We asked the question "Should browsers still allow users to disable JavaScript?" in the State of the Web Survey we just finished up with, and the r...
For further actions, you may consider blocking this person and/or reporting abuse
As long as JavaScript can still be used to abuse the user and their experience on the client-side, yes browsers should still allow JavaScript to be blocked.
While it may degrade their experience to do so, it is a conscious choice by the user in this case and not something forced upon them by malignant code.
That's my .02 anyway. π
I buy this. Frankly Iβm pretty amazed by this vote split.
I am too Ben. Very interesting. Thanks for calling it out.
I wonder if the split is maybe correlated between older and younger developers? It would be interesting to see if there's any particular pattern amongst the voters on each side.
I am not amazed by this vote split. This is a classical example of self-selection bias.
I totally agree with you Steve. There are for example a lot of paranoid Linux guys that are using the Web in a Javascript free way. I know a couple :D. We shouldn't exclude them when developing browsers and Web pages. I always think about how my site works without Javascript and that all content is accessible in a certain way.
Thank you jshamg. I'm a Linux guy myself. π Though not a paranoid one... well... anymore. π
I'm glad that you're considerate and inclusive of your user's situations and content accessibility. We should all follow your example. π
but does that come with the need of a version of web that just works without JS? now with the rise of all cool JS frameworks and paradigms things are much different than just losing small part of something when JS doesn't work, the whole site even doesn't render. so while it is upto user to disable their browser from executing JS but the site owner/developer should make sure they address those users.
Just for performance reasons, you shouldnt require Javascript for your side to load. If you write your app in JS, get Node to render it on the server for you like in the old days.
I really get annoyed when a page just presents a basic shell and starts loading content with JS, for no particular reason. Design your websites so they are usable even without JS, it's not that hard
apps delegating heavy lifting to browsers is also for saving server resources :)
I firmly agree the consumer should be allowed to disable whatever they want.
But please understand, from my perspective as a one-dev shop at a nonprofit, I can't be all things to all people. I wish I could. But it's just not possible. So, when I build a JS-dependent page, it gets a noscript saying, "Sorry. Wish we could do better but we don't have the resources."
Does that suck? Kinda. Am I ok with it? Totally.
Hi, actually that's far better message than saying 'please enable Javascript' you are doing good
Have you considered how it might be cheaper to write a website with a progressive enhancement mindset instead? (obviously depends a lot on what you're building)
I recently had a conversation with @mangel0111 in the comments of his post How to survive to Chrome for Android disabling JavaScript for 2G or slower connections?.
My answer is yes:
I love JS but it's admittedly easy to lose perspective and go down the rabbit hole.
Update: another nice article about this subject is The Bullshit Web
This is exactly the thing that was referenced when I had this convo IRL.
Chrome JS disabling on 2G is exactly the antithesis to this discussion.
I think we need to realize the difference between things that should be more like documents and more like rich applications.
DEV is rich, but it's like documents. If you come from Google to a post, you're here for the document. If you come to comment, message, react, interact in other ways, you're here for the application. Both are relevant use cases. The further you get into interactions, the more likely it will be that something might work, but the basic experience is document-driven.
Not that we do everything right but that's how I think about it.
Agree Ben.
Hopefully no one will introduce a standard HTTP header to tell the browser if the page is just a document or an app :D
Thanks for the link to the Dear Developer article! I enjoyed the read.
I was going to point out the Android Chrome 2G plans too. Not only will browsers continue to allow users to block JavaScript, they may also choose to themselves.
Great other reasons here π
Thanks!
Good list, good reasons. Two thumbs up!
thanks!
It doesn't matter whether a user can block JavaScript or not.
Loading scripts normally relies on the network, there is always the chance that the load will fail and the user will be left without the site's JavaScript anyway. Or it will partially load and only part of the JavaScript will be available.
This is not the user's fault, nor the developer's fault. But regardless, you now have a user on your site without JavaScript.
1% of all JavaScript requests on Buzzfeed timeout, that's 13 million requests a month.
It is up to developers to make their sites work (or at least fallback gracefully) whether JavaScript is or isn't available. The reason for JavaScript being unavailable, whether it's user choice, network conditions or browser interventions, is unimportant. Building a resilient experience is the only way we can serve our users best.
Quote of the day for me.
