Tutorial :Why is JavaScript considered bad by some? [closed]


Why is JavaScript allowed to be disabled in the browser? (i.e. Why is it considered bad?)


<body onload="for(i=0; i<1000000; i++){window.open(      'samplesite.com?pageid=' + i);}">  


Why is javascript allowed to be disabled in the browser? (i.e. Why is it considered bad?)

Because it can be grossly misused (blinking images, anyone?), may slow the browser down and of course there's always the (very justified!) fear of exploited security holes.


First of all with Javascript you can create events that the user might not want you to, like e.g. changing the size of the window...

On the other hand think about people who are somehow limited... What if your user was blind and uses a screenreader while your page continously changes its content somehow... There are many reasons against Javascript when it comes to accessibility...


Back in time, it used to be:

  • A source of annoying cursor-following animations (I am sure you remember stuff, like raining sheeps or clocks following your cursor... I want to find the smart*** who thought of that and slap them with a trout)
  • Considered insecure
  • Served no purpose but bog down the browser

However, over the years it has become more advanced and applied with more thinking behind it.


Historically it has been a huge security problem for web based services. Also with any technology that is exploitable and has a low technical barrier for entry it ends up the tool of the low brow trouble maker (script kiddies). Quick searches for javascript or xss in a security exploit database will show hundreds of pages of vulnerability.


JavaScript is often considered dangerous or at least annoying for two reasons:

  • Websites can suddenly do stuff that you don't want them to do, e.g. open popups
  • Websites can suddenly keep you from doing stuff that you want to do, e.g. disabling right-clicks

Now, in the vast majority of cases JavaScript is harmless and can really enhance the user experience (Ajax comes to mind). But all it takes is one malicious site that uses JavaScript to do evil (TM) things like Cross-site Scripting. For that reason it is commonly considered best practice to disable JavaScript globally and to allow it for just those sites or domains that you explicitly trust. In this day and age being paranoid on the Internet is actually a good thing.


It's a weakly-typed scripting language. Programmers who usually use "big strong" languages look down upon such nonsense. Shame on you for even considering using it, and my God have mercy on your soul.


It can cause security problems. Especially in old versions of IE (not so much anymore).

Or maybe it has something to do with Stallman's ranting ;-)


The main consideration is security. Drive-by downloads that exploit browser security holes via JavaScript are currently the most common way for malware to spread.


As well as what others have said it confuses search engines. The more 'dynamic' content you add the higher the chances it cannot be indexed. In addition the Internet is used by many as a reference library. Books in a real library do not change things around while you are reading the page. You may think of your site as an "application" but your users may prefer to treat it as a "document".

In short JavaScript obfuscates information, sometimes to the point of completely denying access (i.e., the JavaScript code is buggy and crashing). A classic example of this was that I was unable to watch the Live8 concert broadcast by AOL a few years back because the JavaScript code was so poorly written it didn't actually work on my girlfriends' AOL browser (ironic I know). I tried to get to the movie URL directly but the obfuscation was so complex I couldn't find it. It did nothing to endear me to AOL.

BTW, I happen to be one of those people who disable JavaScript by default. If I need it I can enable it for a specific site or page in 2 seconds (really) using the NoScript add-on for Firefox.


Some companies, or business units, have a policy of not allowing javascript turned on, as there are concerns about any risk of security exploits, and that may be the biggest problem, that since it can't be locked down securely then it must be disabled. If you can run javascript in a strict mode, that doesn't allow ajax requests, for example, then you may find that more people are willing to use it on computers that are concerned about security.

As long as a user can go to a website, and information can be sent transparently over the Internet regarding what a user is doing, then these security concerns will exist.

For example, I could have a Firefox plugin that appears to be useful, but, it can do possibly send unwanted info to a website.


Because it shifts load from the server to the client and there is no way to control to what extent.

I work with Javascript every day and respectfully acknowledge what it has made possible, but sometimes when I browse a very simple page, and the interface reacts lightning fast because there is nothing to render but pure, simple HTML, I think that that used to be the original purpose the purpose of the internet. You can, and I am exaggerating only little, browse these pages with a 600 MhZ Pentium with 128 megabytes of RAM without problems. While for a Javascript-heavy, effectful "rich" website, you need massive resources on the client side for a halfway smooth experience, and you need to update your equipent almost as often as gamers do.

Also, I generally feel some, not hostility, but slight annoyance towards Javascript because it massively increased development costs by adding a host of incompatible target platforms, version, obscurities and specialties to cater for, as well as a generally bug-prone, hard to debug and volatile environment to work in.

That said, I think the industry owes the creators of JQuery, Prototype and the likes big, big thanks, among many others.


JavaScript, as the inventor of JSON called it, is the virtual machine for the world. It's where billions of people are. This great exposure comes with some dangers other languages do not have to face.

Example. Write a site that just 'redirects' you to another site, where you can sign in. If you are not completely in control of your browser/URL etc. some JavaScript just could have loaded the page content from another site and will log your keystrokes. This could be achieved with a few lines of JavaScript. It's not really the fault (if it's a fault at all) of JavaScript, but all the components (browser, HTML, and this vast space, we call Internet).


Why is javascript allowed to be disabled in the browser? (i.e. Why is it considered bad?)

Because browsers are not prefect! And Its give you the way to safe yourself when you need it.

When security risk found out, they will just post in their home page

Please disable javascript until its fixed  

Like this, (I dont have offical page right now, so googled from somewhere)


However, until a fix is released, I recommend that you either disable JavaScript completely or use another browser.


There are a few rare instances where JavaScript can be dangerous (but so can anything, including the massively ubiquitous Flash). The reason users actually do disable it or use addons like NoScript is largely unjustified paranoia.

In the end, users don't stick with behavior that breaks the websites they want to experience. So, I wouldn't expect JavaScript paranoia to be a long-term issue as only more and more sites depend on it (like this one).

It's similar to the hype we saw around cookies several years ago.


It can crash the browser, or do annoying things to users.

However, now a days Javascript has become such an integrated part of the internet (Gmail, bill paying for many companies sites, ect) that if you did disable it then browsing could arguably be difficult for you unless you had exceptions.


JavaScript has some very "odd" language features, like the handling of missing semicolons at statement endings by just ignoring the parse error ("semicolon insertion") or the behaviour of the typeof operator (array is an object).

You really need to know the language to know which things you should do and which are bad.

But there are also really good points about the language, like that it fully supports functional programming.


It is bad only you visit questionable sites. Without javascript you won't have apps like gmail, yahoo finance, etc.


Why is JavaScript allowed to be disabled in the browser?

Perhaps because computers are tools that serve humans? Computers speaking to computers via a protocol can mandate specific behaviour. Developers writing software for users have no such luxury.

It would be pointless for browser vendors to mandate that JavaScript "must" be enabled, since there are plenty of people who can't or don't want it. Especially since 90% of the time it's just being used by some spotty hipster to animate a cat picture.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »