Are government websites static or dynamic websites

Why is JavaScript disabled?

I asked a question yesterday. Should I take the trouble to develop for JavaScript disabled? . I think the consensus is: yes, I should develop for JavaScript Disabled. Now I just want to understand why users disable JS. It seems that a lot of developers (I think the people who answered the questions are developers) are disabling JS. Why is that. Why do users disable JS? For safety? Speed? or what?


JavaScript is deactivated in a browser environment for the following reasons:

  • Speed ​​and bandwidth
  • Ease of use and accessibility
  • Platform support
  • security

Speed ​​and bandwidth

Many applications use far too much JavaScript on their own ... Do parts of your user interface need to be constantly updated with AJAX calls? Perhaps your UI feels great and fast when using a broadband connection, but if you need to downgrade to slower connection speeds, a streamlined UI is preferred. And turning off JavaScript is a great way to prevent dumb web apps from refreshing the world about every 15 seconds for no good reason. (Ever looked at the amount of data that Facebook sends through? It's scary. However, it's not just a JS problem, it's part of it as well.)

We also tend to shift more and more of the processing to the client, and if you're using minimalist (or just outdated) hardware it's painfully slow.

Ease of use and accessibility

Not all user interfaces should be dynamic, and server-generated content can be acceptable in many cases. Also, some people just don't want these types of interfaces. They may not please everyone, but sometimes you have the chance and duty to please all of your users equally.

Finally, some users have disabilities and you are supposed to No way to ignore !!!

The worst case scenario, in my opinion, is government websites trying to "modernize" their user interfaces to appear friendlier to the public but end up leaving a large chunk of their target audience behind. Likewise, it is a shame if a student cannot access the content of his / her course: because he / she is blind and his / her screen reader does not support the site or because the site is so extensive and requires modern ad hoc plug-ins that he / she can / it cannot be installed on the refurbished laptop bought 2 years ago from e-bay, or because he / she is returning to another country in the spring break and the local bandwidth restrictions are not compatible with the payload of the page? ˅.

Not everyone lives in a perfect world.

Platform support

This point relates to the previous two and tends to be less relevant these days as browsers embed JavaScript engines that are more efficient than they used to be, and it just keeps getting better.

However, there is no guarantee that all users will have the privilege of using modern browsers (either because of company restrictions - which force us to support anti-Diluvian browsers for no good reason - or for other reasons that may or may not be valid). As from "Matthieu M." Mentioned in the comments, one has to keep in mind that there are still a lot of people using low quality hardware and that not everyone is using the newest and coolest smartphone. To date, there is still a significant proportion of users of phones with embedded browsers and limited support.

But as I said, things are getting better in this area. But you still need to remember the previous points about bandwidth limitations if you check regularly (or your users get a nice phone bill).

It's all very interrelated.


Of course, one might think that JavaScript is not capable of particularly dangerous actions, considering that it is being run in a browser environment. However, this is completely wrong.

You notice that when you visit P.SE and SO you are automatically logged in if you were logged in to a different network, right? There's a JS in there. While this bit is still harmless, it uses some concepts that can be exploited by some malicious sites. It is entirely possible for a website to use JavaScript to collect information about certain things you did (or did) during your browser session (or previous ones if you don't clear your session data every time you open your browser close or run this now) frequently used incognito / private browsing modes (extensively) and then just upload them to a server.

One of the most recent security flaws (which appeared in most browsers at the time) was the ability to capture your saved input form data (by trying combinations on a malicious site and recording the suggested texts for each possible combination of initials, possibly to let attackers know who you are where you work and live) or to extract your browsing history and browsing habits (a very nifty hack that does something like inserting links into the page's DOM to match the color of the link and to determine whether or not they have been visited. You just have to do this on a sufficiently large table of well-known domain names. And your browser will be faster at processing JavaScript, this is done quickly.)

Also, keep in mind that you can use JavaScript if your browser's security model is flawed or if the websites you are visiting are not adequately protected against XSS attacks.

