Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Firefox 23 Makes JavaScript Obligatory

samzenpus posted about a year ago | from the use-it-or-else dept.

Firefox 778

mikejuk writes "It seems that Firefox 23, currently in beta, has removed the option to disable JavaScript. Is this good for programmers and web apps? Why has Mozilla decided that this is the right thing to do? The simple answer is that there is a growing movement to reduce user options that can break applications. The idea is that if you provide lots of user options then users will click them in ways that aren't particularly logical. The result is that users break the browser and then complain that it is broken. For example, there are websites that not only don't work without JavaScript, but they fail in complex ways — ways that worry the end user. Hence, once you remove the disable JavaScript option Firefox suddenly works on a lot of websites. Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."

cancel ×

778 comments

Sorry! There are no comments related to the filter you selected.

why? (3, Interesting)

bdabautcb (1040566) | about a year ago | (#44156023)

Are there still security issues with having JS enabled?

Re:why? (5, Insightful)

Joce640k (829181) | about a year ago | (#44156109)

Maybe, maybe not ... but there's definitely a lot of privacy and distracting-advertising issues.

Re:why? (3, Insightful)

parkinglot777 (2563877) | about a year ago | (#44156183)

I doubt that there is no more security issue with JS (for now and not even talk about in the future). It may be a good time for me to use only Chrome for browsing, and use FF for developing web pages locally (for their easy-to-use Firebug add-on). Wikipedia (https://en.wikipedia.org/wiki/JavaScript) has some vulnerability issues for JS (may or may not be outdated by now).

Re:why? (0, Insightful)

Anonymous Coward | about a year ago | (#44156219)

uh, duh. do bears shit in the woods?

Re:why? (1)

Anonymous Coward | about a year ago | (#44156225)

Not in javascript itself though it is usually used as a tool to do exploits. There exists hacks that can exploit vulnerabilities in target hosts, but it's really their responsibility that their system has vulnerabilities. If they rely on users to disable javascript then their security is certainly borked and they will be exploited one way or another.

Disabling javascript is mostly used to mitigate annoying sites. But nowadays that stuff is largely click-thru pages and css popovers which might not require javascript. It's probably easiest to close those sites and find ur content elsewhere.

Re:why? (3, Informative)

khasim (1285) | about a year ago | (#44156261)

Are there still security issues with having JS enabled?

One of the main reasons I switched to Firefox in the beginning was because they seemed to understand that NOT doing something stupid was preferable to layers and layers of patches for the stupidity.

IE had ActiveX and such. It was stupid. It was a security issue. It was almost impossible to avoid.

Firefox avoided the entire security issue by allowing functionality to be disabled. While you cannot be 100% certain that XYZ feature had no security issues (or even that there were security issues) you knew that disabling it rendered the question moot.

If your site requires JavaScript or Flash or whatever then I can temporarily enable them just for your site if you can convince me that the risk is worth your content.

Re:why? (1)

jeffmeden (135043) | about a year ago | (#44156397)

Are there still security issues with having JS enabled?

One of the main reasons I switched to Firefox in the beginning was because they seemed to understand that NOT doing something stupid was preferable to layers and layers of patches for the stupidity.

IE had ActiveX and such. It was stupid. It was a security issue. It was almost impossible to avoid.

Firefox avoided the entire security issue by allowing functionality to be disabled. While you cannot be 100% certain that XYZ feature had no security issues (or even that there were security issues) you knew that disabling it rendered the question moot.

If your site requires JavaScript or Flash or whatever then I can temporarily enable them just for your site if you can convince me that the risk is worth your content.

What exactly was "stupid" about ActiveX aside from potential malicious code (either directly or via overflows) that was either enabled by default or presented to the user with a "just click yes so the website will work" style input box? Firefox "avoided" this by not implementing ActiveX but most or all of the functionality was recreated in Javascript, giving it basically the exact same level of "stupid" with the benefit of having learned from about 10 years of exploits.

That being said, I do see where the FireFox team is coming from and it is probably a good move, I just hope that the change is superficial (deleting the option in the config screen) and that NoScript continues to work the same fantastic, paranoid way it always has.

Re:why? (3, Insightful)

erroneus (253617) | about a year ago | (#44156669)

Indeed, the absense of NoScript is a security issue.

Re:why? (3, Insightful)

Culture20 (968837) | about a year ago | (#44156675)

What was stupid about ActiveX was that operating system updates back then required it (unless you wanted to download and install them all by hand), so you couldn't disable it once and for all.

Re:why? (1, Troll)

jones_supa (887896) | about a year ago | (#44156713)

ActiveX was actually smart in the way that it executed fast native code instead of slow interpreted Javascript.

