Should I worry about javascript support? - javascript

I've developed a ajax enabled site. However, the site does not currently work without javascript. The site works well on any browser that I've tested as well as iPhone/Nokia phones.
However, should I still worry about javascript support?
I know there are techniques that would get my site to work both with or without javascript, but the refactoring would require some time.
Edit: This application is targeted for our customers that will be using the the system to fill in and handle forms. Professional use mostly.

Javascript is Huge now and since facebook and other large JS Based site, browsers have pushed out new innovations to deal with the latest web changes when it comes to JS
Because of this JavaScript is widely supported and you should not worry dramatically but it still needs to be delt with.
A Simple <noscript> tag to display a message to a user telling them they need javascript to continue
<noscript>
Please enable javascript to use this site
</noscript>
Keep checking your analytics software such as google, mint etc to see what your visitors are using.
That will help you decide how much you have to worry about it
A way to Track non JavaScript enabled browsers is like so
<noscript><img src="noscript.php" /></noscript>
This will load a php file as an image!
the php file
<?php
//Track the user details here inside your database or whatever so you can then see.
//Here send back a 1x1 pixal so the DOM IS ok and to reduce load
$pxl= imagecreate( 1, 1);
header( "Content-type: image/png" );
imagepng( $pxl);
imagedestroy( $pxl);
?>

You could display a message to users with javascript disabled saying that the site will not work properly:
<noscript>
Hey, it seems you have Javascript disabled. Get out of my lawn!
</noscript>
If this is a big deal or not depends on your target audience.

You should always try to keep in mind that a certain percentage of endusers disables javascript in their browser. On the other hand most modern sites don't work anymore or don't always degrade gracefully. It's up to you to either convince your users to enable javascript or to create at least a page with minimal functionality which can be run without javascript.
Grz, Kris.

Most browser today have javascript enabled. One thing to keep in mind is that crawlers/spiders from for example google do not have javascript on.

This depends entirely on your users.
If you can make sure your users browser supports JavaScript, then it's up to you to ensure the actual code is valid and complies to JavaScript standards.
Many argue that pages has be readable by blind people and have all kinds of fallback options, but this depends on your users, and what you require of them.
If you really have to support all kind of phones, and weird devices, just create a separate front-end.

AFAIK, Google bot does not support JavaScript. So, if you want your site to be indexed by search engines, make content accessible without JavaScript.

It depends.
If you're expecting good chunk of traffic from the mobile web-browsers then yes, you must refactor the website to make sure it works well with those client. If majority of the traffic is coming from rich desktop web browsers then, it shouldn't be problem.

Related

Workaround Unsafe JavaScript attempt to access frame and ad-hoc solution

I know this subject has been largely discussed and there is no way to get the parent frame modify the children frame due to security reason.
BUT
I'm developing a ad-hoc solution for some clients, we can configure their browser and eventually install plugin ( which will be the "fail" solution).
We would like to configure the browser (chrome or whatever ) to NOT protect the browser from this.
My aim is to inject a JavaScript into their website without having any access to their website.
I actually use a php proxy which works... pretty bad ( how to keep the links when they are loaded dynamically via JavaScript? ) and I would not like to develop a Firefox plugin because it s a bit heavier and longer to set up I guess.
Any idea?
Your question is not that clear. But if you want to load a different domain from the parent in an iframe, there is no way to access it, UNLESS your customer uses an open-source browser and are happy for you to install on their systems a hacked version of the browser that will allow this.
But I can assure you this is not going to happen for a variety of reasons.
tl;dr: you can't.
You can communicate between 2 frames from 2 different domains using window.postMessage for the recent browsers.
If you have to support IE6/IE7 or older browsers, you can use the window.name hack.
Both techniques allow you to pass string data between frames.
You need then to have some javascript on both sides that listen to the event and make the action. You don't need to change anything to the browser configuration.
EDIT:
After your comment, here is another option: a bookmarklet. You define a page like this on your site, changing the path to the js file:
<html>
<body>
Drag'n Drop this to your bookmarks
</body>
</html>
And you ask your users to click the bookmark when they want your code to run.
This will inject the code in the client page, and you are free to do what you want.
Obviously this has a security concern. Your script has full access(content, cookies) in their page. But since you are almost ready to recompile a web browsers for that :) I guess it will work for them.

