Slashdot Mirror
Firefox 23 Makes JavaScript Obligatory
mikejuk writes "It seems that Firefox 23, currently in beta, has removed the option to disable JavaScript. Is this good for programmers and web apps? Why has Mozilla decided that this is the right thing to do? The simple answer is that there is a growing movement to reduce user options that can break applications. The idea is that if you provide lots of user options then users will click them in ways that aren't particularly logical. The result is that users break the browser and then complain that it is broken. For example, there are websites that not only don't work without JavaScript, but they fail in complex ways — ways that worry the end user. Hence, once you remove the disable JavaScript option Firefox suddenly works on a lot of websites. Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."
Are there still security issues with having JS enabled?
Koalas. They're telepathic. Plus, they control the weather. -Margaret
As long as it doesn't break Noscript, I'm ok with this. It really IS folly to try to use the modern web without any javascript at all, but with Noscript I can still pick and choose which sites are allowed to run it in my browser.
End of lesson. You may press the button.
Does this break noscript functionality as well? That would be massively unappealing.
Why is this a thing?
Why must we dumb down everything?
They just removed the easy way to turn it off to prevent simple mistakes. You can still turn it off behind about:config or with extensions for those that need it.
(atleast in nightly) Its just hidden, you can still enable/disable javascript in the about:config menu and addons like noscript still work.
I still use Firefox over Chrome because it has a much better array of options and is more customizable than Chrome. Even though Chrome is faster, has better updates, can save to PDF, comes with popular plugins built in as opposed to having to download them separately, etc etc.
Firefox devs please get a clue. Apple and Google need to reduce options because they have to appeal to the clueless masses. You do not. You cannot go toe to toe with the big guys by trying to be exactly like them.
There is ZERO chance I'm going to use a browser which doesn't allow me to default JS to being disabled. NoScript is also FAR advanced beyond other similar tools, so it would REALLY SUCK to have to use Chromium's lame equivalent, but I will if it is the only choice. At least in other respects Chromium is pretty good.
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
Apple has been removing options for users for years. The first versions of OSX were close to linux in the number of things you could do, these days I forget it's a Unix variant. Macs are what Steve, or these days Jon, thinks is good for you. That seems high handed until you think if you buy a Ralph Lauren suit your getting what Ralph thought was good for you. That being said, the number of times I went to the rescue of some noob who what whining that his Mac version 10.5 or earlier was broken and sat there and went WTF??!! I'd be able to buy a new Mac. As Apple has steady *not* let people think for themselves things have gotten stabler and stabler.
Why must we dumb down everything?
More like simplifying. Everything should be made as simple as possible but no simpler. Why have a menu option that never gets used? That is pretty much the definition of pointless. I'm pretty geeky and like to tinker with things but a menu option that never ever gets used is wasteful.
I cannot remember the last time I disabled Javascript and I'm pretty confident that somewhere north of 99.9% of users never disable it either. Much of the modern web would be useless without Javascript. So long as there remains a method (extension, etc) to disable it if desired (ala NoScript) I really don't see the big deal.
Well wait, what do you mean by "web site"? If you just mean a page that you visit on the net to primarily read text (possibly with images) then I agree with you. If you are talking about a webapp (which also qualifies under the term "web site"), then you are wrong. Google Docs, amongst so many others, simply couldn't operate without JavaScript enabled
What do you know I wrote a novel
"Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."
Such people should be fired out of hand. I mean sure, if you're creating some specific UI for a web based application then 'no fallback' is acceptable, you just can't get anything like the same functionality. I sell software which falls into this category, but it would be utterly useless without JS. OTOH the idiots who can't put up a plain old web site without insisting we all have to enable JS on it so they can make a cute rollover on a link or something stupid are just retarded and should resign.
"Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
To get around really annoying types of ads that mandate that you sign up / sign in for a service. If I wanted to sign up for your website, I'd do it. Attempting to force me to do so for the sake of gathering better target data isn't interesting to me. Trying to force me to do so with giant ads, even less so.
There will be other ways to temporarily disable JS, so I'm not too worried about FF removing the chekc box. But it's annoying.
Ad networks are compromised all the time. Ads are the primary users of javascript. Coincidence?
Who gives a shit if websites break when java or javascript are turned off. I turn that shit off as much as possible, I use NoScript becuase I despise the fact that no matter how careful I am, no matter how up to date I run my antivirus, my browser, and my JRE, I can STILL get a goddamned drive by infection if I allow javascript to run unchecked.
No, Blowzilla, the problem is NOT with users clicking things they have no idea about, the problem here is JAVASCRIPT. Its just another ActiveX, its just another virus vector. It needs to be eliminated from use entirely. It SHOULD ask permission to run by default. That way websites can at least put in a message "To see video you need to say Yes to this." "To read this article you need to say yes to this." and the ad networks can start working around things by going BACK to gifs and static ads and links instead of crap that blares through my speakers about shit I do not care about (seriously, is everyone coming to Slashdot a big corporate IT manager in charge of buying new server racks? IBM and others seem to think so) while using fast-moving images (hey just like the BLINK tag but with pictures!) to try and distract me from...the CONTENT.
Seriously, this is a retarded move, thank you Mozilla for INCREASING the number of infected machines on the web. I am sure the Russians and other blackhat collectives thank you.
Morons.
Personally, what *I've* always wanted is a way to turn JS on and off that's more easily accessible. I often want it off, to try to get more consistent behavior (whizzy JS crap is often completely non-standard and confusing), but every now and then I need to flip it on to see if the apparent breakage is because some lazy programmer didn't feel like thinking about how things degrade.
