Grow your CSS skills. Land your dream job.

Dude, you browse with JavaScript on?

Published by Chris Coyier

Dude, you browse with JavaScript on?

Uhm, yeah, why wouldn't I?

It's totally insecure. Hackers could destroy your computer.

Hackers? What is this 1995? And, no they can't.

They can definitely steal information about you without you knowing.

Like what?

Like you're address book information or your browsing history, depending on your browser and settings.

So if I were to visit some dark corner of the internet where people ran malicious scripts like this, people might be able to capture that my name is Bob and I live at 123 Maple Drive Mayberry, NC? And that sometimes I look at boobs at The Daily Niner?


But I don't use autofill on my forms at the browser level, they can't. What about you? Isn't like every single website you visit seemingly broken?

Well good websites are coded to work fine without JavaScript, and I can selectively enable sites I trust to allow it.

That sounds like a lot of work to maintain a whitelist manually. And it's not like you do a security audit of each site before whitelisting it right? You just decide to trust it, basically because you want to look at and use that website right now and JavaScript is the only way.

Yes but I'm much more likely to enable it on a big businesses website than some random blog. Look, I'm not alone here, millions of people have downloaded the NoScript plugin for Firefox alone.

I see that. Here's some empirical evidence for you though. I've never once blocked JavaScript on any of the browsers I've used. I browse around all day with little regard to my trust level of the current website. In general my trust level is actually fairly low. I know a lot of sites I visit are hosted on shared hosting by folks like me who aren't security gurus. I've had my websites hacked before on the server-level (nothing to do with JavaScript), which then inserted malicious JavaScript into my pages. I'm sure this has happened to many of those other sites I visit. Sometimes that JavaScript stores weird cookie data or redirects the website. Totally sucky and undesirable, but nothing that serious has ever happened to the point where I even consider just turning off JavaScript. I've never lost sensitive data or gotten spyware or anything like that.

Are you sure? Have you ever had weird charges on a credit card you've had to refute?

Well yeah.

Do you know exactly how that information was stolen from you?

No I don't, but I doubt it was JavaScript.

Doubt... Trust... two sides of the same coin.

Here's another reason I browse with JavaScript on. I like JavaScript. I write JavaScript. It does cool stuff and I like to see how other people use it. So I'm biased in that regard. As a web designer and developer, I don't like hearing how many people browse with JavaScript off. I want that to go away. I don't want to create gracefully degrading websites because it's often twice the work and only for accommodating people with outdated concerns about this technology. And don't tell me all about accessibility, I hear that most screen readers handle JavaScript just fine.

A site that works well without JavaScript also means it also likely has good architecture. It works great alone, and JavaScript adds to the user experience as needed. Relying on JavaScript entirely is just lazy.

You see it as lazy I see it as the future. So what about Flash, do you block that too?

No, I love Flash.

I knew I didn't like you. You're probably a PC guy too huh?

Dude, we're not going there.


  1. Peretz
    Permalink to comment#

    Love the ending!

    -PC guy.

    • I don’t get the ending… PC stands for Personal Computer, which means a computer system for personal use.
      If you’re referring to Windows vs MacOS it just doesn’t make sense…

      OnTopic: great story, to bad some “old” system administrators still think JS is bad and block it server-wide…

    • For at least a decade a Windows computer has been known as a Windows PC, or a PC. An Apple Macintosh has been known as a Mac. If you don’t get the ending, where have you been?

    • Permalink to comment#

      No one referring to PCs means “personal computer”, even if they think they do. It used to be that most manufacturers designed computers to be “IBM PC compatible”, and people just ended up using PC as shorthand. Eventually, “PC” ended up referring to any computer that wasn’t manufactured by Apple, since they were the last holdout on adopting the x86 architecture.

    • Steven Braun
      Permalink to comment#

      I thought it stood for Politically Correct.

    • Permalink to comment#

      I thought it stood for “Pretty Cool”

    • Wow, what an ignorant jerk. Sure there are some things that should simply work with JavaScript off, but would you really go to an extreme to disabling it?

      I don’t get the ending though, you have something against Windows or am I missing something here?

    • Ryzo
      Permalink to comment#

      Sup Sunny.

    • Wingnut
      Permalink to comment#

      I believe the ending is a reference to Jobs banning Flash on iPad and hence ‘I’m a Mac and u suck!’ scenerio

    • Andrea
      Permalink to comment#

      Sites using flash usually have worse fail-back than sites that use JS.

      So doing what you can do you HTML CSS and JS in flash is just wrong (i.e. a menu!)