Browsers with JS disabled

Years ago I used to design with JavaScript disabled browsers in mind. How important is it nowadays?
Is it really something you need to worry about? I've never come across a user in real life who has JavaScript disabled. Anyone got any figures?
Having had my own company for a year and working at another for a couple of years, none of my direct clients has ever had JavaScript disabled, in one single instance I've had one of my clients customers have JavaScript disabled, so my current guess (purely anecdotal evidence) is about 1/50.000.
My biggest worry when working with JavaScript is and has always been cross browser compliance, what works in FF doesn't always work in Chrome, what works in FF and Chrome doesn't always work in IE 8, and what works in all of the above... doesn't always work in IE 7.....
And then there is IE 6.
Edit, yay data:
By July 31, 2009 firefox had 1 billion downloads
Noscript has as of September 14, 2010 73 million downloads
That tells us that about 7% of the times FF users has downloaded the browser, they have also installed the noscript plugin.
Edit addendum
Making this community wiki, add your math people.
Edit:
In October 2010, Yahoo! published actual stats.
In short, the answer varies by country, but for a US site, you can expect 2% of your users to have javascript disabled.
My tips would be:
Designing a site with a fallback to no JS is usually entirely possible and not all that difficult. You should consider doing it, regardless of what the statistics about JS-disabled browsers say.
However, don't let this stop you from being creative. If you must rely on JS and there's no workaround, don't hesitate. If someone wants full browsing experience and works with JS off, it's his/her fault.
Encoding emails using JS unescape() is always a good idea. In a JS-disabled browser, just display nothing.
You're right: straight up disabling of Javascript is pretty uncommon these days because it is used by so many sites.
However most browsers have more fine-tuned control; ie to turn it on/off per site, which may still be used by paranoid.. uh, security-conscious users.
Even more likely, there's a Firefox extension called NoScript which is actually very popular. This extension gives the user even more control over when to allow Javascript. I don't know whether there's similar plug-ins for other browsers, but I expect so.
Finally, many disabled users will be running screen-readers or other accessibility browsers which may still not run Javascript properly/at all. If you want to support these users, then you'll need to be aware of the unique environments they work in.
So yes, it is still a good idea to support non-JS users, even if they are in the minority. That said, I don't think you need to make everything work for them, as long as your basic site functionality works (ie add to basket, checkout, etc), there's no need to get too stressed about them not getting the bells and whistles.
The NoScript plugin for Firefox has been downloaded 73,063,406 times.
Your site should be usable without JS (so don't replace links with JS voodoo unless you absolutely have to).
Also people that need special output devices (like Braille Readers) will prefer sites that that work without JS.
I agree that disabling javascript is uncommon and i also agree that it's important to build websites while taking javascript-disabled browsers in mind.
BUT javascript is strongly invloved in modern & large websites now (google, youtube, facebook). without javascript you can't build AJAX supported websites and you can't also use the power of jQuery or any js library.
and if you are worry about cross browser compliance, you might wanna consider using jQuery because it abstracts away the famous cross-browser issue.
personally, i'll be always using javascript in any website i build :).
I'm a bit late to the party, but about a month after this question was asked, Yahoo! published actual stats.
In short, it depends on where your visitors are from, but in the US, you can plan on about 2% of your visitors having javascript disabled.
Here's a couple of general guidelines. People who use different browsers with accessibility in mind, or run in a terminal with no graphics toolkit (text based) are most likely to not run JavaScript. If you want to cater to these people, all you need to do is use JavaScript if you want, but only use it to enhance, not provide the content.
By this, I mean, for example, you can enhance a table by adding sort controls with JavaScript, but don't use JavaScript to parse a data file and create the table. Use a server-side program to handle a database or data file instead.
However, there becomes a grey area, and this all has to do with what kind of user base you are targeting. If you are writing a Chrome experiment then by all means, write it all in JavaScript; it's about the JavaScript.
If, however, your website aims to provide information, it's best to avoid using JavaScript to provide content wherever possible; only enhance it.