Re:why? (1)

jellomizer (103300) | about a year ago | (#44156279)

Yes, but if you are that paranoid to live like you did last century, you really shouldn't be worrying about Javascript, as you are avoiding most of the web.
You might as well stick to an old version, it isn't like you are going to get a new feature anymore, that is useful.
Most of HTML5 features are Javascript dependent, so unless you are really that interested in Sites with CSS 3 without JS. You are really don't need anything new.

Re:why? (5, Informative)

Anonymous Coward | about a year ago | (#44156351)

Yes.

Javascript is supposed to be sandboxed in all modern browsers, but that doesn't make it perfect. All the serious vulnerabilities I've seen over the past few years exploited the sandbox, and therefore required javascript to work.

Also there is private information WITHIN the browser. Being inside the sandbox, that information is thus provided to websites.

For example:

Browser fingerprinting, using your installed fonts, screen resolution, etc. http://panopticlick.eff.org/ [eff.org]

Mouse pointer tracking with javascript: http://jsbin.com/ufupol/98 [jsbin.com]

Capturing information entered into forms and then deleted before submitting: various analytics tools

Here's a random analytics provider I found on Google (There were plenty of others):

We capture every mouse move, click, scroll and keystroke, by using a tiny piece of JavaScript copied into your website. The whole process is completely transparent to the end user, and has no noticeable effect on your site performance.

http://www.clicktale.com/products/mouse-tracking-suite/visitor-recordings [clicktale.com]

Re:why? (2, Insightful)

cdrudge (68377) | about a year ago | (#44156701)

Not to nitpick, but those are privacy issues, not security issues. They aren't mutually exclusive of each other, but they aren't the same either.

Re:why? (4, Insightful)

julesh (229690) | about a year ago | (#44156435)

Are there still security issues with having JS enabled?

Javascript is used by most malware installation systems. The typical route is that a trustworthy hacked site is modified to include a <script> tag with its source on the malware hosting domain. The resulting script will then use some mechanism to attempt to install malware, either simply dropping an executable download on the visitor and hoping they run it, or attempting to exploit either a browser or a browser plugin bug. Turn off javascript, and the exploit is never downloaded, so can't run.

There are also direct browser attacks that would require javascript to function, e.g. http://www.mozilla.org/security/announce/2013/mfsa2013-53.html [mozilla.org] or http://www.mozilla.org/security/announce/2013/mfsa2013-46.html [mozilla.org] (to pick a couple from the last month or two).

So, yes, your system is still less secure if you have JS enabled than if you don't.

Re:why? (3, Interesting)

Culture20 (968837) | about a year ago | (#44156639)

Are there still security issues with having JS enabled?

Even if Javascript is 100% secure, running in an airtight jail, it's still using up resources on my computer. Sometimes if you leave a JS page open overnight, it will be pegging one of your CPU cores in the morning.

Solution in extensions (5, Interesting)

Verteiron (224042) | about a year ago | (#44156041)

As long as it doesn't break Noscript, I'm ok with this. It really IS folly to try to use the modern web without any javascript at all, but with Noscript I can still pick and choose which sites are allowed to run it in my browser.

Re:Solution in extensions (3, Interesting)

h4rr4r (612664) | about a year ago | (#44156107)

How well do screen readers deal with javascript?

I am almost certain it is poorly, as we add more shiny and BS we reduce usability for a lot of folks. Well we actually reduce usability for everyone, but for some people usability goes to zero.

Re:Solution in extensions (1)

jockm (233372) | about a year ago | (#44156205)

Well if the JS is just manipulating the DOM (as is the most common case) it should be as good or bad as the average web page. If they are drawing their own UI on using the Canvas element (or SVG) — as is much less common — then it is a problem.

Re:Solution in extensions (1)

julesh (229690) | about a year ago | (#44156469)

Well if the JS is just manipulating the DOM (as is the most common case) it should be as good or bad as the average web page

Depends. A lot of sites seem to get built these days that assume the user has a way to trigger onmouseover events. This isn't necessarily true.

Re:Solution in extensions (0)

Anonymous Coward | about a year ago | (#44156295)

How well do screen readers deal with javascript?

Sorry, but it's the screen reader developers who need to keep up here, not the browser makers who need to stay behind. That's what ARIA [wikipedia.org] is for.

Re:Solution in extensions (1)

h4rr4r (612664) | about a year ago | (#44156371)

Probably, but I wish they would not have too.

This web2.0 stuff sucks. I want something to keep an all text web around.

Re:Solution in extensions (0)

Anonymous Coward | about a year ago | (#44156451)

Well we actually reduce usability for everyone

This is quite the exaggerated statement.

Re:Solution in extensions (1)

h4rr4r (612664) | about a year ago | (#44156523)

I guess, for stupid people maybe you are correct.

Re:Solution in extensions (5, Informative)

djl4570 (801529) | about a year ago | (#44156157)

I'm running FF23 beta on my personal system and NoScript is still working as before.

Re:Solution in extensions (5, Insightful)

girlintraining (1395911) | about a year ago | (#44156459)

I'm running FF23 beta on my personal system and NoScript is still working as before.

People seem to be forgetting that javascript can break a lot of accessibility readers. Everything about HTML, CSS, etc., was about separating content from layout. Javascript shits on that entire model, as does Java, ActiveX, and most other plugins.

Web developers should continue to create websites that don't require javascript, and we shouldn't be in such a hurry to move away from that. The promise of the internet was accessibility, the ability to freely share information, and to connect everything together.

This push towards app-ification of the internet, the W3C caving to DRM in HTML5... it's after the very heart and soul of the internet. The internet we built, as hackers, as creatives, as professors, academics, researchers, scientists... it's being gutted. And Firefox, the white horse of the "free" internet, in it's 11th hour of need, chooses this?

They should be ashamed.

Re:Solution in extensions (4, Funny)

dicobalt (1536225) | about a year ago | (#44156185)

If it breaks NoScript I'm going to get a shiny new pitchfork and then visit the people who decided to do this.

Agreed (1)

Giant Electronic Bra (1229876) | about a year ago | (#44156207)

There is ZERO chance I'm going to use a browser which doesn't allow me to default JS to being disabled. NoScript is also FAR advanced beyond other similar tools, so it would REALLY SUCK to have to use Chromium's lame equivalent, but I will if it is the only choice. At least in other respects Chromium is pretty good.

Re:Solution in extensions (3, Insightful)

Hatta (162192) | about a year ago | (#44156251)

The folly is in writing pages that cannot be viewed without javascript. If you want to run software, run it on your computer, not mine, because I don't trust your code.

And anyway, there's very little that actually uses javascript for anything useful. Most sites that are unusable without javascript could have easily been coded to be usable. Are drop down menus really so critical? If anything there needs to be more pushback against sites that don't degrade gracefully, not less.

Re:Solution in extensions (3, Interesting)

amicusNYCL (1538833) | about a year ago | (#44156589)

The folly is in writing pages that cannot be viewed without javascript.

The folly is assuming that the internet is still all "web pages" instead of applications. There are plenty of useful web applications around, and I develop one of them. There isn't a non-Javascript alternative to it, it has around 1.5MB of (unminified) Javascript code written by us (plus about the same for third-party frameworks) and relies on maybe a total of 4 actual HTML pages (index, a dedicated non-JS login form, and 2 content launchers), which usually do nothing except load various Javascript interfaces. This is a software-as-a-service platform, we develop and host the software and other companies and organizations pay us to set up an installation for them to use (and us to maintain).

If you want to run software, run it on your computer, not mine

You're the one using the interface, you execute it. I'm happy to execute all of the actual logic for the application on the server, but your browser is more than capable of rendering the interface. Even IE6 could handle this thing (slowly).

And anyway, there's very little that actually uses javascript for anything useful.

I hear that sentiment periodically. It's complete bullshit. Google's services are the obvious screaming example of useful Javascript. Hell, Google's push for faster Javascript in Chrome, which bled over to the other browsers after they got left in the dust by V8, is the reason why browsers are so fast with Javascript today. A prime example of Javascript making a site more usable is Facebook, regardless of your personal opinion of social networks in general or Facebook's corporate policies. Imagine if every time someone clicked the Like button, the entire page reloaded. That's obviously not usable. There are plenty of sites and applications that interact with users in similar ways (small individual actions on a much larger interface) where it would be stupid to not use Javascript to keep the data transfer and response times to a minimum.

Re:Solution in extensions (0)

Anonymous Coward | about a year ago | (#44156273)

I do about half of my browsing with javascript disabled. Why? Because it's much snappier. What am I missing? Nothing, because out of simple experience, I already know how each website I use behaves with it turned off.

For example, the only useful thing javascript gives me on slashdot is the ability to "open" hidden posts directly within the thread. Everything else is useless to me, and for that reason, I browse slashdot with javascript turned off except in the case of a more interesting discussion.

I basically use javascript "as necessary", with my default being "off". If firefox makes it impossible to do this, I will simply stop upgrading.

Re:Solution in extensions (1)

jeffmeden (135043) | about a year ago | (#44156533)

I do about half of my browsing with javascript disabled. Why? Because it's much snappier. What am I missing? Nothing, because out of simple experience, I already know how each website I use behaves with it turned off.

For example, the only useful thing javascript gives me on slashdot is the ability to "open" hidden posts directly within the thread. Everything else is useless to me, and for that reason, I browse slashdot with javascript turned off except in the case of a more interesting discussion.

I basically use javascript "as necessary", with my default being "off". If firefox makes it impossible to do this, I will simply stop upgrading.

I used to leave Javascript off by default (with noscript). About the 5th time that I spent 10 minutes filling in an eCommerce form only to find out that it had an external script dependency that was blocked and required me to reload the whole page with scripts enabled and hence fill it out all over again, i threw a brick at my monitor out of rage. Now, I just shop at the mall.

Re:Solution in extensions (0)

Anonymous Coward | about a year ago | (#44156677)

Yes, online shopping and other forms-type stuff is typically programmed to require javascript, and too important to take chances with. No problem, I can make exceptions, and I do. Again, I use javascript as necessary, and when I deem it unnecessary, there's no reason not to turn it off.

Noscript is useless (2)

edxwelch (600979) | about a year ago | (#44156355)

This is how viewing the web with noscript works out in the real world:
1) webpage does display properly
-> make exception to allow scripts on this site
2) webpage still does display properly, because it needs scripts from a second domain
-> make exception to allow scripts on the second domain
3) webpage still does display properly, because the scripts from the second domain load scripts from a third domain
-> make exception to allow scripts from the third domain ....
49) ... finally the web page loads properly ... now repeat all 49 steps for every web site that you go to

Re:Noscript is useless (2)

doom (14564) | about a year ago | (#44156481)

Noscript has an "allow all scripts on this page" feature you can use when you're desperate to use a heavily web 2.0 (I always think "web patooey", but maybe that's just me).

Using a Noscript-enabled browser is useful for letting you know what a webpage is actually doing. If there's dozens of required dependencies I'll often just go somewhere else.

Re:Noscript is useless (1)

echolocate (82673) | about a year ago | (#44156483)

And I for one and happy to do this each time, so I know what I'm loading and what I'm preventing.
- I know not everyone is like this
- I'm glad that I can

Re:Noscript is useless (1)

aliquis (678370) | about a year ago | (#44156487)

You obviously mean doesn't.

But yeah.

For instance try with www.marketwatch.com charts and comment fields.

Re:Noscript is useless (1)

jetkust (596906) | about a year ago | (#44156575)

Step 49 took you back to step 1. I think you're doing it wrong.

Re:Solution in extensions (0)

Anonymous Coward | about a year ago | (#44156369)

I'm disappointed they didn't take the smart way and implement NoScript directly into the browser. Yes, leave it on for the common user as a default. God knows, defaults become standards. And if they make it a default to disable JavaScript on 3rd party sites only, most of the web will still work without a glitch.

I can see this decision being based on the number of complaints about people who disable JavaScript when they are actually trying to disable the Java Plugin, which has been the target of so many exploits over the past year. With regards to the Java Plugin, Safari is the only browser to make this right by disabling the Java Pluting automatically if you don't use for X number of days, and giving the explicit option to turn it back on when it's finally needed.

Re:Solution in extensions (0)

Anonymous Coward | about a year ago | (#44156413)

Actually, you can get by fine without any javascript (or java, btw) at all. I've been doing just that for years. Now I have to run yet another damn plug-in because the Firefox team wants to redesign their browser solely for dumb people.

Re:Solution in extensions (2)

jeffmeden (135043) | about a year ago | (#44156479)

As long as it doesn't break Noscript, I'm ok with this. It really IS folly to try to use the modern web without any javascript at all, but with Noscript I can still pick and choose which sites are allowed to run it in my browser.

The one thing that NoScript is missing is the option to say "if the site imports scripts from fewer than X domains, just run them all". That would smooth the process out quite a bit. Sites that import from 25 different domains just for the privilege of taking over my monitor to display ads don't even deserve the CPU cycles that Adblock Plus will spend on them.

hands in your pockets (2)

epine (68316) | about a year ago | (#44156553)

Glenn Gould used to take a lot of flack for refusing to shake people's hands even though we all know that you can't go through life refusing to shake hands. Perhaps he had a good reason?

Even if you're less of a sociopathic hypochondriac than Glenn Gould, there's still an issue concerning how automatically one reaches out. I'm a little more hesitant to offer my mitt to a vagrant person who's just popped out a discrete alleyway with flecks of an old newspaper stuck to their shoe. Colour me paranoid. And yet the default on the web is to arrive on every web page in full embrace, even the typosquatters with old newspaper stuck to their shoes.

On my FF I have things pretty locked down. If on first impression I haven't teleported into the worst bathroom in all of Scotland, I'm pretty quick to enable first party cookies. Tracking cookies from the social media paparazzi, not so quickly.

When I get a site coded to misbehave at the first whiff of the end user exercising prudence or discretion, I switch the URL into Chrome where I have practically nothing locked down and visit nowhere important and where the social media paparazzi will observe my click trail as an infrequent user engaged who exclusively visits the wrong side of town, but never never pulls his hands out of his pockets to engage the temptations.