But Mozilla seems determined to alienate users like myself, so this current bonehead move is hardly a surprise.
And yes, many "modern" web sites these days seem to require javascript-- thanks to google who made it ultra-cool and groovy.
I'll be sure to skip this 'update'
-- Fuck Beta
This is how viewing the web with noscript works out in the real world: .... ... finally the web page loads properly ... now repeat all 49 steps for every web site that you go to
1) webpage does display properly
-> make exception to allow scripts on this site
2) webpage still does display properly, because it needs scripts from a second domain
-> make exception to allow scripts on the second domain
3) webpage still does display properly, because the scripts from the second domain load scripts from a third domain
-> make exception to allow scripts from the third domain
49)
I would be with you 100% if I felt that the Internet at large could be trusted. It can not.
www.wavefront-av.com
Any web developer worth his pay should already be coding with graceful degradation in mind. CSS and Javascript should fail gracefully on less capable (or deliberately secured) browsers. Failure to do so may leave people with very minimal browsers, like the deafblind, unable to use a site. It also shuts out people with older browsers, and the days of "This site best viewed in Internet Explorer 6 at a resolution of 1440 x 800" are best left buried and gone.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
"Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."
Tell some of these lazy, arrogant assholes to send me a cut of their paycheck for being forced to waste MY resources and PRECIOUS TIME OUT OF MY LIFE waiting for their mercenary, invasive twaddle to execute in my browser.
It only eliminates the GUI option for disabling javascript. The javascript.enabled flag is still there, in about:config
I'm a web developer and have taken JS & CSS for common for years and years now. Spent about 6y working at a small local web design shop and it just wasn't feasible to double contract amounts to make sites work without JS.
That said, there's no reason to require JS if it can be done without. Lots of page book-keeping, like menus, active page indicators, etc, can be done with CSS. Some stuff, like Amazon's polygonal focus on subnav can degrade nicely. Fantastic. But I'm not going to build an Ajax-y interface AND a static HTML interface (for free) to coddle people with nothing more than a distrust of JavaScript.
Implicit Evaluation with PHP
Glenn Gould used to take a lot of flack for refusing to shake people's hands even though we all know that you can't go through life refusing to shake hands. Perhaps he had a good reason?
Even if you're less of a sociopathic hypochondriac than Glenn Gould, there's still an issue concerning how automatically one reaches out. I'm a little more hesitant to offer my mitt to a vagrant person who's just popped out a discrete alleyway with flecks of an old newspaper stuck to their shoe. Colour me paranoid. And yet the default on the web is to arrive on every web page in full embrace, even the typosquatters with old newspaper stuck to their shoes.
On my FF I have things pretty locked down. If on first impression I haven't teleported into the worst bathroom in all of Scotland, I'm pretty quick to enable first party cookies. Tracking cookies from the social media paparazzi, not so quickly.
When I get a site coded to misbehave at the first whiff of the end user exercising prudence or discretion, I switch the URL into Chrome where I have practically nothing locked down and visit nowhere important and where the social media paparazzi will observe my click trail as an infrequent user engaged who exclusively visits the wrong side of town, but never never pulls his hands out of his pockets to engage the temptations.
What's in your wallet?
I miss the days when web developers still gave a shit about progressive enhancement.
I miss the days when you couldn't be considered a real web developer unless you could make a CSS Zen Garden (http://www.csszengarden.com) skin without cheating by changing the markup or using JS.
I miss the days when you were only considered a good web web developer if your site was usable with both JS and CSS disabled because you used semantic HTML.
I miss the days when accessibility still mattered.
I miss the days when writing semantic HTML, enhancing it with CSS, and enhancing it further with JS was considered the best practice, rather than starting with just JS and an empty body tag as is so common today.
I miss the days before the now popular false dichotomy of thinking that progressive enhancement is extra work was popular among web developers.
I love that the web can do more now and compete with native apps better. But I hate that web developers are so quick to unnecessarily abandon progressive enhancement in the process when that's what made the web great to begin with.
You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
http://noscript.net/
Join the Slashcott! Feb 10 thru Feb 17!
Firefox would do better to spend more time focused on protecting users, rather than limiting options to what they think is less confusing. Lots of bad things use JS and ordinary people have few options to protect themselves... disabling JS is one of the best. Advertising, tracking, right-click "protection", and just poorly written websites are a real issue for users, and often times disabling JS actually works.
Extensions are fine and all, but built-in Options are more important (always available, easily discoverable, safe to experiment with) and disabling JS should be there.
tomorrow who's gonna fuss
We'll disable it anyway.
Javascript is the cat shit to HTML's dog shit.
Are there tools available to export your FireFox profile to other browers?
Naturally IE is not an option.
What other browser would you recommend?
Privacy is terrorism.
Followed the advice of some kind folks here, updated my HOSTS file, and use IE with BING exclusively!!!
Also installed the latest Oracle Java with that helpful toolbar thing, it's AWESOME!!!
Nothing to worry about, rite???
Stop posting this "user's" aka Dice's stories on Slashdot! His entire history of posts all link to the user's own i-programmer.info site in order to generate traffic and ad impressions. Enough is enough already!
Bye bye, Firefox. Opera just got one more user.
Circumcision is child abuse.
I'm going back to Lynx
Mozilla isn't especially fast, not compared to Chrome. However, not being able to selectively enable/disable Javascript in Chrome is why I don't use Chrome. Along with the apparent desire of Google to know everything about me.
