Strong opinions, weakly held

The NoScript lifestyle

It’s been about a week since irritation with various JavaScript-based advertising systems drove me to install the NoScript addon for Firefox. The nice thing about it is that you can whitelist any Web site temporarily or permanently, so it’s really easy to decide which sites to allow to use JavaScript. It has rapidly made me much more conscious of some bad Web development practices, and of just how much third party JavaScript you find on Web pages.

First things first: if you want to get rid of ads, blocking JavaScript and Flash is a great way to start. Some Web sites that I found almost completely unusable are transformed into lightweight, fast loading wonders. (College Football News, I’m looking at you.) These days, just about any Web site that’s been built to generate revenue by way of advertising is colonized with at least four or five kinds of obnoxious ad schemes. This is especially true of sites at the margins where every dollar counts. Using ad filtering makes me feel bad because I’m probably denying them some revenue, but the multi-pronged ad assault is too much to take any more. Having NoScript installed is a huge win for these kinds of sites.

NoScript ships with a whitelist of domains that use JavaScript and that you probably want to leave turned on, like google.com and yahoo.com. There are plenty of other domains that I’ve whitelisted as well. JavaScript is indispensable for some kinds of applications, and NoScript makes it easy to give sites permission to enable it. I’ve also noticed that many Web pages embed Flash movies in such a way that you have to turn on JavaScript in order to be able to view the movies. With NoScript, I find this to generally be a blessing, since if the Flash is incidental to the Web page, I can just use the site as though it’s not even there. If I need to view it, I can just enable JavaScript.

Finally there are those sites that don’t need JavaScript, but use it anyway. I have been shocked at the number of javascript: URLs I’ve seen, and not to launch DHTML effects, but just as regular links or to submit forms. Such URLs are great for Bookmarklets but using them on Web pages is an outdated practice. These days the state of the art is to not even assign event handlers in your HTML but rather to associate JavaScript functions with elements on your page inside your JavaScript code. (See Unobtrusive JavaScript for more.) Lots of sites still use the older practices, though. Last night I bought something from an online store with a checkout button that pointed to a javascript: URL. What are they thinking?

One thing’s for sure. If you are avoiding JavaScript entirely because you’re worried about people who have JavaScript turned off, you can stop. These days, the Web is a tough place to be if you don’t have the capability to enable JavaScript on many Web sites.


  1. what about javascript used as an email obfuscator? I use a small function on my sites, when I want a publicly available address which can’t be harvested. I haven’t found any other method so simple and effective.

  2. I agreee. I have long been frustrated by Firefox’s all or nothing policy on javascript. NoScript fits the bill perfectly.

Leave a Reply

Your email address will not be published.


© 2024 rc3.org

Theme by Anders NorenUp ↑