What's in your wallet? [youtube.com]

NoScript (1, Interesting)

Anonymous Coward | about a year ago | (#44156065)

Does this break noscript functionality as well? That would be massively unappealing.

Re:NoScript (1)

plover (150551) | about a year ago | (#44156179)

Does this break noscript functionality as well? That would be massively unappealing.

No. NoScript is a plug-in that refuses to load undesirable JavaScript references. They are stopped before they get into your browser.

Re:NoScript (1)

julesh (229690) | about a year ago | (#44156497)

Does this break noscript functionality as well? That would be massively unappealing.

No. NoScript is a plug-in that refuses to load undesirable JavaScript references. They are stopped before they get into your browser.

The mechanism you describe wouldn't work against inline javascript, so I must conclude that this is not how NoScript actually works.

Let's dumb it down for everyone (3, Insightful)

h4rr4r (612664) | about a year ago | (#44156079)

Why is this a thing?
Why must we dumb down everything?

Re:Let's dumb it down for everyone (0)

Anonymous Coward | about a year ago | (#44156143)

Apple.

Re:Let's dumb it down for everyone (1)

Anonymous Coward | about a year ago | (#44156173)

Everyone are dumb

Re:Let's dumb it down for everyone (0)

Anonymous Coward | about a year ago | (#44156221)

Why is this a thing?
Why must we dumb down everything?

Don't ask me, especially since one would automatically assume a user IQ of at least 100 to download and install a browser to get away from the default one, which is truly idiot-proof.

Re:Let's dumb it down for everyone (0)

Anonymous Coward | about a year ago | (#44156339)

Don't ask me, especially since one would automatically assume a user IQ of at least 100 to download and install a browser to get away from the default one...

You're forgetting all the /. folk who do this for their retarded relatives...

Re:Let's dumb it down for everyone (0)

Anonymous Coward | about a year ago | (#44156223)

Bad coders which are unable to support the various little configuration options properly anymore.

Simple != Dumb (5, Insightful)

sjbe (173966) | about a year ago | (#44156233)

Why must we dumb down everything?

More like simplifying. Everything should be made as simple as possible but no simpler. Why have a menu option that never gets used? That is pretty much the definition of pointless. I'm pretty geeky and like to tinker with things but a menu option that never ever gets used is wasteful.

I cannot remember the last time I disabled Javascript and I'm pretty confident that somewhere north of 99.9% of users never disable it either. Much of the modern web would be useless without Javascript. So long as there remains a method (extension, etc) to disable it if desired (ala NoScript) I really don't see the big deal.

Re:Simple != Dumb (1)

h4rr4r (612664) | about a year ago | (#44156269)

I turn it off all the time.
I am sure 99.9% of folks don't even know what javascript is, why should I care?

Re:Simple != Dumb (1)

Anonymous Coward | about a year ago | (#44156519)

Because 0.1% shouldn't drive features that predominantly break stuff. As sjbe was saying, that's what plugins are for.

Re:Simple != Dumb (3, Insightful)

Anonymous Coward | about a year ago | (#44156345)

Just because you don't use that options doesn't nobody else does. And im pretty confident that that 99.9% figure of yours is wrong, i myself and other people have disabled javascript explicitly and as shocking as it may sound, most sites do NOT need javascript to function properly, and most of those who do are not worth it.

Re:Let's dumb it down for everyone (1)

justplainchips (589349) | about a year ago | (#44156257)

Why is this a thing? Why must we dumb down everything?

Because Steve Jobs proved you could make a lot of money doing it.

Re:Let's dumb it down for everyone (1)

yotto (590067) | about a year ago | (#44156377)

Why is this a thing?
Why must we dumb down everything?

Because if you don't, a significant number of "dumb" people will complain loudly that your program "sucks" because it "broke the Internet" on their computer, and slowly the world's view of your software will degrade. It doesn't matter to 95% of the world WHY that web page worked in IE but didn't work in Firefox. All they care about is seeing pictures of their nephew's cat.

So long as NoScript and AdBlock work, this decision will not affect me or any other person savvy enough to care, unless there is a large contingent of people for whom NoScript won't fulfill their needs.*

*I'm not discounting this possibility, but I've never heard of it.

Advanced options for advanced users (0)

Anonymous Coward | about a year ago | (#44156421)

Why is this a thing?
Why must we dumb down everything?

I will never understand why putting advanced-user options in places where only advanced users will go counts as "dumbing down." You're a genius hacker who knows exactly what you want, right? Why do you need a preference GUI to expose each and every little thing? What do you need a preference GUI for at all?

"Oh, noes, I have to edit a config file/add a command flag/read the Help file before I can use this feature! Why am I being handcuffed and forced into this walled garden!"