If a there's a security hole in a browser, the most likely way the security hole is going to be exploited is either Javascript or Flash. The most likely source is going to be advertising networks, so disabling Javascript, and selectively enabling it on the sites themselves means I can surf the web and have websites work, without having to worry about advertising networks giving me something I really don't want.
Just because you don't use that options doesn't nobody else does.
I'm well aware that a small percentage of people use the option to disable Javascript. I'm also well aware that those same people are also technologically adept enough to figure out how to disable Javascript using means other than a menu option. (Noscript, about:config, etc) A menu option deserves prominence if it is commonly used. The option to disable Javascript is very seldom used and as such does not need a prominent menu location. It's not exactly rocket science to make it possible to put the menu pick back for the 5 or so people who actually care.
The next step is to kill it off since no one was using it, because they hid it.
Please try to remember whose machine you're running on. You're a guest under my roof, and guests that behave badly do not get invited back. So no, you don't get to run code in my browser until you've earned a certain level of trust, and you certainly don't get to invite in your friends' code. (I mean, just who the fsck is rpxnow.com, anyway?)
The technical term for sites that behave this way is, "Broken."
Firefox already works on a lot of Web sites. Is someone shipping FF with JavaScript turned off by default? What exactly is the alleged problem here?
These programmers are called, "Wrong."
Back in the 1990's -- in the days of sneaker-net, recall -- macros in Microsoft Word documents, originally thought to be oh so terribly clever, proved to be a monumental nightmare for their ability to spread viruses and generally wreak havoc. It was so bad that even Microsoft was forced to admit it fscked up, and no longer executed macros in a loaded document by default, but would ask first. So you'd think the lesson on embedding executable content in what was fundamentally a document would have been learned.
Then some allegedly clever person kluges together JavaScript in an afternoon, and suddenly executable content embedded in documents -- over a genuine network, mind -- becomes a fantabulous idea again.
Uh, no, it didn't. JavaScript was a stupid idea, and should never have been allowed to happen. Unless your site is trustworthy and useful, you DO NOT GET TO RUN JAVASCRIPT.
Editor, A1-AAA AmeriCaptions
Those who don't know any better never disable it, those who do use NoScript.
I use NoScript to browse with JS disabled and only turn it on for sites I trust/want to get something done with.
If this change breaks NoScript, I'l switch to Chrome.
The Digital Sorceress
I would be with you 100% if I felt that the Internet at large could be trusted. It can not.
The question isn't whether the Internet can be trusted (we know it can't). The question is whether your JavaScript interpreter can be trusted to sandbox properly. Since it was always understood that it would be executing untrusted remote code, JavaScript was actually designed with pretty decent security from the ground up, and not many exploits these days use it. These days, when malware writers want to steal people's financial information or add them to a botnet, they use exploits for Oracle Java or Adobe Flash. Maybe Adobe Reader as well. But JavaScript is actually pretty far down the list of serious Web security risks.
This week I read about a virus scanner that removes the option to use advances features.
Hold your horses!
What they meant was people were used to the advances features and it wasn't needed any more to call them advanced features.
The features stayed in, but were now called standard features.
Privacy is terrorism.
Haven't you heard? It breaks the internet! Don't you want it to work right for everyone!?
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
In order for anomymous communication to be possible through tor, javascript must be disabled. This cannot stand if we are to have the freedom of doing things safely from preview of governments and others.
There is definitely a point were you begin to take security to levels resembling paranoia. I think you found it.
"The simple answer is that there is a growing movement to reduce user options that can break applications."
The writer could have stopped at the first half of that sentence, and it would have been more concise and accurate.
"The simple answer is that there is a growing movement to reduce user options."
This isn't really new. UI design "experts" have been saying for years that delegating choices to the users is bad. The programmer should make a decision and stick by it.
That's a bit of an exaggeration. What they're actually saying is a bit more subtle and nuanced. For example, this article by Joel Spolsky discusses when you should and should not offer the user a choice. Basically, it boils down to whether the users of the software will care. He cites the silly Help database dialog from Win95 (where you had to tell the OS what kind of database optimization you wanted it to do on the Help file before you could search for a term!) as an example of the kind of choice that shouldn't be presented to the user. In contrast, if something is related to the task at hand, then the user probably wants fine-grained control over it: "If it's a graphics program, they probably want to be able to control every pixel to the finest level of detail. If it's a tool to build a web site, you can bet that they are obsessive about getting the web site to look exactly the way they want it to look."
The problem is that, like so many other good ideas over the years, this principle of UI design was bastardized and dumbed down by the corporate equivalent of a game of telephone. These days it's been reduced to "Choices are bad. Don't give the user a choice." And, of course, users hate it. This is the design philosophy behind Windows 8.
I've got no problem with your browser choice -- if you want to use Mozilla over Chrome, or IE over Firefox, hey, that's your call. But don't misrepresent the situation.
Google and Yahoo both pushed back hard against the NSA's programs. Yahoo went to court over it. You know what the court said? "Obey."
So what could Google do? You can't run an advertising business without having some information on your users. You can't run an email service without having access to the accounts. Yes, I suppose Google could have theoretically attempted to create a business in which everyone it served were direct customers of encryption services it provided (while explicitly saying that it couldn't decrypt traffic). Maybe that works for a startup, but you can't exactly transition a multi-billion dollar corporation to a direct customer model to avoid the NSA -- especially when you are legally prohibited from acknowledging that the NSA even spoke to you.