      The bug linked is a Safari’s bug, so this guys are likely using a Mac, the PC vs Mac thing is due to Apple adv “I’m a Mac, I’m a PC” just search on youtube for some of them.

      In the end… preferring flash and let it load without asking your permission while being scared of JS is idiot. Flash is no more secure than JS.

    • Permalink to comment#

      yes… apple coined the term “pc” in their advertising campaign a few years back…….. right.

    • Ryan
      Permalink to comment#

      Someone should notify Microsoft and let them know that all their commercials with…

      “….I’m a PC”

      were wrong…..

      Thanks for clearing that up Johan, lol.

    • Permalink to comment#

      I bet your running Linux! Mac or Linux PC (thats twice as fast, for half as much)? As a computer science major I got to go with the second choice.

    • Permalink to comment#

      <– linux

    • Ubuntu Linux and Mac here. Never trusted Windows.

    • amen to daniel

    • George
      Permalink to comment#

      Linux all the way!

    • zookie
      Permalink to comment#

      Ubuntu roxx… but Mas is still ahead :P but since i don’t have the money to buy it, Linux kicks ass =D

    • <- Backtrack based on Ubuntu

    • piratelv
      Permalink to comment#

      I agree with you and all below/above me :D
      Linux FTW

    • pc …mac’s dont count up to their price vs. performance ratio … at least not anymore… a well made pc (!) can offer much more for the same price (mac’s are now made of the same parts as pc’s) … but u need to know what you’re doing ;)

      as for javascript … stealing some unimportant data is of no concern of mine since i usually shout it out loud on the internet – passwords are of different concern but i havent had any important data breached … best security is to appear (and in my case to be) unimportant … otherwise get hardware firewall and you’re set ;)

    • When was the last time you checked Mac’s specifications? For one thing, Macbook batteries out of the box can be charged over 1000 times, about 3 times more than the average battery.

      And a “well made pc” will probably cost the same, if not more, than a Mac anyways.

    • Even with specs “almost equal” the MAC OS is (at least for me) more simple, fast and productive than a Windows machine with twice ram and processor, cuz even having that windows machines still windows!

      And about price, today many windows machines from HP, Dell, Sony and other cost amost the same that a mac.

      I only miss a few windows games that I don’t run cuz I don’t think in Install Windows in bootcamp so soon. But if I wanna I can, just telling.

      Mac isn’t just fancy and shine things, they aren’t cheap, but certaly not expensives, they just have a standart quality above the average, and is for that we buy then and not sony’s vaio that usualy cost more than a mac.

      Buy Macs = Good Deal!
      Buy Vaios = Spend Money!

      And only for finish no ones care if a vaio come with a blue ray drive when u never ‘ll use all quality disponible in the disc!

    • Liam
      Permalink to comment#

      @rafael: yeah, if you buy from the brand names of course you spending quite a bit, that’s why building your own pc is the only way to go, even if you want to run OS X, build your own hackintosh.

      Price does not justify the hardware of a mac, the only good thing about a mac is the OS, but you don’t need mac hardware to run it these days.

  2. rybek
    Permalink to comment#

    “So what about Flash, do you block that too?
    No, I love Flash.
    I knew I didn’t like you.”


    • totally agreed

    • Yep, same here!

      Personally I love JavaScript, but block flash. Click the big black/white square with flash written across it to activate the particular object.

    • Permalink to comment#

      EXACTLY the same here…

    • My personal nemesis, the Antivirus2009/2010 malware, generally uses infected Flash banners as its delivery vector. It manages to sneak past pretty much every major security suite as well…

      Flash is a bigger security hole than JavaScript. By far. Blocking JS generally strikes me as paranoia. Flash on the other hand…

    • Permalink to comment#

      I’ve had to deal with that. It’s a pain. But more of a concern is how successful it is – if a alert pops up on their desktop saying “You’re infected – subscribe now!”, the majority of people click it.

      And I think you’re right about flash – javascript has quite a few built-in limitations for security reasons. Flash, however… most people have no idea that it has an offline storage that is pretty much unchecked.

  3. lol…

    I browse with blocked JS,
    don’t want to get catched by google analytics :-)

    • Bob Kazak
      Permalink to comment#

      This is off topic, but the slider on your portfolio website needs ‘prev’ and ‘next’ tabs or something. Because clicking those tiny circles can be down right difficult.

    • lol

    • Brian
      Permalink to comment#

      lol, just block it in your dns entry if that’s your worry. while you are at it, block their ads too, or, route that and/or other requests through a proxy server. lots of tutorials on the net to help you out along with software to make you slightly more anonymous.