Re:Let's dumb it down for everyone (2)

jellomizer (103300) | about a year ago | (#44156423)

Ah the "Dumbing Down Excuse" which is akin to the Intentionally Make it more difficult preference.
Making something easier to use isn't always dumbing it down. For Disabling Javascript (Not just blocking some of it), it is a feature that most people will no longer, if they do they intentionally put themselves in a disadvantage.

 

A Question (-1)

Anonymous Coward | about a year ago | (#44156105)

Do people still care about wannabe Chrome?

Javascript can still be disabled (5, Informative)

Anonymous Coward | about a year ago | (#44156115)

They just removed the easy way to turn it off to prevent simple mistakes. You can still turn it off behind about:config or with extensions for those that need it.

Re:Javascript can still be disabled (0)

kthreadd (1558445) | about a year ago | (#44156135)

The major problem is that they turn it on EVEN if you have explicitly turned it off.

The option is not removed. (5, Informative)

Anonymous Coward | about a year ago | (#44156129)

(atleast in nightly) Its just hidden, you can still enable/disable javascript in the about:config menu and addons like noscript still work.

Web sites that require java script are broken (-1)

silas_moeckel (234313) | about a year ago | (#44156141)

Same goes for flash or random extensions. Pretty much if you can not use you site with links it's broken.

Re:Web sites that require java script are broken (2)

jockm (233372) | about a year ago | (#44156265)

Well wait, what do you mean by "web site"? If you just mean a page that you visit on the net to primarily read text (possibly with images) then I agree with you. If you are talking about a webapp (which also qualifies under the term "web site"), then you are wrong. Google Docs, amongst so many others, simply couldn't operate without JavaScript enabled

Re:Web sites that require java script are broken (0)

Anonymous Coward | about a year ago | (#44156301)

Thank you for your sanity.

Graceful degradation (1)

Valdrax (32670) | about a year ago | (#44156383)

Any web developer worth his pay should already be coding with graceful degradation in mind. CSS and Javascript should fail gracefully on less capable (or deliberately secured) browsers. Failure to do so may leave people with very minimal browsers, like the deafblind, unable to use a site. It also shuts out people with older browsers, and the days of "This site best viewed in Internet Explorer 6 at a resolution of 1440 x 800" are best left buried and gone.

Re:Web sites that require java script are broken (0)

Anonymous Coward | about a year ago | (#44156447)

Web sites that require JS/Flash/Unity/etc are "Web Applications" ...the word "site" doesn't even seem to apply, seeing as often the different resources will be hosted in different places, the only "site" in cyberspace where they come together is actually on the user's machine, so it's not a place where you can go (like the word "site" implies) but a synergistic experience assembled by your browser (and any external plugins such as Flash or Unity) just for you. Do you consider CD players that don't have a tape deck to be "broken" as well?

Is the option completely removed? (0)

Anonymous Coward | about a year ago | (#44156169)

I'm assuming this means just that the option is removed from the Options panel, but is still available through about:config? Or at the very least extensions like NoScript still work? If so, this doesn't seem like a big issue, but it's not clear from the article.

Does anyone (-1)

Anonymous Coward | about a year ago | (#44156175)

still uses this fat slow bugged crap?

This is a broken idea (0)

Anonymous Coward | about a year ago | (#44156177)

There are a lot of programmers who apparently believe in no security then.

Javascript has really never been a smart idea (at least as implemented), and unconditionally allowing it is stupid.

I have long felt it should just not be possible. Currently the only web-browsers I run with JS enabled are in an isolated virtual machine

Re:This is a broken idea (0)

Anonymous Coward | about a year ago | (#44156363)

Currently the only web-browsers I run with JS enabled are in an isolated virtual machine

I don't see why there would be need to do so.

If true then no reason to use Firefox (1, Insightful)

Spy Handler (822350) | about a year ago | (#44156189)

I still use Firefox over Chrome because it has a much better array of options and is more customizable than Chrome. Even though Chrome is faster, has better updates, can save to PDF, comes with popular plugins built in as opposed to having to download them separately, etc etc.

Firefox devs please get a clue. Apple and Google need to reduce options because they have to appeal to the clueless masses. You do not. You cannot go toe to toe with the big guys by trying to be exactly like them.

Re:If true then no reason to use Firefox (0)

Anonymous Coward | about a year ago | (#44156517)

Actually, they do. There are a larger number of Firefox users who are non-technical then ones who are technical. Besides, if you'd bothered to research this, you'd know that they're just removing the easy way to disable Javascript for a non-tech user, so quit your uninformed whining and continue enjoying your browser.

Re:If true then no reason to use Firefox (0)

Intrepid imaginaut (1970940) | about a year ago | (#44156695)

Even though Chrome is faster

Hahaha hahaaaa... ahahaha!!