More than one of the companies that participate in Prism were forced to do so.
Just a typical release: More steps back than forward, major version number increase. Mozilla's just shooting out more reasons to *not* use their browser. Mozilla lost their sanity and common sense years ago.
For instance, why do I have to manually prevent web pages from doing things like hiding the UI elements which permit me to verify whether they're phishing sites?
As long as NoScript keeps working, I'll probably be fine.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Google Docs could be written to be a native app that access data from Google servers. There's pluses and minuses to both approaches. Anyone that is willing to tic the box and turn of Javascript should be aware that an app like Google Docs will require it on. I'd like to see some data on the number of people that turn this off and really can't figure out why things aren't working right.
Perhaps in your tiny universe, but in mine I use it a lot.
"My tiny universe"? Hardly. Very very very few people ever touch that particular option. I'm 100% confident that the folks at Mozilla have copious data to back me up on this. Some people do use it but it is a miniscule minority. If you want it re-enabled I'm sure someone will write an extension to do just that if they haven't already. In the meantime for the 99.9% of users who will never touch that particular option it is a waste of valuable screen real estate and a source of confusion and possibly problems. It certainly fails the mom test badly. Your typical tech illiterate (who vastly outnumber anyone reading this) isn't going to even know what Javascript is much less why or when they might care to disable it completely within a browser.
Beside completely disabling Javascript is the very definition of a crude solution. Noscript solves most problems far more elegantly.
Disrespecting the end user is one of the stages of software development team meltdown.
Nevermind JS. Did they fix the cache problems already?
So you the web dev toolbar for much easier access to that option.
Last I checked, about 1.5% of Internet users disabled Javascript (in the late 90s, this was about 10%). The average user doesn't know what Javascript is, nor do they deliberately disable it. If a site "breaks" because JS is disabled, it's debatable who's fault that is, the developer(s) or the user. Even in today's reality, JS is a de facto requirement.
That 1.5% deliberately chooses to disable JS, whether their reasons are valid or loony. Removing the ability to do so does a disservice to the informed; the ignorant will be unaffected.
once again, you can still turn javascript off, those that do are likely to be at the very least, power users, who are comfortable with about:config, where you can find that option. If not comfortable using about:config, then they'll know how to install an extension.
"It seems that Firefox 23, currently in beta, has removed the option to disable JavaScript. Is this good for programmers and web apps? Why has Mozilla decided that this is the right thing to do? The simple answer is that there is a growing movement to reduce user options that can break applications. The idea is that if you provide lots of user options then users will click them in ways that aren't particularly logical. The result is that users break the browser and then complain that it is broken. "
It's sad but true that there is indeed some truth to this. Computer illiterates are a significant portion of the population and anyone that offers them free support with any product is digging their own grave because these people can break anything.
But this thinking can easily go too far. Make a computer that a computer illiterate will not be able to break, and it will also be a computer that the rest of us find unbearable. And while there is still a good deal of computer illiteracy to be dealt with, the trajectory on that should be down, not up.
"For example, there are websites that not only don't work without JavaScript, but they fail in complex ways â" ways that worry the end user. "
These websites, however, need to quit pointing fingers and fix their damn webpages!
The level of slop that 'web designers' have been churning out for decades is their own damn fault. Better than removing the option to turn off javascript would be removing the option to turn it on.
"Hence, once you remove the disable JavaScript option Firefox suddenly works on a lot of websites. Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."
These 'web designers' are the silly ones. If turning off javascript breaks your webpage then your webpage is broken, simple as that. Graceful degradation is a mandatory feature here, and trying to push your own incompetence back on the customer is reprehensible.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
any real user knows how to use about:config
Anyone writing a javascript application should know to add a <noscript> tag to the page embedding the scripts.
<noscript><p>This page is built using Javascript, but it seems that you have Javascript disabled on your browser. Please enable Javascript and refresh this page to continue.</p></noscript>
I think that's a much more robust approach. The user understands what's going on, and you don't have to rely on every browser preventing Javascript from being disabled.
I use noscript. I assume this will not affect third party tools unless I am missing something.
Apple and Google need to reduce options because they have to appeal to the clueless masses. You do not.
The primary source of funding for the development of Firefox is the add click. Firefox will survive only for so long as the "clueless masses" support it.
Breaking applications is the very reason why I disable it. Most sites I use are sensibly programmed, but every once in a while I come across a site so bad it needs to be shut off.
My main beef is that I may have 30-40 tabs open, and find the browser consuming 50% CPU on the laptop - all because of misbehaving javascript that runs and performs useless updates in the background. And firefox doesn't make it easy to figure out which tab is the culprit, so you just have to start killing them at random until the CPU usage goes down. At least until you learn from experience which websites have the offending javascript.
On many web sites I use the javascript is gratuitous. Eye candy and whatnot, or huge scripts to manage useless comment systems that I never use.
And why do I care? It makes the machine sluggish and burns through the laptop battery more quickly, and the laptop runs hot.
But Firefox can do what it wants - I still use noscript and adblockplus to selectively block scripts.
It's spelled "cache" but pronounced "cash" or "cayche".
Plan My Week for iPhone
is asinine. It's not difficult to put a noscript tag with a reasonable explanation for clients. All production sites should have graceful fall-back for accessibility and other client issues anyway.
Dumbing down software to "help" the unexperienced users is a good idea? Oh my god! Will they ever learn?
I like my spaghetti with source.
Starting with an empty body tag and selectively loading the content via javascript is a solution that scales.
