> user dived as much as possible. While maximising the business needs "first".

If this principle leads development, those who need find value will find value.

 

If your whole app is based on JavaScript or whatever flavor framework, of course you're going to want to stop letting people break your app with a checkbox in settings. That's a, I would assume, large-enough-to-matter amount of lost customers.

 

No, browsers should not allow that anymore.

Can't believe the results! With stuff like React powering almost everything, how will disabling JavaScript ever help? Besides, your favorite shopping website relies on JS to read cookies for many things, without which you'd be left with a visit to the market every time. :)

 

Running a JS whitelist in your browser is just web hygiene at this point. Clicking a link my wife sent me is not my automatic consent for you to run 3mb of arbitrary code on my machine. In no other context would this be considered sane.

So yeah, from now to forever JS needs to be blockable because consent matters.

 

It's pretty binary: nearly forty percent of our lovely community members are wrong. If you can't control what runs on your computer, you're no longer a user -- you're being used.

 

Even the devs who probably are biased didnt agree on this so ..

As for low connectivity reason I think is false, images are the biggest resources so if you want faster load times disable the images not JS.

As for the fallback with no JS there is no economic incentive to do this, except if you address to a specific audience with these issues as a majority.

 

I believe that there should always be a control for the end user to choose with. In fact, that's the foundational beauty of the open source-ness of the web.
Also, end of the day, its the end user who's at the using part of the phone/computer who would want what he wants. Taking away the control from him would only make him just accept what is on his plate. By giving him an option, the web is allowing him to choose to skip the beans if he does not want to. Even if the web would like to argue that the beans are good for him. Also, the one who's disabling it is more likely to know its effects(poor un-interactive webpages).

I'd like it if there would be a choice to enable/disable it. But what I also want would be is it being slightly less obvious for an average surfer to mess with.

Classic DEV Post from Feb 20

Help build a list of awesome .dev sites

A growing list of awesome .dev sites

A Canadian software developer who thinks he’s funny.