DEV Community

Ben Halpern
Ben Halpern

Posted on

Should browsers still allow users to disable JavaScript?

We asked the question "Should browsers still allow users to disable JavaScript?" in the State of the Web Survey we just finished up with, and the results might be surprising.

Nearly forty percent of our lovely community members voted that browsers should no longer allow users to disable JavaScript.

The feelings involved here cannot fully be expressed merely as a binary. What are your thoughts on this subject?

Discussion (82)

Collapse
theycallmenucci profile image
Steve Antonucci

As long as JavaScript can still be used to abuse the user and their experience on the client-side, yes browsers should still allow JavaScript to be blocked.

While it may degrade their experience to do so, it is a conscious choice by the user in this case and not something forced upon them by malignant code.

That's my .02 anyway. 😎

Collapse
ben profile image
Ben Halpern Author

I buy this. Frankly I’m pretty amazed by this vote split.

Collapse
theycallmenucci profile image
Steve Antonucci • Edited

I am too Ben. Very interesting. Thanks for calling it out.

I wonder if the split is maybe correlated between older and younger developers? It would be interesting to see if there's any particular pattern amongst the voters on each side.

Collapse
pbnj profile image
Peter Benjamin (he/they)

I am not amazed by this vote split. This is a classical example of self-selection bias.

Collapse
jshamg profile image
jshamg

I totally agree with you Steve. There are for example a lot of paranoid Linux guys that are using the Web in a Javascript free way. I know a couple :D. We shouldn't exclude them when developing browsers and Web pages. I always think about how my site works without Javascript and that all content is accessible in a certain way.

Collapse
theycallmenucci profile image
Steve Antonucci • Edited

Thank you jshamg. I'm a Linux guy myself. 😎 Though not a paranoid one... well... anymore. 😂

I'm glad that you're considerate and inclusive of your user's situations and content accessibility. We should all follow your example. 👍

Collapse
adhocore profile image
J

but does that come with the need of a version of web that just works without JS? now with the rise of all cool JS frameworks and paradigms things are much different than just losing small part of something when JS doesn't work, the whole site even doesn't render. so while it is upto user to disable their browser from executing JS but the site owner/developer should make sure they address those users.

Collapse
jvanbruegge profile image
Jan van Brügge

Just for performance reasons, you shouldnt require Javascript for your side to load. If you write your app in JS, get Node to render it on the server for you like in the old days.

I really get annoyed when a page just presents a basic shell and starts loading content with JS, for no particular reason. Design your websites so they are usable even without JS, it's not that hard

Thread Thread
adhocore profile image
J

apps delegating heavy lifting to browsers is also for saving server resources :)

Collapse
dfellini profile image
Dan Fellini

I firmly agree the consumer should be allowed to disable whatever they want.

But please understand, from my perspective as a one-dev shop at a nonprofit, I can't be all things to all people. I wish I could. But it's just not possible. So, when I build a JS-dependent page, it gets a noscript saying, "Sorry. Wish we could do better but we don't have the resources."

Does that suck? Kinda. Am I ok with it? Totally.

Collapse
abhishekcode profile image
Abhishek Singh

Hi, actually that's far better message than saying 'please enable Javascript' you are doing good

Collapse
quii profile image
Chris James

Have you considered how it might be cheaper to write a website with a progressive enhancement mindset instead? (obviously depends a lot on what you're building)

Collapse
rhymes profile image
rhymes • Edited

I recently had a conversation with @mangel0111 in the comments of his post How to survive to Chrome for Android disabling JavaScript for 2G or slower connections?.

My answer is yes:

  • yes because some websites are out of control on how much JS they deliver
  • yes because of trackers (kudos to Firefox that's going to disable them by default)
  • yes because a sizable chunk of the planet is still on 2G/3G (even in first world countries)
  • yes because a sizable chunk of the planet is still connected through satellite (even in first world countries)
  • yes because this "sword of Damocles" looming over use might force us web dev folks to rethink our choices and put the user back at the center. This made me think quite a bit: Dear Developer, The Web Isn't About You

I love JS but it's admittedly easy to lose perspective and go down the rabbit hole.