It's proven to reduce bandwidth usage and improve load times.
Progressive enhancement rarely worked and even more rare was when it worked well.
Semantic HTML *IS* a good thing and we should absolutely be using it but we shouldn't take away the achievements that have been made with Javascript.
The question is whether your JavaScript interpreter can be trusted to sandbox properly.
Sandboxing doesn't stop spying and tracking, it doesn't stop stupidity like disabling right-click menus, or any of a million other problems. Turning Javascript off does. If a site requires Javascript to function, the site is broken anyway.
Personally, so long as NoScript works as it always has, this is a nonissue for me. But I will not use a browser that just makes it impossible to disable javascript.
This is not what Apple does. Safari has an option in the main preferences pane to enable "Show Develop menu in menu bar". For the past several years, Safari's developer tools have been the most advanced. Other browsers, especially Chrome, have mimicked their GUI and toolset albeit as a dumbed-down implementation.
Didn't you know?
------ The best brain training is now totally free : )
Why is this a thing?
Why must we dumb down everything?
It was Ian Elliot that assumed that the decision was made to "dumb things down", and you are foolish for buying into this idea and perpetuating it.
The simple answer is that portions of the UI in Firefox itself are written in JS, and that JS is an integral part of the Firefox OS platform, and are necessary to supporting its application marketplace.
Consider how useless Android would be if you could disable Dalvik ("Java") on the platform: the UI wouldn't even work at all.
By removing the option to turn of JS directly, and forcing you to use NoScript or a similar plugin if you want to disable it yourself, you get to be responsible for any breakage that occurs, while they get to have a taller base platform on which to build better and more complex applications and innovate in their UI. That it allows web sites with JS content to function by default as well is just a bonus, not the primary driver.
Yes it is, but not without some thought. From the limited controls and feature set of the new Airport Utility to hiding the /Users/~/Library folder Apple has removed options that users kept tripping over. The fact the you need to start a special Developer Menu just proves the point. This may not be a bad thing. Anyone who has worked help desk has stories of the damage done by those who had the mistaken impression they had a clue what they were doing.
You'll note that the ability to view the source of a page isn't right there up front anymore in any browser that's the same sort of thing. You still can if you want, but you have to find out how.
You can comment just fine on Slashdot without javascript. On this computer, javascript is disabled by noscript right now. and I'll just click the submit button and...
If you're a zombie and you know it, bite your friend!
"Yes, but those programmers are morons. Why legitimize their bizarre take on things? Most of the web works great without javascript, so disabling javascript is usually a safe thing for users to do."
The worst that can happen from disabling javascript is that incompetently coded sites will fail.
On the other hand *enabling* javascript opens you up to lovely drive-by infections, as well as many other, more subtle, dangers.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Google docs I would give more leeway but that's an exception not the rule and contains no content (last I checked everything could be bought local as a file). Take something like facebook no useful thing that requires JS but hell the site still does not render correctly on a large monitor without outside "help".
No sir I dont like it.
As long as No Script and about:config exist I don't care - most intermediate level users I know use Chrome - I can't stand it - I know how to use all these options and I don't like having them taken away.
Democracy Now! - uncensored, anti-establishment news
Remember that bunch of arrogant idiots working on the desktopsystem GNOME?
Does anyone see the similarity?
"Users are idiots and are unable to use complex things, so lets dumb it down, so every one can use it".
Well see where they ended: Pretty much noone cares about them anymore.
I'm the user. I pick and choose. Chances are... I won't choose "your" app. I decide what's useful to me.
That depends. Our application installations aren't public, they are purchased by other companies and organizations for their users. If you're our customer you can certainly choose us, or not. If you're one of our customers' users then they already made that choice for you, and you can choose to either take your employer's required training online, or not. If you choose not to, then you won't be their user much longer. I'm sure they will be impressed with your personal morality when you explain that the reason you aren't trained is because you don't want to execute Javascript in your browser.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I use the 'yesscript' addon to disable javascript on certain pages in Firefox. It still works in version 23 beta. I assume so does 'noscript' which turns it off on all pages by default.
And here I thought that after what NoScript pulled I'd never be installing it again.
"An add-on to block 3rd party Javascript would be a nice alternative NoScript which requires a lot of whitelisting to be useful. Almost all advertising related Javascript is from off-site."
Noscript does this. "Temporarily allow top level sites by default" right up at the top of the general tab in noscript options. If you go to www.foo.com scripts originating from foo.com are parsed, scripts referenced from third party server adsurge.bar.com are simply ignored. It's a thing of beauty.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
...it may not be a good one, but there's always a choice. You can move the company to Iceland and tell the NSA to suck it. It's not a good, practical, or wise choice, but it's a choice.
And tell me, why do we need DOM manipulation? Why can't sites just send fucking
They can. You just have to turn off your censorware.
static content?
Without DOM manipulation, the page has to completely reload every time new information arrives or every time the user decides to collapse or expand a portion of the page. Sending 2 kB of things that have changed on a 100 KiB page takes far less time than sending 2 KiB of things that have changed and 98 KiB of things that have not.
Name it "JS" and place it in your bookmarks toolbar. Problem Solved.
This web2.0 stuff sucks. I want something to keep an all text web around.
Comments to this Slashdot story are text, yet Slashdot allows the user to interact with their presentation. Would you want to have to reload all 459 (textual) comments to this discussion just because you're previewing your own (textual) comment or just because you're collapsing or expanding an existing (textual) comment?