JavaScript code to take a screenshot of a website without using ActiveX

I have a JavaScript application that an user interacts with. I need to save the appearance of the interface at the current time, crop out the part that I need (or only shot the part that I need by specifying the div), and send it back to the server.
Clearly any external services would not be able to do this, I need a JavaScript (or Flash) script that can save the screen appearance. Is this possible?
Also, as the comment below says, I cannot use ActiveX.
Google is doing this in Google+ and a talented developer reverse engineered it and produced http://html2canvas.hertzen.com/ . To work in IE you'll need a canvas support library such as http://excanvas.sourceforge.net/
I think using JavaScript, you won't be able to due to the security restrictions. Flash, possibly.
It's impossible in pure JavaScript, without using ActiveX.
It is impossible using JavaScript (nor Flash). It depends on your constraints, and there are some workarounds.
You can take advantage of browser extensions (such as a Firefox add-on), but I guess it does not fit your requierments.
The best option I can think of is to construct the DOM tree on the client side, and then post it to remote server.
On the server side nothing really holds you from doing generally anything. Using WebKit or even launching Internet Explorer or Firefox, you can create the snapshot server-side.
It's far from elegant, but possible.

Is it worth it to code different functionality for users with javascript disabled?

I'm currently building a project and I would like to make use of some simple javascript - I know some people have it disabled to prevent XSS and other things. Should I...
a) Use the simple javascript, those users with it disabled are missing out
b) Don't use the simple javascript, users with it enabled have to click a little more
c) Code both javascript-enabled and javascript-disabled functionality
I'm not really sure as the web is always changing, what do you recommend?
Degrade gracefully - make sure the site works without JavaScript, then add bells and whistles for those with JavaScript enabled.
Everyone else has committed good comments, but there are a few other considerations to make.
Sometimes the javascript will be hosted on a different domain, and be prone to timeout.
Sometimes that domain may become inacessible, while your site remains accessible. Its not good to have your site completely stack itself in this scenario.
For this reason, "blocking" scripts ( ie: document write inline ) like that present in google's tracker, should be avoided, or at very least, should go as late in the page as possible so the page renders whether or not the domain is timing out requests or not.
If you happen to be serving JS from a broken/malicious server, by intent or by accident, one can halt page rendering simply by having a script that serves that javascript which just calls "sleep(forever)" once its sent all the headers.
Some People Use NoScript
Like the above problem, sometimes the clients environment may block certain script sources, be it the users choosing, or other reasons ( ie: browser security satisfactions, odd antivirus/anti-malware apps ). The most popular and controllable instance of this is NoScript, and I myself paranoidly block some of the popular tracking/advertising services with it ( some proxy servers will do this too ).
However, if a site is not well designed, the failing of one script to load still executes code that was dependant on that script being present, which yeilds errors and stops everything working.
My recommendation is :
Use Firebug
Use NoScript and block out everything --> See Site still works
Enable core site scripts that you cant' do without for anything --> See site still works and firebug doesn't whine.
Enable 3rd party stuff --> See site still works and firebug doesn't whine.
There are a lot of other complications that can crop up, but satisfying the above 2 should solve most of them. Just assume that, for whatever reason, one or more resources that comprise a page are viable to spontaneously disappear ( they do, all the time ), and you want the page to "survive" this problem as amicably as possible. For the problems that may persist for < 10 seconds, its not so bad, refresh the page and its fixed, but if its a problem that can occur, and severley hamper usability for an hour or more at a time.
In essence, instead of thinking "oh, theres the edge case users that don't have javascript", try thinking more a long the lines of "its really easy to have something go wrong, and have ALL of our users with broken javascript. Ouch! Lets try make it so we dont' really hose ourself when that does happen"
( I've seen IE updates get rolled out and hose javascript for that entire browser until the people whom wrote the scripts find a workaround. Losing all your IE customers is not a good thing )
:set sarcasm
:set ignoreSpelling
:set iq=76
Don't worry, its only a 5% Niché Market
Nobody cares about targeting Niché markets right? All those funny propeller heads running lynx in their geeky stupid linoox cpus, spending all their time on the intarwebs surfing because they have nothing better to do with their life or money? the crazy security paranoid nerds disabling javascript left and right because they don't like it?
Nobody wants them as your primary customer now do they?
Niché markets. Pfft. Who cares!
:set nosarcasm
Consider your audience
"Degrade gracefully" is generally the best answer. But lots of sites now depend on JS - especially AJAX.
Consider your audience. If your site is aimed at extremely tech-savvy people, the chances of them not having javascript are small, and you can notify them to turn it on if necessary.
If your audience may access your site with mobile devices, don't assume they have JavaScript, and don't even assume they support CSS properly. Aim to degrade gracefully all the way down to bare HTML.
I've learned a lot from my question: What's With Those Do-Not-Use Javascript People
Go with Ajax and Web 2.0. It's the way the web is going and it's wonderful. Isn't Stackoverflow great to be on? It's not quite as nice with your Javascript turned off.
Once you have your site ready, but before you let it go live, test it with Javascript off, and just add whatever you feel you need to make your site appear and function to them. You only need to add what you feel is essential.