Update: another nice article about this subject is The Bullshit Web

Collapse
ben profile image
Ben Halpern Author

This is exactly the thing that was referenced when I had this convo IRL.

Chrome JS disabling on 2G is exactly the antithesis to this discussion.

I think we need to realize the difference between things that should be more like documents and more like rich applications.

DEV is rich, but it's like documents. If you come from Google to a post, you're here for the document. If you come to comment, message, react, interact in other ways, you're here for the application. Both are relevant use cases. The further you get into interactions, the more likely it will be that something might work, but the basic experience is document-driven.

Not that we do everything right but that's how I think about it.

Collapse
rhymes profile image
rhymes • Edited

Agree Ben.

Hopefully no one will introduce a standard HTTP header to tell the browser if the page is just a document or an app :D

Collapse
philnash profile image
Phil Nash

I was going to point out the Android Chrome 2G plans too. Not only will browsers continue to allow users to block JavaScript, they may also choose to themselves.

Great other reasons here 👍

Collapse
rhymes profile image
rhymes

Thanks!

Collapse
theycallmenucci profile image
Steve Antonucci

Thanks for the link to the Dear Developer article! I enjoyed the read.

Collapse
gypsydave5 profile image
David Wickes

Good list, good reasons. Two thumbs up!

Collapse
rhymes profile image
rhymes

thanks!

Collapse
philnash profile image
Phil Nash

It doesn't matter whether a user can block JavaScript or not.

Loading scripts normally relies on the network, there is always the chance that the load will fail and the user will be left without the site's JavaScript anyway. Or it will partially load and only part of the JavaScript will be available.

This is not the user's fault, nor the developer's fault. But regardless, you now have a user on your site without JavaScript.

1% of all JavaScript requests on Buzzfeed timeout, that's 13 million requests a month.

It is up to developers to make their sites work (or at least fallback gracefully) whether JavaScript is or isn't available. The reason for JavaScript being unavailable, whether it's user choice, network conditions or browser interventions, is unimportant. Building a resilient experience is the only way we can serve our users best.

Collapse
gypsydave5 profile image
David Wickes

It is up to developers to make their sites work (or at least fallback gracefully) whether JavaScript is or isn't available. The reason for JavaScript being unavailable, whether it's user choice, network conditions or browser interventions, is unimportant. Building a resilient experience is the only way we can serve our users best.

Quote of the day for me.

Collapse
tux0r profile image
tux0r

My thoughts on the subject at hand are what I have expressed numerous times over the past few days alone: We should actively contribute to the common knowledge. It is our job to explain why "oooh, it's shiny" also means "oooh, it runs other people's code on my computer".

38.9 percent - a surprisingly small number! - of all voters seem to consider their web browser to be a replacement for an actual operating system. Now DEV is rather web-focused in some aspects, and you'd get very different results in a C community or something...

There is no excuse for a website to not display anything without JavaScript enabled. Many web developers make that mistake though, thinking that "nobody disables JavaScript anyway". Let us change that!

Collapse
mortoray profile image
edA‑qa mort‑ora‑y

I feel my article about ads is relevant here. The primary use of JavaScript appears to be invade user's privacy and inject stuff from external places.

I'd be happy with an option to disable third-party JavaScript. Only JS coming from the same domain would be allowed.

Collapse
alephnaught2tog profile image
Max Cerrina

disable third-party JavaScript

I like that idea a lot.

Collapse
jvanbruegge profile image
Jan van Brügge

It's not hard to serve the script from your domain instead, just use a reverse proxy. This is not really a solution at all

Thread Thread
mortoray profile image
edA‑qa mort‑ora‑y

It makes a difference though. A reverse proxy avoids one of the problems with tracking by third parties. No longer does the Google CDN get knowledge of everybody who accesses your website.

Security is also improved since the domain of origin of this script is the same as the host domain. Combined with limited third domain access it neuters some of the abuse that JS can currently do.

It also serves all the content from one domain, allowing a single HTTP connection to be used. This reduces connection overhead and speeds up the page.

It also forces the content to be handled by the host domain, which then puts a little bit of pressure to not overload the hosting.