If you don't like what HTML, CSS, etc model and want your stuff to behave like an application... then write a fucking application instead!
Provided that the operating system's publisher will even let a particular developer develop for that operating system. There's a substantial entry barrier to developing an application for iOS, Windows Phone, or the game consoles, and a web application is one way to circumvent this. That and the fact that Chrome OS uses the HTML DOM as its "application" API anyway.
Name it "JS" and place in the bookmarks toolbar. Problem solved.
Just today I had one web site needing Javascript just to present a fucking list of addresses. Six of them.
I've seen scripts that (attempt to) protect e-mail addresses from spammers' scrapers.
As long as No Script+Ad Block still work, I don't care what they do with built in Java settings.
The web page should not be a stub that loads the article content via JS. The article text should be there already.
Should the article's text be there, or should the article's first section's text be there? Some devices make it painful (in transmission charges, transmission time, or user interface) to load or to read an entire article, instead preferring interaction models that present a section at a time.
As soon as there are laws allowing people to sue for inaccessible websites (and there will be such laws), then this problem will be fixed.
What country are you in? In the United States, companies that do business with the United States Government are subject to Section 508 of the Rehabilitation Act. And after a few preliminary rulings, Target pleaded liable in an Americans with Disabilities Act class action: National Federation of the Blind v. Target Corporation .
so because some web site can't code a noscript tag we have to open up a security hole in the browser? I guess the noscript plugin may gain popularity because of this
Only 'flamers' flame!
I think the goal of an advertiser is take anything cool and useful and shit all over it.
Would you rather see most web sites end up behind a paywall in order to pay the bills?
Sure, I like calendars that are clickable. But I don't have to have them, just let me enter the god damn date and accept several different formats
What's the best practice for parsing "several different formats" on the first try in the server side of a web application? For example, does 3/5/2014 mean 3 May or March 5? What month is "luglio"? The web applications that I have developed take ISO 8601 (YYYY-MM-DD) input, and users with script turned on also get a button to show a calendar control in case they do not understand ISO 8601.
it seems that I get far fewer virus infections than many people that just blindly turn it on.
I get a similar effect by just making SWF click-to-play and not browsing pornographic web sites or web sites devoted to sharing infringing copies of proprietary commercial software.
No, that's a pretty HTML view of web browsers. Web browsers aren't "the internet".
Nor are web browsers only HTML. They are also images. They are also CSS. They are also video. And they are also script, so that the difference between a document before a user-requested change and the same document after said change can be transmitted efficiently.
Oh, my, the page refreshed. How awful.
When users' Internet connections are billed by the bit, it costs money to refresh a page once for every user interaction. Satellite and cellular Internet connections are still billed by the bit in 2013.
This will kill them. Why? Javascript is killing the net. We would grit our teeth when we had to turn on 2 layers of script to print or comment. Then it became 3 or 4 or 5 or even 6 layers of "temporarily allow all..". And now there are websites that won't even DISPLAY w.o. Javascript running. And it crushes most laptops because web designers are handed a stack of requirements that tell them to turn on 30 or 40 or more Javascripts.
For once I'm glad my company is so backwards we use v17.
... whether it is "a growing movement". It's the user's browser. Let her turn off JavaScript if she wants.
Note to programmers (and keep in mind I am one): you don't own people and their browsers. If you try to lock them in, they'll struggle against you and you'll end up losing business.
Bonehead move, Mozilla. Put it back.
What I think most people are upset about (here I go making assumptions) is pages of content that don't need Javascript which are designed to require Javascript for one reason or another — usually either as a means of forcing advertisements on viewers, or because it's easier than doing the same thing in CSS, even though that is completely possible.
That or because CSS can't do certain effects in Internet Explorer pre-9. Until April 2014, you have to support IE 8, and if your market includes certain parts of East Asia, you have to support IE back to 6.
And how did end users get the majority of their ActiveX widgets? Through Internet Explorer. Your argument makes sense - from a pedantic programmer's perspective. From an end user's perspective (and those of us who have had to clean said users computers), though, it's a distinction without a difference.
There's a difference between a document and an application, and I damn well would prefer that difference to remain.
Then what application format would you recommend for an application intended to work on multiple PC, mobile, and set-top operating systems?
Most sites that are unusable without javascript could have easily been coded to be usable. Are drop down menus really so critical?
How do you recommend that users navigate to another subcategory of a web site without script and without multiple large page loads? For example, consider a product category tree that uses script to allow users to expand and collapse categories. I'm open to your suggestions about interaction models that do not involve 1. JavaScript or 2. resending 198 kB of unchanged text just to change 2 KiB.
It's one line in a menu page that is, by default, half empty to start with. wow, such a waste of "valuable screen real estate".
Perhaps the goal is to eliminate that page entirely by merging all items on it into other pages.
Lots of page book-keeping, like menus, active page indicators, etc, can be done with CSS.
How do you make a menu appear on click (not on hover) with CSS and without script? Apart from Wacom tablets, I've never used a touch screen that distinguishes a hover from a click.
Anybody whose website failed to work in Lynx was derided as an idiot.
How would you recommend implementing something like Google Maps to be compatible with Lynx?
Google Docs could be written to be a native app
What format of native apps runs on Windows 7, Mac OS X, GNU/Linux, Android, iOS, Windows Phone, Windows RT, and the major video game consoles?
In the vast majority of cases, providing a non-JS experience is not extra work if you're using best practices to begin with.
What's the best practice to pan and zoom a view of an unbounded plane without script? Something like Google Maps would need that.