Remember, except for visually impared people using screen readers, the others have chosen to turn javascript off. They can also choose to trust your site and turn javascript on for your site if they want to use all the functionality you have. It really is their choice.
As other have said, it should "degrade gracefully".
In other works, it must work without Javascript (period). It doesn't have to work well. The folks who've disabled Javascript know the limitations that causes and have accepted them. But if you are trying to sell them something, it's important that they can still buy it.
On the site I'm designing, there's a javascript-based fly-out menu. With Javascript off, all the flyouts are always open. It doesn't look as cool as it would with JS, but it can still be used to navigate the site.
It depends on how much time you have to develop and maintain both solutions, and how much the non-javascript users are worth to you.
My e-commerce site relies heavily on javascript, and in over a year and a half, I've not received a single complaint.
In fact, I don't think I've seen a single visitor with javascript disabled in any of logs since I started.
That doesn't mean they're not out there. It just means that either (a) they're a tiny percentage, (b) they're not interested in what I'm selling, or (c) both of the above.
Code your web site with support for the bare minimum kind of browser. Then more people can use your site without frustration even if they don't have all the bells and whistles--like Flash, Javascript, and Java--enabled. It may not be practical to continue support for ancient browsers, say Netscape Navigator 4, because a user can be reasonably expected to keep their computer up-to-date. However, features like Javascript, Flash, and Java can be security holes in old or modern browsers, as well as being an annoyance.
Neither of my parents keep Javascript or Flash enabled because they've had too many experiences with them slowing down their already slow connection, crashing their browsers, or being more of an annoyance on sites that use it stupidly (which is a lot of them...) than a useful feature. It's just bad design if, for example, your form requires an AJAX call be made and you can't actually hit a submit button to send the form when Javascript is disabled.
My mother was recently quite frustrated to discover that she is now unable to click through eBay results pages because each one requires Javascript. The only way she can see the next page of results is to turn on Javascript or to show more results per page. Now what reason would there be for page links to require Javascript while the 'results per page' links are just plain links? They should all be plain old HTML links. Maybe Javascript could be used to add some whiz-bang to the navigation, but a user should not be punished with a bad interface for having Javascript disabled. It's stupid on eBay's part, and it causes undue hassle for their users.
I am one of those that uses 'No-Script.' And I can tell you that sites that use javascript and don't work without it enabled is extremely annoying, stackOverflow... No we don't expect it to be very fancy, if I upvote load a new page that says "Thank you."
We expect to be able to use the site with reasonable limitations, don't ever display a page that says JS must be enabled, though, even if the site is crap without it. And yes if your site convinces us to stay we will enable. A function that isn't in common use on the site can also require javascript.
Please note that your site should also look good with no JS or CSS, if nothing else it is good for Bots.
As others have pointed out some phones don't have JS, this is changing but another good reason to have reasonable non-JS. I suggest code with non-JS and add JS after the former works, there are good ways where JS can work with the non-JS layout.
It helps me in my implementations to think about it as "progressive enhancement" rather than graceful degradation. Degradation often leads you to figure out how to make it work w/o js after it is implemented, instead of making a baseline and enhancing with js.
It is essential to at least test your website is functional when JavaScript is turned off.
As orip says, degrading gracefully is very important. It should be vital that your page both looks nice and functions when JavaScript is disabled.
For a standard web site that is primarily intended for conveying information, degrade gracefully always.
For web applications:
When building a web application for a standard internet audience, I would keep the three following facts in mind:
95%-97% of potential users will have JavaScript enabled.
At times established users will need to access functionality when JavaScript is not available.
3%-5% of potential users will have JavaScript intentionally disabled.
Given fact one, if you believe that building a JavaScript reliant web application will deliver a superior user experience, then by all means do it. Doing so may help you accumulate users.
However, given fact two, you should always provide a means by which your users can access core functionality without JavaScript. Do you need to offer every single feature? Probably not. But a user should be able to get his or her work done. This will keep your users happy when they find themselves temporarily without JavaScript.
Given fact three, I would also provide an in depth tour as an attempt to entice these users to enable JavaScript.
As an aside, one of my most favorite web applications, Remember The Milk follows this approach. Also, Google's Calendar application is unusable without JavaScript. So JavaScript reliant web apps are on the rise and that trend is probably unstoppable. In my opinion this is a good thing.
(Do keep in mind that JavaScript make Accessbility a bigger problem than it is already. Please do make an effort to make your apps usable by those with disabilities.)
As said before, it depends on your target audience.
If I'm part of it, you want to make sure that your site works (if not ideally) on my phone, and that it gives me reason to turn Javascript on when I surf there with it off. Nobody expects full functionality with Javascript disabled, and anybody who uses their phone to access websites expects some issues, but you need to at least provide teasers. For a web store, make sure customers can see at least some merchandise anyway, even if they can't buy without Javascript.