Collapse
carlosmgspires profile image
Carlos Pires
  1. Your chart lacks labels.
  2. YES. My computer is my property. It is not the property of web developers. Asking such questions is akin to asking "Should TV stations allow audiences to use their remote controls?"
Collapse
thorstenhirsch profile image
Thorsten Hirsch

Thank you Carlos for bringing this up (#1).

@ben : Please use labels. You're using blue for no and red for yes. Come on - that's crazy!

Collapse
danieljsummers profile image
Daniel J. Summers

Of course a user should be allowed to disabled JavaScript, or images, or CSS, or any other thing. Their browser, their bandwidth, their connectivity fees, their choice.

That doesn't mean that sites can't say "Hey, friend - we need JavaScript to be useful; if you don't enable it, you won't be able to use our site." (Same last sentence as the paragraph above...)

:)

TL;DR - 38.9% of respondents need some perspective.

Collapse
alephnaught2tog profile image
Max Cerrina

I honestly don't feel like it's that hard of a question, but I guess it is more divisive than I thought. I feel like for many things, you can opt in or out -- don't want to use Photoshop? Use Gimp! Hate Java? Use only Swift-based stuff! (I am making stuff up here.)

But you really can't do that for the most part with the Internet. There's mostly just one of it, and you use browsers to interact with it. You caaaaaaaaaaaaaaan argue that "people who don't want to use Javascript can just skip the Internet" but that seems a) well, rude, frankly and b) the Internet is pretty solidly filling a real big spot in the world that is not easily replaceable.

Doesn't mean your site has to do a damn thing for them. (I mean, I personally think you probably should, but.) If you don't want people with no Javascript to use your site, that's just fine, then just ... offer them nothing, I guess, or offer them a really shitty user experience?

I just honestly cannot fathom any reason for feeling that users shouldn't be able to disallow it on their own browsers.

Collapse
ignoreintuition profile image
Brian Greig

Content is the reason users are coming to your site. Javascript should be used to enhance the experience. Your site should degrade gracefully allowing users to turn off JS and still access the content they came for.

Collapse
ferricoxide profile image
Thomas H Jones II

I can only assume that the 38.9% that said no fall into three camps:

  • They don't know what JS is
  • They've never been on the receiving end of JS-based abuse
  • They're developers who care a little bit too much about whether the JS code they've slaved over gets seen.
Collapse
garthvador profile image
Quentin Caillaud

Reading the answers (except @rhymes answer, sory if I missed others...), I notice that even if internet is supposed to be worldwide, in the developers mind it is thought only for occidental world (I am guilty of that too).
We often forget that there is a lot of people in the world with a very limited access to the web, and js can ruin their access to your creation.

It is not really the internet I want to see.
It's nice to have js, but it should also work without it.

Collapse
quii profile image
Chris James • Edited

It's a little dispiriting how I'm not surprised about these results but this is one of the reasons I wrote

It needs to be made clear that there are technical, ethical and business reasons to only use Javascript if it's necessarry

A lot of people reacted quite angrily (outside this website) to the article as they seemed to think I "hated javascript". I don't, it can accomplish wonderful things for websites. What I hate is it being the go to solution for everything ignoring all of the trade-offs you make when you decide to use it.

My colleague and overall amazing guy

gypsydave5 image
and I have a plan to try and help address this concern which hopefully we can show everyone soon-ish
Collapse
sethusenthil profile image
Sethu Senthil

Yes they should, probably not browsers like Google chrome but browsers like Tor should definitely keep this feature for security reasons. Believe it or not the dark web is mostly just HTML and CSS with super minimal JavaScript.

Collapse
gypsydave5 profile image
David Wickes

Sounds like sites on the dark web are written by people who know what they're doing.

Collapse
alainvanhout profile image
Alain Van Hout • Edited

People are reading this question in (at least two) different ways:

  • Should it be technically possible to disable loading of .js files?
  • Should websites that use JavaScript still offer (however minimal) usability when JavaScript has been disabled?

For me the answer to the first question would be an unequivocal 'yes', while for the second one it would be 'no, not necessarily'.