This is what Apple does. (1)

raque (457836) | about a year ago | (#44156231)

Apple has been removing options for users for years. The first versions of OSX were close to linux in the number of things you could do, these days I forget it's a Unix variant. Macs are what Steve, or these days Jon, thinks is good for you. That seems high handed until you think if you buy a Ralph Lauren suit your getting what Ralph thought was good for you. That being said, the number of times I went to the rescue of some noob who what whining that his Mac version 10.5 or earlier was broken and sat there and went WTF??!! I'd be able to buy a new Mac. As Apple has steady *not* let people think for themselves things have gotten stabler and stabler.

Re:This is what Apple does. (0)

Anonymous Coward | about a year ago | (#44156409)

Amen to that. Want to keep your Macbook on when you close the lid rather than it going to sleep? Expect to be able to find that option in Power Settings or whatever? Wrong! Apple have decided that All Macbooks Must Sleep when the lid is closed, and if you want it to function in any other way, you're just doing it wrong.

I view this as a good thing (0)

Anonymous Coward | about a year ago | (#44156259)

Websites are composed of three things: html, css, and javascript.

It is impossible to make anything that is not static without these three things, and it is clear that people don't want static pages. I'm all for security to block malicious scripts from running, but the expectation that web should be dynamic is strongly a majority opinion at this point, and really should be the default.

Things should *just* work. The internet included.

Re:I view this as a good thing (3, Insightful)

Phreakiture (547094) | about a year ago | (#44156367)

I would be with you 100% if I felt that the Internet at large could be trusted. It can not.

Re:I view this as a good thing (0)

Anonymous Coward | about a year ago | (#44156637)

But why do most sites believe allowing javascript from 10+ other domains must be necessary to actually view their site properly?

Idiots (1)

Giant Electronic Bra (1229876) | about a year ago | (#44156267)

"Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."

Such people should be fired out of hand. I mean sure, if you're creating some specific UI for a web based application then 'no fallback' is acceptable, you just can't get anything like the same functionality. I sell software which falls into this category, but it would be utterly useless without JS. OTOH the idiots who can't put up a plain old web site without insisting we all have to enable JS on it so they can make a cute rollover on a link or something stupid are just retarded and should resign.

Do you know what this is? (0)

Anonymous Coward | about a year ago | (#44156277)

This is reason 27 why we shouldn't be using the web browser as a general application GUI. This whole movement to do everything in the browser is leading to stupid and insecure "applications".

I turn JS off on occasion.. (1)

Dputiger (561114) | about a year ago | (#44156291)

To get around really annoying types of ads that mandate that you sign up / sign in for a service. If I wanted to sign up for your website, I'd do it. Attempting to force me to do so for the sake of gathering better target data isn't interesting to me. Trying to force me to do so with giant ads, even less so.

There will be other ways to temporarily disable JS, so I'm not too worried about FF removing the chekc box. But it's annoying.

Please enjoy your drive-by infections (3, Insightful)

Anonymous Coward | about a year ago | (#44156305)

Ad networks are compromised all the time. Ads are the primary users of javascript. Coincidence?

Who gives a shit if websites break when java or javascript are turned off. I turn that shit off as much as possible, I use NoScript becuase I despise the fact that no matter how careful I am, no matter how up to date I run my antivirus, my browser, and my JRE, I can STILL get a goddamned drive by infection if I allow javascript to run unchecked.

No, Blowzilla, the problem is NOT with users clicking things they have no idea about, the problem here is JAVASCRIPT. Its just another ActiveX, its just another virus vector. It needs to be eliminated from use entirely. It SHOULD ask permission to run by default. That way websites can at least put in a message "To see video you need to say Yes to this." "To read this article you need to say yes to this." and the ad networks can start working around things by going BACK to gifs and static ads and links instead of crap that blares through my speakers about shit I do not care about (seriously, is everyone coming to Slashdot a big corporate IT manager in charge of buying new server racks? IBM and others seem to think so) while using fast-moving images (hey just like the BLINK tag but with pictures!) to try and distract me from...the CONTENT.

Seriously, this is a retarded move, thank you Mozilla for INCREASING the number of infected machines on the web. I am sure the Russians and other blackhat collectives thank you.

Morons.

HTML (0)

Anonymous Coward | about a year ago | (#44156325)

Am I the only person who still tries to write pure HTML websites where possible?

I'm not a professional web designer but I do commission websites for small businesses. Where it warrants i'll use a CMS, php and javascript. There are still a lot of small business sites that just don't need any of it, so I don't use it.

Really, they should make it easier to do (4, Interesting)

doom (14564) | about a year ago | (#44156347)

Personally, what *I've* always wanted is a way to turn JS on and off that's more easily accessible. I often want it off, to try to get more consistent behavior (whizzy JS crap is often completely non-standard and confusing), but every now and then I need to flip it on to see if the apparent breakage is because some lazy programmer didn't feel like thinking about how things degrade.