    • Urm, so if you block all JS then how come your blog uses JS? Do you maintain a whitelist too? :P

    • ForEach
      Permalink to comment#

      Doesn’t google analytics fetch non-JS users with a 1×1 transparent image?

  4. Bob Kazak
    Permalink to comment#

    I’ve always hated that the “Soviets will steal my files” folks ignore that any and all programming languages wills always have vulnerable points and exploits. Just like how blocking advertisements has a tendency to make Web Masters subvert and profit with affiliate marketing.

  5. Take Flash and JavaScript (by extension: jQuery, MooTools, etc.) away and you get back to the 90s, the long forgotten era of static sites that looked awful.

    You can’t do an MP3 or video player in HTML. You can’t do form fields validation in HTML (you can in PHP, but that’s wasteful, as the info needs to be sent to the server with each try).

    So, even with security issues, it’s unwise to turn JavaScript and Flash off.

    (I’m biased towards JS. I write it too. I hate Flash ads and websites written entirely in Flash.)

    • Well, you can do an MP3 or video player in HTML only …. and limited validation now … but I still agree with your point as a whole.

    • Victor Sarabia
      Permalink to comment#

      “Take Flash and JavaScript away and you get back to the 90s”

      Totally true!

    • Permalink to comment#

      Nope, because HTML5 and CSS3 are coming.

    • René Flores
      Permalink to comment#

      Are coming when?…

      You know it takes a VERY, VERY long time for that kind of technology to be called web standard, right?.

      HTML 5 and CSS3 wont be viable for atleast 4-5 years, unless your target is something very specific (like iphone – ipad web development).

    • …in 2015 when enough people switch from IE6 and IE7.

    • Permalink to comment#

      Well you can already use some functionalities of HTML5 and CSS3.

    • Permalink to comment#

      you can, of course.

      but they’re far from being well-enough supported to rely on exclusively. Even across the more widely-supported elements, good browsers vary in their implementation. And until IE jumps on board, you have to assume that half your audience won’t know what’s going on.

    • Permalink to comment#

      Well a lot of CSS3 can be used without a prob, it’s just a cosmetic addition, IE users don’t even deserve to see them :)

    • Permalink to comment#

      exactly: it’s not essential.

      but a lot of the cool html5 stuff needs to have an IE-fallback or they’ll be left out completely – and unfortunately, they’re a big part of the market. And if you’re going to make a fallback, chances are it’ll work in other browsers too; so why code something twice?

    • Jean
      Permalink to comment#

      Guys, America is not the only country in the world. I’m in Peru at the moment and majority of people here are still using XP desktop boxes, very few macs because of the poverty line. It’s actually like that in most countries in South America.

      If you think that ‘people’ will be using HTML5 and related technologies by 2015, think again. There are more developing countries in the world than you realise.

      The world is not made up of geeks who upgrade at the drop of a hat, and the world is not USA.

    • Jorgen
      Permalink to comment#

      A. “you get back to the 90s”
      Clearly you don not grasp the concept of Progressive Enhancement.

      B. “you can in PHP, but that’s wasteful,”
      So you rather rely on client side validation, which doesn’t work when JS is turned of.

    • Mike
      Permalink to comment#

      Then you could submit your data using JS… If JS is turned off: no validation needed because the data cannot be submitted.

    • Permalink to comment#

      You could easily pass a token through the submitted form (e.g. have JS add a hidden field) that lets the server know whether or not the data has been validated client side and, if not, validate it on the server side.

      So, that would be providing an enhanced user experience if a user has JavaScript, but providing the same basic functionality to all.

      Wonder what we could call that?

  6. All we need next is a video to go along with the dialog.

  7. Lovely! I love the ending!

  8. Permalink to comment#

    Haha, nice little way of putting it!

    I think that the advent of JS frameworks means that websites with javascript are going to be a lot more common (mingos listed a couple of good reasons alone).

    One of the things I love about jQuery is the .load() function, and that you can tell it to load a certain element from the page, meaning that you can have fancy AJAX effects, and still have the page display fine for non-JS browsers

  9. TiGR
    Permalink to comment#

    It’s quite hard to read. Add “— ” to newlines, please.

    • Anon
      Permalink to comment#

      Why do you want a dash and a space after newlines? To show that it’s a quotation? Like this:

      — Dude, you browse with JavaScript on?

      Isn’t it obvious that the article was a dialogue? Or perhaps I don’t understand what you mean.

    • No, please don’t.

