On the Responsibility That Comes With Good JavaScript Support

Post from March 26, 2020 (↻ May 10, 2023), filed under Web Development (feed).

According to the data we have, the classic idea of making sure websites and apps work—function and display acceptably—without JavaScript being enabled is dead. (How we would arrive at this conclusion I explained in more detail in “Must Work Without JavaScript” as well as in colspan=15 of my German column for heise Developer.)

When we look only at support requirements for web developers, this was the end of the story: JavaScript is supported almost everywhere, pretty much no one can’t or doesn’t run it, no need to do extra work for when it’s disabled, fin. It’s not, however, when we employ a broader look at JavaScript and its misuses.

JavaScript Abuse and Its Consequences

Prior reasoning led to doubt whether sites and apps would truly not need to work without JavaScript anymore. (I love feedback, but you help me and other authors by sharing it clearly and constructively. I like to take your thoughts seriously and if it’s just anger it makes it difficult to respond, let alone learn from each other.)

The responses showed that there is great concern about how JavaScript is being used, with issues going from security to privacy to accessibility to performance. This concern about how JavaScript was employed led to the following kind of argument:

P

There are many problems with how JavaScript is being used.

C

Therefore, it’s important that JavaScript can be disabled.

This argument is understandable. Alas, it’s not a very good argument because the conclusion doesn’t follow from the premise. It’s equally “logical” to come up with this one (which matches how I had silently treated the matter):

P

There are many problems with how JavaScript is being used.

C

Therefore, it’s important to use JavaScript more responsibly.

As you can tell, this perspective, drawing a different conclusion, shifts responsibility and gives the option to assert that JavaScript support is strong enough not to warrant a demand to have sites and apps work without it. It’s not in the premise where we had found disagreement, but in the different “conclusions.”

The second argument does indeed not say that JavaScript quality, security, privacy, accessibility, or performance were unimportant or irrelevant, simply because it’s possible to assume JavaScript support. Seeing that in the argument put forth in “Must Work Without JavaScript” is much like this precious fallacy:

P

The winger didn’t make an assist.

C

Therefore, he took over the captain’s armband.

Now, all this logical fooling around builds up to a point:

There are many problems with how JavaScript is being used, and it’s important to use JavaScript more responsibly.

Responsible JavaScript

What does that mean?

On a high level, in my mind, the following:

• Security: JavaScript should be used in a secure manner.
• Privacy: JavaScript should be used in a manner respectful of users’ privacy.
• Accessibility: JavaScript should be used in a way that is accessible.
• Performance: JavaScript should be used as to be fast.

What does this mean specifically?

A detailed treatise is not the point of this article, but pointers may be found here:

• Secure JavaScript:
  • JavaScript Security Best Practices
  • DOM-Based XSS Prevention Cheat Sheet
  • Building Secure JavaScript Applications
• Respectful JavaScript:
  • Implementing Private and Protected Members in JavaScript
• Accessible JavaScript:
  • How to Write Accessible JavaScript
  • CSS and JavaScript Accessibility Best Practices
  • Practical JavaScript Accessibility
• Fast JavaScript:
  • 25 Techniques for JavaScript Performance Optimization
  • 20 Best Practices for Improving JavaScript Performance
  • Optimize JavaScript Execution
  • JavaScript Start-Up Performance
  • 11 Tips to Optimize JavaScript and Improve Website Loading and Rendering Speeds

When this is all given, I’m convinced that there be fewer concerns around not providing no-JavaScript fallbacks, because fewer people would feel pushed to disable JavaScript.

What site owners, developers, and users prioritize and decide to do, and when, that’s a different story, however. Different levels of craftsmanship and different user needs will probably accompany us for forever. Yet even irresponsible JavaScript does not mean that JavaScript support cannot, or must not, be assumed. Sites and apps must really not “work without JavaScript.” But they, and we, really should use JavaScript more responsibly.

Many thanks to Hannes Schluchtmann for reviewing this post.

About Me

I’m Jens, and I’m an engineering lead and author. I’ve worked as a technical lead for Google, I’m close to W3C and WHATWG, and I write and review books for O’Reilly. I love trying things, sometimes including philosophy, art, and adventure. Here on meiert.com I share some of my views and experiences.

If you have a question or suggestion about what I write, please leave a comment (if available) or a message. Thank you!