My thoughts on the subject at hand are what I have expressed numerous times over the past few days alone: We should actively contribute to the common knowledge. It is our job to explain why "oooh, it's shiny" also means "oooh, it runs other people's code on my computer".
38.9 percent - a surprisingly small number! - of all voters seem to consider their web browser to be a replacement for an actual operating system. Now DEV is rather web-focused in some aspects, and you'd get very different results in a C community or something...
There is no excuse for a website to not display anything without JavaScript enabled. Many web developers make that mistake though, thinking that "nobody disables JavaScript anyway". Let us change that!
I feel my article about ads is relevant here. The primary use of JavaScript appears to be invade user's privacy and inject stuff from external places.
I'd be happy with an option to disable third-party JavaScript. Only JS coming from the same domain would be allowed.
I like that idea a lot.
It's not hard to serve the script from your domain instead, just use a reverse proxy. This is not really a solution at all
It makes a difference though. A reverse proxy avoids one of the problems with tracking by third parties. No longer does the Google CDN get knowledge of everybody who accesses your website.
Security is also improved since the domain of origin of this script is the same as the host domain. Combined with limited third domain access it neuters some of the abuse that JS can currently do.
It also serves all the content from one domain, allowing a single HTTP connection to be used. This reduces connection overhead and speeds up the page.
It also forces the content to be handled by the host domain, which then puts a little bit of pressure to not overload the hosting.
Thank you Carlos for bringing this up (#1).
@ben : Please use labels. You're using blue for no and red for yes. Come on - that's crazy!
Of course a user should be allowed to disabled JavaScript, or images, or CSS, or any other thing. Their browser, their bandwidth, their connectivity fees, their choice.
That doesn't mean that sites can't say "Hey, friend - we need JavaScript to be useful; if you don't enable it, you won't be able to use our site." (Same last sentence as the paragraph above...)
:)
TL;DR - 38.9% of respondents need some perspective.
I honestly don't feel like it's that hard of a question, but I guess it is more divisive than I thought. I feel like for many things, you can opt in or out -- don't want to use Photoshop? Use Gimp! Hate Java? Use only Swift-based stuff! (I am making stuff up here.)
But you really can't do that for the most part with the Internet. There's mostly just one of it, and you use browsers to interact with it. You caaaaaaaaaaaaaaan argue that "people who don't want to use Javascript can just skip the Internet" but that seems a) well, rude, frankly and b) the Internet is pretty solidly filling a real big spot in the world that is not easily replaceable.
Doesn't mean your site has to do a damn thing for them. (I mean, I personally think you probably should, but.) If you don't want people with no Javascript to use your site, that's just fine, then just ... offer them nothing, I guess, or offer them a really shitty user experience?
I just honestly cannot fathom any reason for feeling that users shouldn't be able to disallow it on their own browsers.
Content is the reason users are coming to your site. Javascript should be used to enhance the experience. Your site should degrade gracefully allowing users to turn off JS and still access the content they came for.
Yes they should, probably not browsers like Google chrome but browsers like Tor should definitely keep this feature for security reasons. Believe it or not the dark web is mostly just HTML and CSS with super minimal JavaScript.
Sounds like sites on the dark web are written by people who know what they're doing.
Reading the answers (except @rhymes answer, sory if I missed others...), I notice that even if internet is supposed to be worldwide, in the developers mind it is thought only for occidental world (I am guilty of that too).
We often forget that there is a lot of people in the world with a very limited access to the web, and js can ruin their access to your creation.
It is not really the internet I want to see.
It's nice to have js, but it should also work without it.
I can only assume that the 38.9% that said no fall into three camps:
It's a little dispiriting how I'm not surprised about these results but this is one of the reasons I wrote
The Web I Want
Chris James
It needs to be made clear that there are technical, ethical and business reasons to only use Javascript if it's necessarry
A lot of people reacted quite angrily (outside this website) to the article as they seemed to think I "hated javascript". I don't, it can accomplish wonderful things for websites. What I hate is it being the go to solution for everything ignoring all of the trade-offs you make when you decide to use it.
My colleague and overall amazing guy
David Wickes
People are reading this question in (at least two) different ways:
For me the answer to the first question would be an unequivocal 'yes', while for the second one it would be 'no, not necessarily'.
YES!
For the content discovery side of things, a good chunk of crawlers still do not run javascript (google being an exception).