  10. I’m a bit biased against Javascript because I’ve had websites with unnecessary Javascript (falling snowflakes, trailing cursors, ugh) freeze my computer . I used to browse with it off just for a faster experience. I didn’t use it because, oh no, I didn’t want to inflict that on my visitors!

    But now most sites I browse either require it or enhance my experience. So I just leave it on.

    I browse without Flash, though.

    • Liam
      Permalink to comment#

      I see the 90’s and early 00’s left a lasting impression on you… (snowflakes, trailing cursors etc)

  11. Hayley
    Permalink to comment#

    Haha…love it!

    -PC girl :-)

  12. Amazing, haha. I couldn’t agree more. I hate throwing out a great idea to be accomplished with JS, only to hear “but what about when it’s disabled? then the effect would be useless!”

    Ending note – down with Flash.


  13. A good conversation between to biased people.

  14. Tom
    Permalink to comment#

    The only real annoyance I have with javascript, is the “evil” sites which you sometimes inadvertently enter while image-googling, that have a confirmation dialog that no matter what you answer, brings up a new confirmation dialog and a file for download (malware), so you can’t leave the site before you shut down the browser or turn off javascript.

  15. José Pedro
    Permalink to comment#

    I do understand the someone might like Javascript to provide nice new features to a site, but unless you are doing a very specialized website or a web app, then the site can use JavaScript, but should not rely on it.

    And with the upcoming features of HTML5 and CSS3 it is becoming easier to ditch some Javascript: CSS 3 transitions… HTML 5 video… even out of that, you can already make animated images without resorting to gifs or flash on Firefox with animated PNGs. If you can’t make a blog or a generic site without needing to rely on JavaScript, then you’re stuck in 1999.

    And I do not like Flash either (unless for what is supposed to be used for: flash games… until <canvas> takes it that… :P ). I use NoScript with the FlashBlock function if you’d like to know.

  16. Ximo
    Permalink to comment#

    My new site won’t render without javascript, just to keep “conspiranoids” away.

  17. Permalink to comment#

    Haha, cool. But i don’t really like the ending, i’m a PC guy and i see nothing wrong with that. It seems the “PC vs Mac” commercials made web developers think they’ll be cooler if they use a Mac.

    I do my development on PC, i love JavaScript (read jQuery) and i hate Flash (and IE of course).

    • walter
      Permalink to comment#

      It’s not about been cooler, it’s about working faster. Have you try working with a mac? I think you don’t.

    • Permalink to comment#

      Putting aside a few spelling mistakes, maybe you are right about the working faster, i don’t know since i never tried working on a Mac.

      Can you explain me how do you work faster on a Mac?

    • Matthew C
      Permalink to comment#

      i’ve worked on loads of macs. lost a lot of work due to various mac crashes, and even due to deliberate osx behaviour. after having to use macs for three years, i refuse to use them anymore. windows all the way, or occasionally linux!

    • If you’re not used to Macs or the interface simply isn’t for you, it won’t really help you work faster will it?

      I do everything on my Windows 7 laptop. FileZilla for FTP, Notepad++ (which has tabs) for file editing, and Photoshop for graphic stuff. Oh and Firefox of course for browsing and development tools.

      It really depends on what you’re used to and how you use it. It doesn’t matter what magical feature you add to Macs, they can’t make you work more efficiently than a PC might.

    • Permalink to comment#

      I agree.

      P.S I use all the same stuff as you do (Windows7 on a laptop, FileZilla, Notepad++, Photoshop) but for browsing i use Chrome and for development i use Firefox because of the dev tools.

    • cinnak
      Permalink to comment#

      Same tools here: W7, Notepad++ (With NppFTP plugin), Photoshop, FileZilla, Firefox + devtools. Couldn’t live without these tools.

      Also, I think the author of this post is just stupid to make a mac/PC-thingy out of it. Sure, most of the Mac user who would like to turn off JavaScript probably don’t even know how to do it ;)

  18. Wyverald
    Permalink to comment#

    That so spoke for us web developers. We just hate those paranoid guys all fearful of JavaScript’s potential harmfulness and inconsistences and blah blah – I’d bet most of them don’t know JavaScript at all.

    And hey, the ending was hilarious!

  19. Jake
    Permalink to comment#


  20. Permalink to comment#

    whats with all the anger towards anti-javascriptors? I run noscript CONSTANTLY, your lucky to get temporary javascript permission with me. Javascript should bee like CSS, unnecessary and only adds aesthetic to the webpage, I shouldn’t notice it when its gone.

