I asked a question yesterday Should I Bother to Develop For JavaScript Disabled?. I think the consencus is: Yes, I should develop for JavaScript Disabled. Now I just want to understand why users disable JS. It seems many developers (I guess people who answered the questions are developers) disable JS. Why is that. Why do users disable JS? For security? Speed? or what?
|
One disables JavaScript in a browser environment because of the following considerations:
Speed & BandwidthA lot of applications use way too much JavaScript for their own good... Do you need parts of your interface to be refreshed by AJAX calls all the time? Maybe your interface feels great and fast when used with a broadband connection, but when you have to downgrade to slower connection speeds, a more streamlined interface is preferred. And switching off JavaScript is a good way of preventing dumb-struck web-apps of refreshing the world every 15 seconds or so for no good reason. (Ever looked at the amount of data Facebook sends through? It's scary. It's not only a JS-related issue though, but it's part of it). We also tend to off-load more and more of the processing to the client, and if you use minimalistic (or just outdated) hardware, it's painfully slow. Usability & AccessibilityNot all user interfaces should expressed in a dynamic fashion, and server-generated content might be perfectly acceptable in many cases. Plus, some people simply don't want this type of interfaces. You cannot please everybody, but sometimes you have the chance to and the duty to satisfy all your users alike. Finally, some users have disabilities, and thou shalt not ignore them, ever!!! The worst-case scenarios here, in my opinion, are government websites that try to "modernize" their UIs to appear more friendly to the public, but end up leaving behind a big chunk of their intended audience. Similarly, it's a pity when a university student cannot access his course's content: because he/she is blind and his screen-reader doesn't support the site, or because the site is so heavy and requires ad-hoc modern plug-ins that he/she doesn't get to install on that refurbished laptop bought on e-bay 2 years ago, or again because he/she goes back home to another country for the spring break and the local bandwidth constraints cannot cope with the payload of the site. Not everybody lives in a perfect world. Platform SupportThis point relates to the 2 previous ones and tends to be less relevant nowadays, as browsers embed JavaScript engines that are a level of magnitude more efficient than they used to be, and this keeps getting better. However, there's no guarantee that all your users have the privilege of using modern browsers (either because of corporate constraints - which force us to support antediluvian browsers for no good reason, really - or other reasons which may or may not be valid). As mentioned by "Matthieu M." in the comments, you need to remember that a lot of people still use lower-quality hardware, and that not everybody uses the latest and coolest smartphone. As of today, there are still a significant portion of people using phones that have embedded browsers with limited support. But, as I mentioned, things do get better in this area. But then you still need to remember the previous points about bandwidth limitations if you keep polling very regularly (or your users will enjoy a nice phone bill). It's all very inter-related. SecurityWhile obviously you could think that nothing particularly dangerous can be done with JavaScript considering it runs in a browser environment, this is totally untrue. You do realize that when you visit P.SE and SO you are automatically logged in if you were logged on any other network, right? There's some JS in there. That bit is still harmless though, but it uses some concepts that can be exploited by some malevolent sites. It is completely possible for a website to use JavaScript to gather information about some things you do (or did) during your browsing session (or the past ones if you don't clear your session data every time you exit your browser or run the now common incognito/private browsing modes extensively) and then just upload them to a server. Recent vulnerabilities (working in major browsers at the time) included the ability to gather your saved input forms data (by trying out combinations for you on a malevolent page and recording the suggested texts for each possible starting letter combinations, possibly telling attackers who you are, where you work and live) or to extract your browsing history and habits (A very clever hack doing something as simple as injecting links into the page's DOM to match the color of the link and see if it's been visited. You just need to do this on a big enough table of known domain names. And your browser getting faster at processing JavaScript, this type of thing gets done quickly.) Plus let's not forget that if your browser's security model is flawed, or the websites you visit don't protect themselves when enough against XSS attacks, then one might use JavaScript to simply tap