Debugging why a social share (OG meta tags) is not working correctly would be a complete pain if one could not disable javascript see what is being served to the crawlers.
For anybody in the camp that thinks users shouldn't be able to disable JS, load up any news article from any news site in a browser with no extensions enabled & try the page both with & without JS enabled. Which would you rather use? I'll take the lightweight content without heaps of ad, popup & video scripts served up from JS any day.
The internet is both better with and without JS, and the user should be the one to determine if they want to run it or not on a case by case basis. As a developer you can decide what restrictions you want to place on the end user for the intended experience. If you want your site to not function without JS, that's fine, not optimal, but fine.
What I think mobile browser developers should do is surface a toggle to turn off JS more readily on a site by site or global basis rather than have it buried in the settings. That could make mobile browsing significantly better.
I have to say, I am surprised by the vote.
The user should always have the choice, there are a lot of exploits that abuse javascript and the users have the right to "defend" themselves.
If your site doesn't handle disabled javascript gracefully then it is your fault, not the users.
I don't disable Javascript. Most of the apps I write will not function with JS disabled. I am not aware of the use cases for running a browser with JS disabled in the web of today. (Maybe someone else can fill in that info.) But I support end users having the choice to do so.
Often sites that rely on JS to render content are difficult for accessibility programs to interpret, which matters greatly for people with vision disabilities and others. Many people also don't want to allow a site they may not trust to use their computer's resources to do who knows what--plenty of apps have even been caught mining cryptocurrency on client hardware with JS. Ever click a link to Imgur and have to wait 10 seconds... for an image? HTML/CSS has a very small attack surface. With all the security scares in NPM, are you confident that you aren't opening your clients up to unnecessary risks? I'm not.
As a developer, rendering on the server allows you to cache content much more aggressively, across multiple clients, and not just cache content per client locally. Sometimes I don't want to make a single page app. Sometimes, applications fit very well into the CRUD model, and it is just so elegant to do that server side and with forms.
I think Javascript could be used to ask user: This site uses Javascript for interactivity, do you agree to run Javascript on this site ?
That's it. Treat running Javascript as Cookie. And let user accept it or not.
The merit here is: Please tell user what the javascript has done to user's site, let user know and let them decide on their own.
But isn't that a bad practice? I mean, not everybody knows what javascript is right?
oh god, no! and also take the f'in' cookie questions away already! they're worthless. (I know it's legally not possible at the moment, but the laws should be changed ASAP.)
There are systems that aren't worth the effort to make them work without JS, but there's a lot of things out there using JS that really shouldn't be. Ads for example.
What HTML, JS, and browser developers need to be doing is adding more granularity so you can say: "I want to block ads from using JS", "I want to block automatic video playing", etc. things that are consistently abused on the internet. Also adding questions like "do you trust this website with access to your GPU" would be nice. That way the need for browser-wide blocking of JS is going to be significantly reduced.
Brave seems to be showing the way forward with this, unfortunately with it's almost non-existent extension library I can't yet switch to using it, and their built-in ad blocking is no where near as good as uBlock Origin and Privacy Badger combined.
With uBlock Origin when I just see an annoying element on a site I can just block it, and I find that incredibly important a feature. With uBlock Origin and Privacy Badger I can feel fairly safe using the internet with JS turned on.
If there's additional security layers forced on advertisers and other scum of the earth that don't care at all about the people they infect with their code, then I might tolerate the internet without blocking all ads too.
Also why people build simple homepages relying solely on client-side rendering with React and the like is beyond my capability to comprehend. I can understand having a few added things via JS, dialogs, and the like, but relying on JS to just render it is .. simply wrong.
Also if done properly with server-side rendering then that's ok too, but let's face it. People just say you can do server-side rendering with these things, but never do it.
I think because SSR is a bummer if you're not using JS on the server. A lot of frameworks don't support it, not easily at least. There's not that much documentation.
I believe that there should always be a control for the end user to choose with. In fact, that's the foundational beauty of the open source-ness of the web.
Also, end of the day, its the end user who's at the using part of the phone/computer who would want what he wants. Taking away the control from him would only make him just accept what is on his plate. By giving him an option, the web is allowing him to choose to skip the beans if he does not want to. Even if the web would like to argue that the beans are good for him. Also, the one who's disabling it is more likely to know its effects(poor un-interactive webpages).