    • Permalink to comment#

      you should notice, but you should still be able to make good use of the site.

    • Where have you been? JavaScript adds a ton of good use to websites. Some stuff may seem unneeded, but other stuff (especially with forms) really speeds up your task at hand.

      Also, how does having CSS disabled make the site look the same? Maybe only to a blind person…

    • Permalink to comment#

      he didn’t say css didn’t change a page’s appearance; but that it (should) be aesthetic. Webpages should not be unreadable when viewed with a default stylesheet.

  21. Lol, great text.

  22. Minor typo: in paragraph seven, “you’re” should be “your”

  23. Batfan
    Permalink to comment#

    Ha, good stuff

    – Life-long PC Guy

  24. Ahmed
    Permalink to comment#

    Heh, awesome. I never disabled JavaScript because I don’t browse suspicious websites :-)

  25. I love JS; without it, web browsing is just like curry without salt.

  26. I think i’ve had this same conversation. Also, I like how a “conversation” about js is slowly turning into a conversation about PC vs Mac.

    – Linux Guy :-)

  27. TheKm
    Permalink to comment#

    Every single language has flaws that can be exploited, but people always pick on javascript.

    Truth is: if your security is so weak that someone can take personal and bank info through a simple javascript exploit, you might as well print them on a billboard.

    Not to mention that anyone can write to detect whether or not you have scripts enabled, and have a backup trojan/virus/etc. ready and waiting.

  28. I think if people just stopped browsing porn, warez, and torrent sites, JS-based hacks and security issues would be virtually non-existent.

    Great post, Chris, I like the unique style it was done in.

    • Permalink to comment#

      Yeah, take all the fun out of the internet…

    • I assume you’ve never been to a ‘normal’ site that’s been hacked and had malicious JS plastered all over it?

      Of course it’s usually hidden and you can only see it with NoScript / JS turned off – and yes usually it’s spam or redirects or whatever, but a redirect today, tomorrow the world!

  29. Thats just a great story. I enjoy the ending with the flash.

  30. Louis – you try to get people to stop browsing those types of sites and you will be a very rich man – I guess we have to put up with these problems :/

    Great post guys

  31. The conversation was going on nicely, but I didn’t get the ending. I’m a PC guy and I love Flash. What’s the relevancy?

  32. Permalink to comment#

    not sure I really got the gist of the post, but if you’re just saying that people are too paranoid and should not block javascript, then you don’t have kids!
    My dad just paid a couple hundred dollars to a tech to remove all the spyware that was clogging his computer which had no firewall of course ;)

    • Permalink to comment#

      I have no firewall and i never had any problems with spyware, malware, worms, trojan horses or any other animals whatsoever.

      The problem is that your kids or your dad click every single “you won million dollars” or “you are our 1 millionth visitor, claim your prize” banner.

      Don’t block JavaScript, block computer access to your kids and your dad. :P

    • +1

    • Permalink to comment#

      Ohh, wait. He paid couple hundred dollars to someone to install an antivirus program and hit Scan&Delete button or maybe just reinstall the OS?!? I think i just found my job, ripping off non-techi people :)

    • Permalink to comment#

      A couple of hundred dollars??!?!! I really don’t charge enough!

      I think you will find that 95% of the time, if you have spyware, it is down to a P.E.B.C.A.K. error.

    • Simon
      Permalink to comment#

      I prefer to call them PICNIC errors ;)

    • Permalink to comment#

      You’re probably a PC guy too huh? ;)

  33. Permalink to comment#

    Oh man that made me laugh a lot. I made a chat thing a while ago, most of it was coded in jQuery and to be honest, I really didn’t want to find another way around that just so a few people could feel more secure

  34. Hitesh Chavda
    Permalink to comment#

    ☺ JS always enabled.

  35. Gavin McNamee
    Permalink to comment#

    I don’t understand all of the Flash hate. It must be the terrible ads created with it, but as a creative tool I think it is wonderful. Unfortunately, it falls into the hands of the advertising industry and they give it a bad name. There have been some really inspired animated shorts and games created with it. I find that a lot of my more serious developer friends absolutely hate it, but my artistic friends can’t get enough. The article was funny nonetheless. :)

    • Tom
      Permalink to comment#

      I agree. Luckily Adblock Plus firefox plugin, removes the worst flash ads.

    • There are several issues. Ads are a big reason (granted, whatever medium is popular will always be used to make terrible ads). Also, Flash on the Mac runs really slowly and drains laptop batteries like crazy. That combined with the ads is probably why most people block it.