But Mozilla seems determined to alienate users like myself, so this current bonehead move is hardly a surprise.

And yes, many "modern" web sites these days seem to require javascript-- thanks to google who made it ultra-cool and groovy.

Re:Really, they should make it easier to do (2)

crazy_monkey (708922) | about a year ago | (#44156563)

I've been using this for awhile now, works as advertised:
JS Switch [mozilla.org]

Thanks for the headsup (1)

norite (552330) | about a year ago | (#44156349)

I'll be sure to skip this 'update'

about:config (0)

Anonymous Coward | about a year ago | (#44156395)

No need to sweat, people. I'm guessing, they are removing the checkbox from the UI, but the option will still be available for advanced users under about:config.

All your bandwidth and CPU cycles are us. (1)

Anonymous Coward | about a year ago | (#44156427)

"Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."

Tell some of these lazy, arrogant assholes to send me a cut of their paycheck for being forced to waste MY resources and PRECIOUS TIME OUT OF MY LIFE waiting for their mercenary, invasive twaddle to execute in my browser.

No, it doesn't (1, Informative)

dsinc (319470) | about a year ago | (#44156489)

It only eliminates the GUI option for disabling javascript. The javascript.enabled flag is still there, in about:config

Hasn't this ship sailed? (3, Interesting)

Alternate Interior (725192) | about a year ago | (#44156499)

I'm a web developer and have taken JS & CSS for common for years and years now. Spent about 6y working at a small local web design shop and it just wasn't feasible to double contract amounts to make sites work without JS.

That said, there's no reason to require JS if it can be done without. Lots of page book-keeping, like menus, active page indicators, etc, can be done with CSS. Some stuff, like Amazon's polygonal focus on subnav can degrade nicely. Fantastic. But I'm not going to build an Ajax-y interface AND a static HTML interface (for free) to coddle people with nothing more than a distrust of JavaScript.

turning javascript off is important (0)

Anonymous Coward | about a year ago | (#44156513)

It is important for any developer wanting to see how a page reacts when javascript is disabled...

Privacy and security issues (0)

Anonymous Coward | about a year ago | (#44156539)

I'm so afraid of being violated from behind in the web that I browse it with JS, CSS and images disabled!

It's the browser makers and the web developers fault that I can only browse 0,01% of the web!!!

PLEASE FIX!

I miss progressive enhancement (5, Interesting)

Kethinov (636034) | about a year ago | (#44156559)

I miss the days when web developers still gave a shit about progressive enhancement.

I miss the days when you couldn't be considered a real web developer unless you could make a CSS Zen Garden (http://www.csszengarden.com) skin without cheating by changing the markup or using JS.

I miss the days when you were only considered a good web web developer if your site was usable with both JS and CSS disabled because you used semantic HTML.

I miss the days when accessibility still mattered.

I miss the days when writing semantic HTML, enhancing it with CSS, and enhancing it further with JS was considered the best practice, rather than starting with just JS and an empty body tag as is so common today.

I miss the days before the now popular false dichotomy of thinking that progressive enhancement is extra work was popular among web developers.

I love that the web can do more now and compete with native apps better. But I hate that web developers are so quick to unnecessarily abandon progressive enhancement in the process when that's what made the web great to begin with.

Can't be good. (0)

Anonymous Coward | about a year ago | (#44156599)

This can't be good. From a developer standpoint, who actually understands what succeeds on the web, Javascript is NOT essential. I've developed websites that earn millions in revenue, and have high conversion rates... with very little Javascript!

Making it mandatory only opens the holes for maliciousness. Kind of like, I dunno, a certain Detriment Explorer.

Should focus on protecting users (1)

mounthood (993037) | about a year ago | (#44156645)

Firefox would do better to spend more time focused on protecting users, rather than limiting options to what they think is less confusing. Lots of bad things use JS and ordinary people have few options to protect themselves... disabling JS is one of the best. Advertising, tracking, right-click "protection", and just poorly written websites are a real issue for users, and often times disabling JS actually works.

Extensions are fine and all, but built-in Options are more important (always available, easily discoverable, safe to experiment with) and disabling JS should be there.

Well (1)

The Cat (19816) | about a year ago | (#44156665)

We'll disable it anyway.

Javascript is the cat shit to HTML's dog shit.

Transfer profile (1)

Fuzzums (250400) | about a year ago | (#44156673)

Are there tools available to export your FireFox profile to other browers?
Naturally IE is not an option.

What other browser would you recommend?

Hey, I'm not worried! (1, Funny)

Bearhouse (1034238) | about a year ago | (#44156685)

Followed the advice of some kind folks here, updated my HOSTS file, and use IE with BING exclusively!!!
Also installed the latest Oracle Java with that helpful toolbar thing, it's AWESOME!!!

Nothing to worry about, rite???

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>