Collapse
pojntfx profile image
Felix Pojtinger

As a free software guy, I want to run FLOSS as often as possible - and yes, JS on the web is mostly proprietary (although most people just tend to ignore that). Thus, I guess it's definitely important to give the end user the freedom to not automatically run proprietary software - and keep things like noscript around.

Collapse
c0derr0r profile image
Irkan Hadi

I have to say, I am surprised by the vote.

The user should always have the choice, there are a lot of exploits that abuse javascript and the users have the right to "defend" themselves.

If your site doesn't handle disabled javascript gracefully then it is your fault, not the users.

Collapse
revskill10 profile image
Truong Hoang Dung • Edited

I think Javascript could be used to ask user: This site uses Javascript for interactivity, do you agree to run Javascript on this site ?

That's it. Treat running Javascript as Cookie. And let user accept it or not.
The merit here is: Please tell user what the javascript has done to user's site, let user know and let them decide on their own.

Collapse
renannobile profile image
Renan Lourençoni Nobile

But isn't that a bad practice? I mean, not everybody knows what javascript is right?

Collapse
peteraba profile image
Peter Aba • Edited

oh god, no! and also take the f'in' cookie questions away already! they're worthless. (I know it's legally not possible at the moment, but the laws should be changed ASAP.)

Collapse
kspeakman profile image
Kasey Speakman • Edited

I don't disable Javascript. Most of the apps I write will not function with JS disabled. I am not aware of the use cases for running a browser with JS disabled in the web of today. (Maybe someone else can fill in that info.) But I support end users having the choice to do so.

Collapse
matansilver profile image
Matan Silver

Often sites that rely on JS to render content are difficult for accessibility programs to interpret, which matters greatly for people with vision disabilities and others. Many people also don't want to allow a site they may not trust to use their computer's resources to do who knows what--plenty of apps have even been caught mining cryptocurrency on client hardware with JS. Ever click a link to Imgur and have to wait 10 seconds... for an image? HTML/CSS has a very small attack surface. With all the security scares in NPM, are you confident that you aren't opening your clients up to unnecessary risks? I'm not.

As a developer, rendering on the server allows you to cache content much more aggressively, across multiple clients, and not just cache content per client locally. Sometimes I don't want to make a single page app. Sometimes, applications fit very well into the CRUD model, and it is just so elegant to do that server side and with forms.

Collapse
lietux profile image
Janne "Lietu" Enberg

There are systems that aren't worth the effort to make them work without JS, but there's a lot of things out there using JS that really shouldn't be. Ads for example.

What HTML, JS, and browser developers need to be doing is adding more granularity so you can say: "I want to block ads from using JS", "I want to block automatic video playing", etc. things that are consistently abused on the internet. Also adding questions like "do you trust this website with access to your GPU" would be nice. That way the need for browser-wide blocking of JS is going to be significantly reduced.

Brave seems to be showing the way forward with this, unfortunately with it's almost non-existent extension library I can't yet switch to using it, and their built-in ad blocking is no where near as good as uBlock Origin and Privacy Badger combined.

With uBlock Origin when I just see an annoying element on a site I can just block it, and I find that incredibly important a feature. With uBlock Origin and Privacy Badger I can feel fairly safe using the internet with JS turned on.

If there's additional security layers forced on advertisers and other scum of the earth that don't care at all about the people they infect with their code, then I might tolerate the internet without blocking all ads too.

Collapse
lietux profile image
Janne "Lietu" Enberg

Also why people build simple homepages relying solely on client-side rendering with React and the like is beyond my capability to comprehend. I can understand having a few added things via JS, dialogs, and the like, but relying on JS to just render it is .. simply wrong.

Also if done properly with server-side rendering then that's ok too, but let's face it. People just say you can do server-side rendering with these things, but never do it.

Collapse
rhymes profile image
rhymes

I think because SSR is a bummer if you're not using JS on the server. A lot of frameworks don't support it, not easily at least. There's not that much documentation.

Collapse
timothymehlhorn profile image
Tim Mehlhorn

YES!

For the content discovery side of things, a good chunk of crawlers still do not run javascript (google being an exception).

Debugging why a social share (OG meta tags) is not working correctly would be a complete pain if one could not disable javascript see what is being served to the crawlers.