      Unfortunately there are no Flash-style visual editors for the HTML5 canvas that I know of, but hopefully there will be soon so artists can take advantage of it without having to be developers too. Until then, I think content creators will keep Flash alive and well regardless of hate from end users and developers.

    • Gavin McNamee
      Permalink to comment#

      It used to be a lot worse on Mac. There was a time when Flash would just kill my Mac and I was really frustrated, but I haven’t experienced those type of performance issues for quite some time now. As for a battery drain I think there is little argument there.

      Flash style visual editing when creating animated sequences is so intuitive and fun. I had a lot of fun doing so over the years. It pains me to see the ad banners from hell that seem to be so popular now. I’m a Mac guy that loves Flash, but I do see both sides of this argument and understand the concerns.

  36. Victor Sarabia
    Permalink to comment#

    haha … nice read!

  37. Dan
    Permalink to comment#

    This is probably not the best place to have this conversation. If you ask a bunch of web developers if JavaScript is bad, I think the majority of them will say no because they have a vested interest. Otherwise most of their sites wouldn’t work. The truth is that JavaScript IS responsible for most of the security issues on the web. That being said, I stopped using NoScript and decided to take my chances. It was too annoying to try to maintain a whitelist and after a while I just got tired of hitting “Temporarily allow all the page”.

    • Permalink to comment#

      I would disagree: in fact, as a web developer, I don’t rely on javascript to make my sites work. I use a lot of php, but almost all javascript I use is non-essential; and the rest of it has a (admittedly, more cumbersome) non-js fallback.

      In addition, javascript is not responsible for most security issues on the web: most are a result of dishonest people. We don’t blame cars because some people drive drunk and run down pedestrians, do we?

    • +1 to you Traq,

      Unless you’re creating an app, or some software where the user knows the requirements i.e. JS & a decent browser :), javascript should be a nice enhancement.

      I choose to use NoScript, and I know people who have been burned by JS vulns on apparently safe sites.

      And let’s not forget all those working in corporate environments where network nazis or proxy servers prevent the use of JS for perfectly valid security reasons.

      Then again they also probably are forced to use IE6, and the web community seems hell bent on bashing them for that, even though it’s not their fault, so let’s dump on all the people without JS too – intolerant web FTW.

      @Dan – my approach to the whole whitelisting thing is that if I like a site enough I’ll whitelist it, however if a site isn’t that important to me, and doesn’t work without JS on, then they lose me as a visitor…forever. No skin off my nose.

  38. Permalink to comment#

    I’m with all the other people telling you what to do. I say add a nice dancing crocodile or exploding firework gif at the end.

  39. Anthony
    Permalink to comment#

    Great article! : )

  40. 7oda
    Permalink to comment#

    i like this article , and i agree with you in every word

    ,that you wrote , i enabled javascript and flash

  41. I am soo sick of this whole PC/MAC debate…
    I used to use MAC, I used them for 6 years while working in print design, I later moved into web design, at that time we almost only had IE5 for MAC which as we all well know was a pile of $£!%.

    I now use PC. Why you ask? Well everything is the same, all the components, and most of the software too, who care about the OS – 99% of people only use it to find files and save files and most don’t even know what Linux is.

    In the real world I’m trying to make money – the PC is my tool and enables me to do that, if I went MAC I’d be paying over the top prices for mostly the same thing and considering we all need to upgrade every 3-5 years that take from my profit.

    • Permalink to comment#

      Can’t agree more.

    • Allergison
      Permalink to comment#

      I agree. I too was a MAC user for about 8 years, but I’ve now been a PC user for about 8 years and have had good experiences with both.

      Flash and IE suck…. but PC’s, I don’t see the issue there.

  42. Fantastic article! Developers should warn visitors that some functionality is not available without JavaScript enabled. Is it such a problem put a noscript tag? That’s why I started this project: Suggestions are welcome.

    • Change “In your web browser JavaScript is enabled.” to “Javascript is enabled in your web browser.”

  43. Steven
    Permalink to comment#

    “Take Flash and JavaScript away and you get back to the 90s”

    But they both existsed in the 90s!? And like in the 90s, both have moved forward technologically yet are still capable of resource hogging and vulnerable to hacking. People really think HTML5 and CSS3 is finally going to bring anything different? Not without more secure operating systems and browsers they’re not.

  44. Coincidentally… I was just talking to my boss about the importance of graceful degradation for a site that requires javascript for certain parts to function..