Unless your site is trustworthy and useful, you DO NOT GET TO RUN JAVASCRIPT.
What's the best practice for a site to demonstrate to users that it is trustworthy?
You claim that web site operators ought to take a third option. Other than advertisements and paywalls, what third, fourth, and fifth options for the revenue needed to sustain a web site did you have in mind?
For many websites I have to periodically turn Javascript OFF because the developers are just stupid. But in even more cases, it is because the developers are abusive. One such site is a place called images.google.com. But it's not so much what Google codes. Although Google does do tracking abuses using Javascript, I don't really care much about that. The real problem is visiting the sites with the images I find, only to have those sites doing redirects away from the page with the image. Those are what I turn Javascript on an off with. And I even leave the preferences menu open on the side so I can turn it on and off easily.
What the Firefox developers should do is move the button to turn Javascript on and off up to the front panel with all the other instantly reachable buttons. With it right at the front, then there won't be so many problems.
But yet again, Firefox developers continue to try to force people to continue using older versions. Now we have an even stronger reason to do just that.
now we need to go OSS in diesel cars
If you are as tired as some of us are with the Firefox folks stripping functionality out of the Mozilla browser, why not use SeaMonkey instead? For those who don't know of it, SeaMonkey is a Mozilla fork that includes the whole 'classic' Mozilla/Netscape Suite. It has the Browser/Composer/Email/News bundle in one interface. It also will run most Firefox plugins (or Seamonkey versions thereof) NoScript is very easy to install.
I couldn't get by without Seamonkey for the way I interact with the Web. If I encounter formatted HTML on a page that I want to locally capture, I open up a Composer window and cut and past the formatted HTML into a new HTML file and save it locally. The democratic Web is based on a symmetrical web experience: that is, the browser and composer should both be available to all Web users. If you want a web browser where there's an 'Edit' choice in the 'File' menu at the left end of the menu bar, so you can open up a local copy, tweak and save a local copy of most any page you navigate to, you want Seamonkey.
Seamonkey can be explored and downloaded Here. It's available as source or a binary package for most freenixes and a Windows installer.
"This is not the browser you are looking for."
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
WTF. Seriously, WTF.
Hide the option under about:config if you have to clean up the config UI.
Have you taken on board somebody from Microsoft in recent times who is determined to alienate and destroy your userbase? This isn't the first asshat decision you've made by a long shot in the past 5 years.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
And unnecessary boldness.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
Because this removal of a major feature indicates Mozilla has caught Gnome Disease. And, like Gnome, their usability and popularity will suffer for it.
I've noticed that most of the comments on this page are people being worried about Mozilla taking away functionality from the browser, but... wasn't the point of Firefox to reduce the amount of bloat in the default setup? Mozilla Suite (now Seamonkey, previously Netscape Communicator) wasn't quite Emacs, but it included way more than what many required for their uses, and so Firefox was born to trim all of that stuff out, with the idea that you can add in back in with extensions.
That's where our javascript blocking needs to be happening. Extensions like NoScript, which you can use to block all javascript if you so desire. (Just install it and then don't enable anything.)
Apple tends to keep lots of options in the GUI. They are just layered so the more advanced stuff doesn't immediately get in your face.
OTOH, Gnome is famous for its 'feature dismemberment' habit. If a feature raises questions or requires effort to make sure it works in different system configurations, then its deemed too much trouble and is cut off.
As long as I can say "fuck you" and completely reverse this design -- whereby script only runs by me whitelisting it -- with a config option, or just good old NoScript, then I can't find the energy to care. I am well aware that I am in a minority of web-savvy users and that a vast majority of the web lets arbitrary scripts run all the time with nary a care in the world, but my current "personal message" on Pidgin sums up my feelings on this matter pretty well: "any website devoid of content without javascript enabled is developed by a fraud and a failure". I had this problem just this afternoon where a DDG search led me to what seemed like a promising result, but all I found was a completely blank page and a big red cross-out on NoScript. Did I temporaily whitelist the domain for the content I was looking for? Hell no, I hit backspace and went to another site designed by someone with half a brain.
Potatoes are friggin' magical. Can you power an alarm clock with a carrot? No, sir!
Firefox was broken before, 22 just fixed the bug.
If you were to be stuck using Links browser under a *nix shell, you'll see lots of websites broken now. Yeah rare these days, that I need to use Links, but its showing now that Javascript is riddled in most websites. In many cases, you cannot even browse their website without Javascript. I highly disagree about removing the option. Or at the very least allow plugins or about:config to disable it. If not, Mozilla will have made a big mistake. It's not the time to assume it should not be disabled.
Really? You're reading a long list of comments, click "like", and the whole page reloads - that's cool?
I disagree that requiring JS to function makes a site broken. There are a number of useful things that just can't be done in HTML or in server-side scripting without it looking like ass and working like shit. Some of the problem, too, is shortfalls in HTML itself. I've always been annoyed that you need to use JS to cause the cursor to default to a given field in a form (and maybe that's been fixed in HTML5 -- I haven't looked for it yet).
