[thelist] Who really turns off JavaScript?

[VOLKAN ÖZÇELİK]

I sometimes need to turn the js off, when the site owners/developers
restrict my interaction with the page and name it "security".

Here is a recent example:

I signed in to a site to buy stuff, there was a textarea to fill in
some details, but the site did not allow me to copy and paste stuff
into it. Moreover I was not able to cut, drag move what I had written.
Because they had overridden the default mousemove and mousedown
actions (which on a textarea will help select some portion of the text
by dragging it you know)

Anyway, I was on my stubborn day and continued my attempts. I could do
it without a mouse, I thought. By selecting the text by using
shift-right arrow combinations from keyboard. But whooops: it was
disabled as well. I cannot tell how annoying it was.

So I had only one choice left: Turn the ducking javascript off!

After I was done with that form page, I turned it back on.

And after all those hassle, I composed an angry feed-back message to
the site's admin (which I had to enter in a god damn textarea again -
js enabled again), asking him whether they have ever "heard about" the
terms usability, accessibility and interface design.

That is one reason, to give a name, user-unaware silly sites.

And the second reason, errm, I am one of those "developers doing stuff
that normal
people don't."

And one third reason, related to the second one; I sometimes turn it
off to bypass so called "security" restrictions (no I'm not a hacker -
but examining security flaws is a piece of my work).

Cheers,
--
Volkan Ozcelik
+>Yep! I'm blogging! : http://www.volkanozcelik.com/volkanozcelik/blog/
+> My projects/studies/trials/errors : http://www.sarmal.com/


2005/11/4, Tom Dell'Aringa <pixelmech at yahoo.com>:
> --- Chris at globet.com wrote:
>
> Great points Chris..let me respond...
>
> > I do this for several reasons <snip>
>
> I hear you - although I would put that in the category of "developers doing stuff that normal
> people don't." I'm not saying I disregard the fact that you do it, though. And you don't do it all
> the time, you're doing it for a specific purpose (a purpose which makes sense too.) Again, I think
> most people in general terms are not even sure how to turn it off.
>
> > A website that relies so heavily on javascript that it breaks if javascript is turned off is not
> > accessible, therefore exposing its owners to potential financial liability.
>
> Oh, I certainly agree with the above statement. I don't want to give the impression that I think
> it's okay to go nuts because you think all, or a majority, of users have it turned off.
>
> > In your article you say "I'm no security expert..." but then proceed to make a judgement on
> > security issues.
>
> Hmm..true! Which is why I qualified myself as a non-expert first. It's partly why I'm trying to
> get more information on the issue. I guess I'm trying to figure out what is the real security
> issue - is it really JS or is it something else?
>
> > In addition you say "Sure, this is only one report from one web site for one
> > period of time. But it's a good sample." One report from one site for one period of time makes
> > the sample inherently almost without value; at least in statistical terms.
>
> Right, I didn't word that very well. It's not really ONE sample, it's really MILLIONS of samples.
> Every person that visited was a sample. Now granted, it is ONE website - so point taken. Each site
> has a particular audience.
>
> > I've read your posts
> > on this list for years and am aware that you're certainly no novice, so please don't take this
> > as a personal criticism. I am however a little surprised that you would appear to be arguing
> > against creating websites that do NOT rely upon javascript.
>
> But I am not arguing that point (and I never say that either). I'm really more curious about the
> number of people that actually do turn it off and here's the key - *how far* do we really need to
> go in providing alternatives. Case in point - DHTML menu systems. You better have some kind of
> alternative for that (personally, I don't like them and avoid them at all costs if I can). It
> depends on the usage. Some Ajax functionality is really great but it's an enhancement - take
> Google Suggest. You could still run your search, but you wouldn't get the suggestions.
>
> > I have personally found that one of the biggest security issues with javascript is that
> > dependency on it masks deeper security vulnerabilities within the application in question.
>
> Good point - which I guess shows why any organization should have a comprehensive security
> strategy in place.
>
> > I draw your attention to point 10 in the following essay:
> > <http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx>
>
> Good stuff. Thanks for weighing in Chris!
>
> Just a note to everyone - I am NOT advocating that we use JS without thinking it through. But JS
> has become an integral part of the web experience more than ever - so these things interest me
> (espeically since I love JS). And as someone pointed out on another list - turning off JS is a
> voluntary action - they are choosing to do so and that choice does come with consequences.
> Certainly it depends on what site you are on and if you are disabled or not - that choice might be
> "forced" on you if you are disabled - and that is the type of thing I'd like to know more about.
>
> Tom
>
>
> http://www.pixelmech.com/
>
> A man spoke frantically into the phone: "My wife is pregnant and her contractions are only two minutes apart"! "Is this her first child?" the doctor asked. "No, you idiot!" the man shouted. "This is her husband!"
>
> Q: What do you call a muddy chicken who crossed the road two times?
> A: A dirty double crosser...
>
> --
>
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>