  45. Permalink to comment#

    Are you sure you were talking to a “PC” guy and not a “Linux” guy? You know, the Linux people, the ones who think “M$” is out to get them, subverting the industry, and trying to make all computers running Linux stop functioning because of the “rebellious” nature of it all? Those are the people that I would see disabling Javascript because of all those “malicious hackers” [hired by Microsoft].

    The only “PC” people I know, in the sense of the word and not just an advanced computer user, are ones that cannot tell the difference between the Internet and Internet Explorer.

    Coincidentally, posting from OpenSUSE 11.3. I’m not a Linux user, or a PC guy, nor a Mac fanatic. I use a computer day to day.

    • Permalink to comment#

      I’m also being dead serious. Go check out forums like ubuntu forums where the members are actively warning users that having javascript turned on will cause the loss of their newborn.

  46. Ahh, I see Chris is getting all mac smug.

    Because all of us who use Windows or anything other than mac love flash and cannot design, right

  47. Hey im a PC guy, but i hate flash, and IE too…

  48. Permalink to comment#

    Entertaining article. I had a quick question though. My settings are set so that my history and private data is cleared every time i close Firefox. However, I do save passwords and form auto-fill (as well as JS always enabled). Does that make me extra vulnerable? Didn’t even know JS can send that type of info client-side…

    Thanks, Amit

  49. Great article, really loved it, i love JS and always have it enabled and see no reason to get into trouble.

  50. Gordon
    Permalink to comment#

    Why would you be so paranoid about JS and then claim to love Flash? If anything Flash is far far worse! Supercookies, anyone?

    • Russ
      Permalink to comment#

      Actually I think they are both the same! Code them both right and they both serve their own purposes very nicely. Lets not be closed minded and fight between Javascript and Flash now shall we’s pathetic.

  51. Permalink to comment#

    I use JS but block Flash. But I also install No Script for Firefox to block some sites that use unnecessary and annoying JS heavily.

    • Russ
      Permalink to comment#

      See now that is just weird! Why block one technology but allow the other? Doesn’t make sense…it doesn’t encourage the web to move in the right direction at all.

    • Permalink to comment#

      Try telling that to Steve Jobs

    • Bryan Elliott
      Permalink to comment#

      “it doesn’t encourage the web to move in the right direction at all”

      Doing away with Flash-as-content-display *is* the right direction.

      Flash is only good for a couple of things these days: games, vectors, and audio/video.

      CSS 3 and HTML 5 cover the latter two features without the use of an extraneous, proprietary plugin. As browsers adopt the new standards, Flash-as-content will slowly fade.

      I don’t mention fonts because they’re already covered by IE6+, FFx 3.5+, Chrome, and Safari 3+. sIFR is already fading from use.

  52. I agree that the site should always work without javascript, for people who use JAWS (screen reader, for example). Yes many screen readers can actually handle javascript, but most people I know using screenreaders actually disbale javascript because it “hijacks” focus for example. And it is difficult to have full control / knowing when a site has been changed by javascript etc. So they prefer browsing with it off. Although I hope WAI-ARIA will change this.

  53. with the last sentence “pc-guy” you fucked this article… that is the resumée of that post?! … talking bad about people, just because they are no “I NEED ALL OF APPLE’s APPLICATIONS AND HARDWARE!!!!” guys?!

  54. deos
    Permalink to comment#

    im using noscript for years now. i would never use a browser without it! (thats one of the main reasons why i stick with FF, chrome is useless without something like noscript!)
    btw, noscript also disables flash by default (similar to flashblock), and of course i dont like flash except for flashgames XD
    and, well, im a web developer… i also love javascript, i love to write the coolest effects and stuff but i still write (most of) my sites in a way you dont >need< js for it. its just "the proper" way guys :P

    ps: noscript is also fantastic for staying away from all statistik-scripts, add-scripts and whatever else of this annoying stuff is out there because you can seperate from which domains you want to activate scripts ;)

    pps: im on ubuntu linux. and "PC" is a computer in generell for me, that means mac too ;P

  55. I love the fact that the whole point of the article was completely relaid in the comments when it came to the short discussion about PC vs Mac, brilliant!

    Well done for proving an already obvious (and well-written) article chaps!

    This rings so true…

  56. Hey Chris, which side of that conversation is you?

    • Both.

    • Hmm interesting – I presume the reason for this post was to highlight both sides of the “do I support ‘noJS’ or not” coin?

      Seems to have brought out a lot of opinions and a dare I say it, prejudices in the web community – as well as rousing the mac/pc lot :)

      If you don’t mind my asking one more (cheeky) question, if you were making a ‘normal’ site, i.e. not an app, or one aimed at a well defined audience, would you build one that “works great alone, and JavaScript adds to the user experience as needed” or not worry about NoScript users because you “don’t want to create gracefully degrading websites because it’s often twice the work”?