However, you did land on the primary thing I was thinking of a couple of posts ago -- that, as you so perfectly put it, "Sandboxing doesn't stop spying and tracking, it doesn't stop stupidity like disabling right-click menus, or any of a million other problems." Like you, I am not going to stand by and watch while they hijack my browser's functionality and stick their noses where they don't belong. Trackers are specifically designed to subvert the sandboxing by using a third-party location for the relevant scripts and data.
www.wavefront-av.com
You can refuse to use JS, same as you can make programs without loops. Those programs could be very, very, very, very, very, very, very long and redundant, but they could work. Unless you run out of memory. How would you write "99 bottles of beer on the wall, 99 bottles of beer, take one down pass it around, 98 bottles of beer on the wall. 98 bottles of beer on the wall, 98 bottles of beer..."? You could make a giant print statement that has all 99 sentences in the body. That's pretty much how HTML w/o JS has to do it. Limited reuse is possible in pure HTML, but a lot of trouble.
What if I want to provide totals, averages, and other nice bits of math in 2 or more identically structured tables with the data they contain the only difference? Could be something like sports statistics from different seasons. Without JS, all that has to be calculated beforehand and put in the web page. HTML can't do it. You can't tell HTML that column c of a table is the sum of columns a and b, and have the browser do the sums, there's just no way.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
Ideally, you download the 97 kB framework once on the first visit to a site, after which it sits in cache. If it's a popular framework like jQuery, you might not even need to download it once per site if web sites transclude a copy of the framework on a CDN. After that, the site can send you 2 kB deltas instead of 100 kB refreshes. I agree with you that excesses exist. They just aren't obligatory like they would be if you had to refresh the whole page all the time.
This is a completely idiotic idea. Oh, users might not see the Wonderful Ads, I mean, Website!
Yeah, and if I get hijacked, or go to something I was searching for answers to, but which turned out to be a fake (like Target, in the US, *always* producing a sponsored ad, no matter what I'm searching for), and is infected? If I don't have javascript enabled, a major attack vector is eliminated.
mark, who remembers that the *original* spec for the web was to display data the way the *users* wanted,
not the way the data source wanted
Can you give me a way to figure out which framework a particular site is using?
Most of the time, the URLs in the src= attributes of the first few <script> elements will give it away.
Does jQuery cost something?
It costs load time, and it costs transmission costs if (on the server side) you have a lot of visitors or (on the client side) your Internet connection is billed by the bit. Hosting jQuery from a CDN is a way for websites to pool these costs.
That falls right into the paradigm of "my web page must be the only thing you look at", which is enforced by creating a page that does not scale to the user-specified window size but requires full-screen windows to work right.
The availability of 4", 7", and 10" tablets whose full screens themselves have different widths breaks that paradigm in favor of "responsive design", which uses CSS media queries to switch among several layouts.
Because url's could never specify where to go on a page and browsers always go back and refresh everything for giggles?
No sir I dont like it.
I'm just an end user but I think that the blame should not be placed solely at Mozilla's feet. We as consumers have not been vocal enough about with excessive "features". the number of scripts and other wonderful features not only makes websites complex but easily breakable. The end result of tackers and loggers and data miners and ..... well you get the picture.Websites should provide interfaces for lite browsers. I see no reason (except data mining) why a website can't provide a basic alternative for lite browsers without all the plugins on the planet. let those who want the customized experience use a full featured browser and those that only need the utility use whatever they want.
I just found this website (http://panopticlick.eff.org/) and discovered that much of my attempts at privacy has been for naught. Three of my browsers were presented as unique out of over 3 Million in their database. Java and js were partly responsible. I've often said, FF rose to the fore because it was lite and secure; now both these attributes are out of the window. Is there any real reason stick with FF now?
Say an IE user behind a caching proxy visits a page. The proxy passes the User-agent to the web server, and the web server returns a temporary redirect to the page with IE instructions. Then the proxy caches the fact that the redirect was to the IE page, and the next user comes in with Chrome or Firefox and gets the cached IE page. All the web server can do at that point is throw "Not using Internet Explorer? See instructions for other web browsers" at the top of the IE instructions and hope that the user is smart enough to know what browser he's using, as opposed to "I'm using the Internet".
I'm on a very slow internet connection that often fails contacting servers if there are many simultaneous active connections. Hell.. even this ISP seems to have faulty routing to several sites that those sites are forever inaccessible to users, or difficult to access, e.g: Wordpress CDN. Typical news pages that load dozens of scripts from various sites always give me headache since they often fail loaded with broken CSS and images or not showing its contents at all since the script needed cannot be loaded. This is often solved by disabling javascript. Without this option, I'll have to wait 3 minutes or more to read a news page, if I'm lucky... Nevermind I'll use Chrome instead.
People like you and me were not the intended target of the movement that kicked off the 'Year Of The Linux Desktop'.
Your only real complaint there about OS X is Network Utility. As for the far more important Network Manager, is still barely works and gets confused easily. Apple's network management works 200% better, and is packed with options in a consistent UI.
And then there is Unity, which is also half-broken in its own way. I'm using it right now and don't mind it too much (as I know what's going on underneath and can take care of myself), but I would never recommend it or other Linux desktop to a regular user these days. The whole premise is faulty; that you can get an OS to work well when 1) its no one's role to ensure software and hardware are well integrated, and 2) the blame for bugs and omissions is habitually directed 'upstream'.
The list of fundatmental wrongs is actually quite a bit longer than that. Apple and Microsoft created a defacto standard for how a personal computer should behave; that standard was shaped by many also-rans plus users' needs and expectations. The Linux desktop tried to cut across the grain of that PC culture by applying multiple candy coatings half-heartedly over something that is culturally grounded in the server room. The result is that you can't even give it away.
You can't simultaniously argue that an attack vector only accessible by javascript is a javascript exploit
I never said that, not even once. What I said is that javascript is a dependency for the exploits,
When information is power, privacy is freedom.