h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

I often look at the source text for web sites -- especially big corporate sites, such as for the BBC -- since I'm just one of those people who looks at the source text of web sites, and the thing that infuriates more than anything else is the persistent and flagrant abuse of scripting languages.

By far the most common abuse is to achieve automated browser bigotry. That's heaping one crime upon another, that is. (Not only mugging and raping a woman, but mugging and raping a ninety-three year old blind nun who was collecting for charity.) There is no shame.

Another typical abuse is to enable a public web page to achieve a breach of security in whomsoever's browser is tawdry enough to permit such breaches.

And I can certainly vouch for having occasionally had the misfortune to land at a web page -- typically for a certain kind of 'adult' material -- which deliberately 'bombs' you with a deluge of pop-up windows that you cannot close. On at least one occasion I had to hard-reset the computer.

Having suffered these indignities, and being utterly unprotected by Microsoft Internet Explorer (versions up to 5.5 running on Windows 95), I now use either Opera or Mozilla, both of which provide a degree of protection. I have Java (Sun's 1.4.2) enabled; I can only hope its security problems have been sufficiently resolved.

I'd be interested to hear from anyone who can give an example of a web page (or site) which uses Javascript (or any other scripting language, or Java) for a truly useful purpose, especially if it is to do something that could not have reasonably been done any other way (e.g. using HTML 4 with CSS, or XML with XSL, or even SVG).

Mozilla gives me the option of disabling Javascript and Java. Should I? My most crucial use of the web is for SourceForge (and its evil spawn), but I enjoy visiting sites such as BBC news and H2G2. I also often use Tucows, Google (who doesn't?), and typical Internet shopping sites. I use a 'smile' (Co-Op) Internet bank account, and I have a Nationwide Internet bank account too, but I could live without either.

In general I don't think there is any need to switch of Java or JS, I do have my browser (mozilla) set to block requested pop-ups & to only accept cookies only from the same server as the webpage I'm looking at.

When I think there might be a problem I will use Opera which has Java support disabled and is set to accept only cookies I specifically authorise.

In extreme situations I will connect remotely by SSL to a another machine & use that machine to run a browser such Lynx/elinks/W3M remotely

set to block requested pop-ups = set to block unrequested pop-ups

just a point I know we all know, but for others reading this.

Mozilla can tune what can/can't be done with script as well. For such things as Raise, Moce Windows, Hide Status Bar etc. Just gives that little bit more control

CHawke

Yup, that's a really neat feature of Mozilla. I have it set so JS can't hide my status bar. I want to know where my links are taking me.

I'm hard pressed to think of an example of a site that uses Javascript for a practical purpose that cannot be achieved some other way. On the other hand, I can think of web sites that use Javascript for simple things like links (the script simply sets the current URL), virtually ensuring that their site design will have some compatibility problem for *absolutely* no reason. Turning Javascript off will be annoying because of that, but I don't see it as essential.

Java is different. The things you can do with Java are far more complex, and their are instances of applications that run within a browser window but do things that browsers could never do. Most of the time those are games, but if you browse academic sites you find scientific tools etc. Java is very useful. It's also far less annoying if you turn it off - when you come across these things you will know if you need to use them, so you will know if you need Java turned on or not. Don't need them? Turn it off, and no loss.

It's handy for "drop-down" menus, where otherwise the number of links required to be displayed would overwhelm the content of the pages. Yes, I know Eric Meyer has demonstrated a drop-down menu written entirely in CSS2. But thanks to the continued existence of abominations such as Netscape 4.x it's not so cross-browser compatible as a well-kludged Javascript version...

I remember I tried to buy something online once, and the programmer who decided how to write their 'Shopping Basket' script should be shamefully thrown out of his/her profession; Upon checking the credit card for validity, his/her script used Javascript, which led to five cards in total being rejected by the inferior, unreliable script; Cards that were perfectly valid and useable, and compatible with their system, it boasted -- they had a logo for the types of cards tried, showing they supported such cards. One of these cards were then used at Amazon, using a server-side card validity check, with no problems.

Javascript, I think, can only ever be used /well/, and in a professional manner, when it's used for small, unimportant tasks. I've managed to find a page that uses Javascript well, in fact - http://www.regexlib.com/RETester.aspx - They have an option to check a regular expression with Javascript; It saves checking it with ASP.NET

My bank's website (http://www.pcfinancial.ca/) uses a fairly clever JavaScript to pass date values from a calendar view into a web form when setting up money transfers and bill payments. I find it quite useful. This could reasonably be done server-side but that would just introduce server overhead - there's no advantage to making the calculation run on the server since the value would be returned to the client and then discarded.

I've also seen JavaScript used to generate MD5 hashes for creating (relatively) secure login forms over unencrypted connections.

Sorry I couldn't come up with an example that you could actually look at...

Interpreted Server Side languages are always best when dealing with passwords and the like, for me, though. I just have little faith in the security of JS.

I'd take SSL over JavaScript hashing any day but if you can't afford an SSL certificate, it's better than transmitting in plain text.

so use a "Self Signed Certificate" if you want to use SSL, I'd trust that more than JS for sensitive info (and use Interpreted Server Side languages for the rest (there is no excuse, if you look around you can even get this with free web hosting packages))

nb: what about browsers with little or no JS support? (or don't ya want such weirdos visiting your website/s?)
(posted using Lynx on a machine with no GUI )

http://happy.sdf-eu.org/temp/h2_links.jpg
h2g2 text only (this is an old shot the browser is links )

It doesn't make it much faster, though, does it?

surprisingly it do

Speaking of Text Only browsers, Opera has a 'Nostalgia' feature that simulates Lynx.

still not as fast as a good plain text browser though ...
(IMHO)
lynx superfast
w3m the best overall
links/elinks best for hootoo

nb: if you want to know who is to blame for the evil that is the gui try http://sloan.stanford.edu/MouseSite/1968Demo.html

"I'm hard pressed to think of an example of a site that uses Javascript for a practical purpose that cannot be achieved some other way."

Gmail?

TRiG.

Ah, well in January of 2004 I hadn't seen gmail yet.

Still, gmail mostly uses javascript to make things more elegant, the actual task can be done without javascript.

But I think there is one exception - rich text editors, like FCKeditor or the one in gmail. These need javascript, and you can't do the same thing without it. Not that you need "rich" text, I'm using Safari which does not support them yet but I can use gmail just fine.