into your open sessions on remote websites. JavaScript is mostly harmless... if you use it for trusted websites. Gmail. Facebook (maybe... and not even...). Google Reader. StackExchange. But yeah sure, JavaScript cannot be that bad, right? And there are scarier things to fear online anyway. Like thinking you're anonymous when you really aren't that much, as shown by the Panopticlick experiment of the EFF. Which is also partly done using JavaScript. You can even read their reasons to disable JavaScript to avoid browser fingerprinting. All this being said, there might be perfectly good situations where you don't need to bother about supporting JavaScript. But if you offer a public-service website, do consider accepting both types of clients. Personally, I do think a lot of modern web-apps and websites would work just as well using the former server-generated content model with no JavaScript at all on the client side, and it would still be great and possibly a lot less consuming. Your mileage may vary depending on your project. |
|||||||||||||||||||||
|
Because trusting somebody to write a funny comic strip every morning and trusting somebody to run arbitrary Turing-complete code on my computer are two very different things. |
|||||||||||||||||||||
|
I am not a web developer, and I have only a moderate understanding of the way the internet works. So this is an answer from a user. My experience leads me to believe many sites are simply poorly coded, whether out of laziness or ignorance: When I would view a basically static web page, such as a Facebook page, my CPU usage would increase by something like 15%, and drastically more with multiple tabs. Eventually it got to the point where I would have to wait for a response after clicking a button or link and my CPU would overheat and lock up. On many of these worst offenders (sites), nothing visible is changing and nothing interactive is happening. I could only suppose the site's code was constantly making excessive refreshes, polls, and endless loops. This drove me to install NoScript to free my CPU usage and stop browsing from becoming a frustrating chore. The other wonderful add-on I use is FlashBlock. |
|||||||||||||
|
I disable JS for speed reasons. TechCrunch without JavaScript takes a few seconds to load with a primed cache. With JavaScript it takes almost 20 seconds, more if the cache isn't primed. Lots of sites have become bloated with JavaScript, especially image galleries and commerce sites. Removing this gives you a better browsing experience in most cases. |
|||
|
For me it all about security. I use noscript to allow certain websites to run javascript, while disallowing most. In the end you really never know where the danger lies (nobel web site infected on techspot.com). Many zero-day (and other) exploits use javascipt; closing this one avenue of attack feels like a step in the right direction. |
|||||
|
My main reason is that it suppresses the most annoying ads. I'd rather not use AdBlock Plus, since that can affect revenue for the sites I visit (and I've used a site or two where the terms of service said I was not to disable ads). NoScript limits the potential obnoxiousness of ads, and I'm willing to live with the rest of them. There's also the security consideration, and that's largely related to ads also, since any site that sells ads has to be considered potentially hostile. Moreover, I don't necessarily know a site is dodgy before I visit it. Some people enjoy sending out links to sites, and aren't necessarily honest. |
|||||
|
Because browsers used to have slow JavaScript implementations and too many n00b web designers just used it for irrelevant things like button rollovers. On a fast machine, with a modern browser, nobody in their right mind disables it all the time. Which is not to say there aren't plenty of very "security conscious" people and others without the funds, desire, or know-how to be running a modern browser on a fast computer... It was only recently that IE6 stopped being the most popular browser on the internet! |
|||||
|
With Javascript activated any website may execute code on my Computer. I don't even know, if the particular website executes code and what it does. Even more worse, someone else may insert code without my knowledge into a normally harmless website (XSS). Recently a the well-known german computer-magazin c't made an article, taht an 16-year-old tried the online-banking-sites of the most common banks in germany. Many of them - including the biggest - were vulnerable for XSS. And you don't even notice, that your online-banking-site executes some Javascript that changes for example the target and the amount for a transaction. With disabled Javascript the XSS-attack in the context of a trusted site is useless, I don't execute the malicious code. |
||||
|
protected by World Engineer♦ Feb 25 at 21:52
Thank you for your interest in this question.
Because it has attracted low-quality answers, posting an answer now requires 10 reputation on this site.
Would you like to answer one of these unanswered questions instead?