JavaScript is mostly harmless ... if you use it on trusted websites. Gmail. Facebook (maybe ... and not even ...). Google Reader. StackExchange.

Of course, JavaScript can't be that bad, can it? And there are more scary things to worry about online anyway. You could think that you are anonymous if you really aren't that much, as the EFF's Panopticlick experiment shows. This is partly done with JavaScript. You can even read the reasons for disabling JavaScript to avoid fingerprints in the browser.

Even so, there may well be times when you don't have to worry about JavaScript support. However, if you are offering a publicly available website, you should accept both types of customers. Personally, I think a lot of modern web apps and websites would work just as well with the previous server-generated content model with no JavaScript on the client side, and it would still be great and potentially a lot less expensive.

Your mileage may vary depending on the project.

Because trusting someone to write a funny comic every morning and trusting someone to run arbitrary Turing-complete code on my computer are two things very different things.

I'm not a web developer and I have only a poor understanding of how the internet works. So that's an answer from one user .

Based on my experience, I am of the opinion that a lot of websites are just badly coded, be it out of laziness or ignorance: if I basically have one static Looking at a website like a Facebook page, my CPU usage increases by about 15% and drastically more with multiple tabs. At some point it got to the point where I had to wait for a response after clicking a button or link and my CPU overheated and crashed.

For many of these worst offenders (websites) nothing visible changes and nothing interactive happens. I could only guess that the site's code was constantly doing excessive updates, polls, and endless loops.

That made me NoScript to install to my CPU usage to reduce and stop making surfing a frustrating task.

The other wonderful add-on I use is FlashBlock .

I disable JS for speed reasons. Loading TechCrunch without JavaScript with a prepared cache takes a few seconds. With JavaScript it takes almost 20 seconds, more if the cache is not prepared.

Many websites are cluttered with JavaScript, especially image galleries and commerce websites. If you remove this you will be able to browse better in most cases.

For me, it's all about safety. I use Noscript to allow certain websites to run Javascript while I disallow most of them.

In the end, you really never know what the danger is (Nobel website infected on Many zero-day exploits (and others) use JavaScript. Closing that one avenue of attack feels like a step in the right direction.

My main reason is that it suppresses the most annoying ads. I'd rather not use AdBlock Plus as it can hurt revenue for the websites I visit (and I've used a website or two that didn't allow ads to be disabled according to the Terms of Service). NoScript limits the potential obnoxiousness of ads and I am ready to live with the others.

There are also security issues that are essentially related to ads as any website that sells ads needs to be classified as potentially hostile.

Also, I don't necessarily know that a website is in doubt before I visit it. Some people like to post links to websites and are not necessarily honest.

Because browsers used to have slow JavaScript implementations and too many n00b web designers were just using them for irrelevant things like button scrolling.

On a fast machine with a modern browser, no one in their right mind disables this feature all the time. That doesn't mean that there aren't many very "security-conscious" people and others who don't have the money, desire, or know-how to run a modern browser on a fast computer ... IE6 only recently stopped working to exist The most popular browser on the internet!

With Javascript enabled, any website can execute code on my computer. I don't even know if that particular website is executing code and what it is doing. Worse, someone else can paste code into a normally harmless website (XSS) without my knowledge. Recently, a well-known German computer magazine did not write an article in which a 16-year-old tried the online banking sites of the most popular banks in Germany. Many of them - including the largest - were vulnerable to XSS. And you don't even notice that your online banking page is doing some Javascript that, for example, changes the destination and amount for a transaction. With Javascript disabled, the XSS attack is useless in the context of a trustworthy site, I do not execute the malicious code.

We use cookies and other tracking technologies to improve your browsing experience on our website, to show you personalized content and targeted ads, to analyze our website traffic, and to understand where our visitors are coming from.

By continuing, you consent to our use of cookies and other tracking technologies and affirm you're at least 16 years old or have consent from a parent or guardian.

You can read details in our Cookie policy and Privacy policy.