Collapse
mikeyroy profile image

For anybody in the camp that thinks users shouldn't be able to disable JS, load up any news article from any news site in a browser with no extensions enabled & try the page both with & without JS enabled. Which would you rather use? I'll take the lightweight content without heaps of ad, popup & video scripts served up from JS any day.

The internet is both better with and without JS, and the user should be the one to determine if they want to run it or not on a case by case basis. As a developer you can decide what restrictions you want to place on the end user for the intended experience. If you want your site to not function without JS, that's fine, not optimal, but fine.

What I think mobile browser developers should do is surface a toggle to turn off JS more readily on a site by site or global basis rather than have it buried in the settings. That could make mobile browsing significantly better.

Collapse
gwunhar profile image
Mardoch

Running a JS whitelist in your browser is just web hygiene at this point. Clicking a link my wife sent me is not my automatic consent for you to run 3mb of arbitrary code on my machine. In no other context would this be considered sane.

So yeah, from now to forever JS needs to be blockable because consent matters.

Collapse
mudlabs profile image
Sam • Edited

There's no reason to disable this feature.

The main reason devs seem to want this is so they can build cool stuff. It's like, hay I spent hours building this cool thing and you're not going to look at it? WTF!


If we can agree that the primary goal of web development is to create synergy between business needs and user needs, something like that. Then we can say as project value deliverability and user accessibility diverge, there is diminishing value. Diminishing value for the user to the business, and the business to the user.

If the needs of a project requires JavaScript but the user, for what ever reason needs it disabled, does it matter? Is this user "important" to the business? Does this business have any actionable value to the user?

It's the job of developers to bridge the business <-> user dived as much as possible. While maximising the business needs "first".

If this principle leads development, those who need find value will find value.

Collapse
tforster profile image
Troy Forster

I would argue that almost all users do not know what JavaScript is, that it can be turned off, how to turn it off, and most of all just don't care.

However, I believe the on/off switch should remain in the browser but relegated to deep configuration or command line flags. It should be viewed in the same prioritisation as disabling CSS, images, video support, etc.

At the end of the day it's most likely going to be developers and technically minded people understanding and wanting to adjust these settings.

Collapse
bigj1m profile image
Jean-Michel Plourde

There is lovely extension that does that job anyway to block javascript. My favorite being noscript

Collapse
tux0r profile image
tux0r

I moved on from NoScript to uMatrix. If you're interested in technology and you are fine with having to spend a couple of days to configure your whitelist, the two-dimensional matrix might be a superior choice than NoScript's "Yes/No".

Collapse
bigj1m profile image
Jean-Michel Plourde

Yes, I am aware of uMatrix and how it is designed to work with uBlock Origin which I have. Fortunately NoScript is working well and I am good with the "Yes/No/ behavior.

Collapse
jackharner profile image
Jack Harner 🚀

If your whole app is based on JavaScript or whatever flavor framework, of course you're going to want to stop letting people break your app with a checkbox in settings. That's a, I would assume, large-enough-to-matter amount of lost customers.

Collapse
niorad profile image
Antonio Radovcic

It's not a separate web, it's just websites that ain't on google.

Thread Thread
sethusenthil profile image
Sethu Senthil

Yeah your totally right, but some websites on the 'dark web' can be used to track you. In fact, that's why everyone using Tor never go fullscreen since they can potentially find out what device one is using. Since dark web websites get minimal traffic, it's easy to map out the regular users if their screen sizes stayed consistent.

Collapse
bgadrian profile image
Adrian B.G.

Even the devs who probably are biased didnt agree on this so ..

As for low connectivity reason I think is false, images are the biggest resources so if you want faster load times disable the images not JS.

As for the fallback with no JS there is no economic incentive to do this, except if you address to a specific audience with these issues as a majority.

Collapse
sethusenthil profile image
Sethu Senthil

Kinda, Tor is just the 'first step'. Since there is no Google alternative for the dark web (which is one of the reasons why it is 'the dark web') you will need to find out the links yourself. I heavily recommend using a VPN as well as the tiles OS (made for Tor) on a virtual machine. BTW The 'hidden' wiki is not close to the real dark web.