I'd like it if there would be a choice to enable/disable it. But what I also want would be is it being slightly less obvious for an average surfer to mess with.
There's no reason to disable this feature.
The main reason devs seem to want this is so they can build cool stuff. It's like, hay I spent hours building this cool thing and you're not going to look at it? WTF!
If we can agree that the primary goal of web development is to create synergy between business needs and user needs, something like that. Then we can say as project value deliverability and user accessibility diverge, there is diminishing value. Diminishing value for the user to the business, and the business to the user.
If the needs of a project requires JavaScript but the user, for what ever reason needs it disabled, does it matter? Is this user "important" to the business? Does this business have any actionable value to the user?
It's the job of developers to bridge the business <-> user dived as much as possible. While maximising the business needs "first".
If this principle leads development, those who need find value will find value.
It's pretty binary: nearly forty percent of our lovely community members are wrong. If you can't control what runs on your computer, you're no longer a user -- you're being used.
I would argue that almost all users do not know what JavaScript is, that it can be turned off, how to turn it off, and most of all just don't care.
However, I believe the on/off switch should remain in the browser but relegated to deep configuration or command line flags. It should be viewed in the same prioritisation as disabling CSS, images, video support, etc.
At the end of the day it's most likely going to be developers and technically minded people understanding and wanting to adjust these settings.
There is lovely extension that does that job anyway to block javascript. My favorite being noscript
I moved on from NoScript to uMatrix. If you're interested in technology and you are fine with having to spend a couple of days to configure your whitelist, the two-dimensional matrix might be a superior choice than NoScript's "Yes/No".
Yes, I am aware of uMatrix and how it is designed to work with uBlock Origin which I have. Fortunately NoScript is working well and I am good with the "Yes/No/ behavior.
If your whole app is based on JavaScript or whatever flavor framework, of course you're going to want to stop letting people break your app with a checkbox in settings. That's a, I would assume, large-enough-to-matter amount of lost customers.
It's not a separate web, it's just websites that ain't on google.
Yeah your totally right, but some websites on the 'dark web' can be used to track you. In fact, that's why everyone using Tor never go fullscreen since they can potentially find out what device one is using. Since dark web websites get minimal traffic, it's easy to map out the regular users if their screen sizes stayed consistent.
Even the devs who probably are biased didnt agree on this so ..
As for low connectivity reason I think is false, images are the biggest resources so if you want faster load times disable the images not JS.
As for the fallback with no JS there is no economic incentive to do this, except if you address to a specific audience with these issues as a majority.
Kinda, Tor is just the 'first step'. Since there is no Google alternative for the dark web (which is one of the reasons why it is 'the dark web') you will need to find out the links yourself. I heavily recommend using a VPN as well as the tiles OS (made for Tor) on a virtual machine. BTW The 'hidden' wiki is not close to the real dark web.
Running a JS whitelist in your browser is just web hygiene at this point. Clicking a link my wife sent me is not my automatic consent for you to run 3mb of arbitrary code on my machine. In no other context would this be considered sane.
So yeah, from now to forever JS needs to be blockable because consent matters.
As developers we have fallen into the trap of using too much JavaScript. Always think about the fallback first and keep your pages lean.
I think user should be enabled to disable javascript.
But they should know the website's features will only works as-is.
Yes allow users to disable. The internet wasnβt built on JavaScript. It was built on html. JavaScript is a secondary artifact of the internet.
As long as I can display a
<noscript>to them, why should a browser take an option away? Would be better if it was a per-domain option instead of a global though.JavaScript should be disabled by default. Browsers should ask users to enable JavaScript, just like locations, notifications, etc.
Hellz na
Step 1) Browsers collude to force JS on users
Step 2) Somebody makes a new browser
Thank god that #2 is generally still an option.
Glad they are not in-charge. Browsers need to work towards not needing JS for core web-experiences.
Is there a way to see how many people actually disable JS in their browsers? I am guessing not but would be interested to see stats
This discussion is making me glad that I decided to not build my personal website/portfolio as an SPA.
I usually end up browsing with JavaScript off or severely limited - intentionally - any site which forbids me to block JavaScript I wonβt access.
Doesn't matter for users. But it is useful for developers in some cases like testing server rendered apps.
The feelings can absolutely expressed as binary. Because you asked the people that make the sites. Not the users :D
Yes, it's website js code but it runs on the browser, so my computer my rules.
One of the powers of JS