How to detect (using .ASPX) if Javascript is enabled on browser

I'm thinking this might be a quick and easy way to lower the form spam on our site just a little bit. The idea being that (I have read) spammers aren't running with javascript enabled. (Or at least they are accessing your website without running javascript. I.e., they aren't browsing up to it in IE or FF.
I can use .asp or .aspx.
The simplest way is to set a cookie via javascript and check for it on postback.However, if you're looking to minimize spam you should actually have the browser perform a simple task which requires javascript execution. See Phil Haack's "Invisibile Captcha Validator" control, which has since been included in his Subkismet library: http://haacked.com/archive/2006/09/26/Lightweight_Invisible_CAPTCHA_Validator_Control.aspx
In .net, you can use Request.Browser.JavaScript to detect if the browser supports JavaScript. However, the user may still have Javascript disabled. An ugly way to check to see if Javascript is enabled, is to use window.location to redirect to page.aspx?jscript=true, and then check Request.Querystring for that value.
So, you want to force users to use JavaScript in order to use your site? I'd rather just use a simple Captcha. If you aren't a big-name site, you can get away with some relatively simple Captchas.
That's how we reduced spam at our site.
To be honest, you shouldn't need to use a server-side language to detect javascript, and furthermore spammers are not necessarily not running javascript. (sorry about the double-negative) Your objective is good, but your approach is wrong - implementing a CAPTCHA, as suggested by a few of our peers, would be a great way to handle this.
I see you've accepted the noscript answer, but how will you use this to fight spam? noscript will allow you to add special content for users without JS, but unless you're generating the rest of your site in JS, it will still be available to user agents without JS.
A captcha of some sort is still likely the best bet. Ultimately, you're trying to get the user agent to prove that it's being controlled by a human, so do your best to make it prove that actual fact, instead of something else. Screen readers for the visually impaired typically go without Javascript, too, and many people browsing from mobile devices have Javascript disabled to speed things up.

Categories

Resources