      Personally I always try to go with no. 1.

  57. There’s nothing wrong with a PC, they’re made from the same part and run almost all of the same programs and then some. A Mac and a PC at the same price (iMacs are around 1400 for a cheap one) are vastly different in power and performance, PC’s trump Macs. The whole “Macs can’t get viruses” crap is just that…crap. Mac programs are written in C# and you can write a virus that would manipulate that, most people just write viruses in C++ because most people use PC’s, with programs and applications that run on C++. Sorry for my little rant I’m just a designer and developer who happens to be a Windows fanboy xD

    • deos
      Permalink to comment#

      mac programms are mostly written in objective c, not c#
      but youre right

  58. Jonathan M.
    Permalink to comment#

    Great Article!

    I have been using noScript (firefox add-on) for for past 3-4 years… and have had NO issues or problems, (virus, spyware, malware, hijack, and hacker free). AWESOME little extension!

    • deos
      Permalink to comment#

      couldnt agree more

    • Jenni
      Permalink to comment#

      I haven’t been using noScript, ever, and I’ve had no issues or problems (virus, spyware, malware, hijack and hacker free). Nor have I had my card details stolen, my personal identity threatened or my website hacked.

      Maybe I’m just lucky. Or vaguely sensible.

    • Permalink to comment#

      Damn, beat me to it with the sarcastic response ;)
      People can’t just use the “I block JS and never had an issue” excuse any more because 99.whatever% of the time any problems are caused by the idiot sitting in front of the computer. Unless you’re using a prehistoric browser there’s very very little a ‘naughty person’ can do with JS alone and without any user interaction. If you manage to get any malware/viruses or whatever “because of javascript” then chances are it was your fault.

    • Bryan Elliott
      Permalink to comment#

      Good ol’ PEBKAC gets ‘em every time.

  59. Ant
    Permalink to comment#

    I also disable js on sites with annoying previews/popups on links.

  60. Nagita
    Permalink to comment#

    Without javascript many sites just will not work well. So I think it is safe to assume that most people (who control their computer) have this enabled.

  61. Permalink to comment#

    Fuck the javascript haters, you cant browse the web today without javascript, oh well you can, but many of the big web sites requires you to have it enabled.

  62. Wow……

  63. facebook needs javascript

    but there are a lot of trappy sites such as those displaying violent images and can’t be closed that works on javascript

    as solution, i prefer to use Mozilla addon “Quick Java” :-)

  64. Permalink to comment#

    I don’t get it. Was this real dialogue or something made up? Both sides have a perfectly valid point, so what was the point of the article?

    • Mike
      Permalink to comment#

      I am complete agreement with you. I didn’t understand the point either. I didn’t know whether it was promoting for or against browsing with Javascript.

  65. David
    Permalink to comment#

    I find it ironic that this post ends with a dig at PC users, but the referenced security issue is a Safari only (well, Webkit only) issue, which is far more popular on Macs.

  66. I have never blocked javascript and never had any problems with attacks or stolen details…. Even when I used a PC! (Never am I going back to them days!)

    Javascript allows developers to come up with some amazing stuff as mentioned, but I have to say I have found my self using it less and less. Since I began coding with jQuery I’ve been able to do a lot with it and no longer use flash either, unless its for complex animation.

    But back to javascript side of things.. would be interesting to know if anybody reading this has actually fallen into some kind of scam or attack via it?

    Thanks for the post Chris, put a smile on my face on this early morning at work!

    • Permalink to comment#

      …Javascript allows developers to come up with some amazing stuff as mentioned, but I have to say I have found my self using it less and less. Since I began coding with jQuery…

      jQuery is javascript.

  67. Ben
    Permalink to comment#


    Personally I would love to develop websites with graceful degrading Javascript – however my employers specifically instruct me NOT to, beacuse it takes twice as long to code. I do what I’m paid to do!

    If there was more time and money available then it would be more feasible.

    Personally I do use NoScript when browsing.

  68. Permalink to comment#

    Great one ! You should write more stuff like this, Dude .

  69. Permalink to comment#

    Too many comments, mine would be lost anyway. Touchy subject and all the frustration come out.

    I think you cannot switch between Flash and Javascript, each one has it’s own strong point.
    The comment about the PC it’s kinda Politically Incorrect. I’ve been working on Mac and PC and there is no significant difference.
    Maybe on your ego, like:”this site was made on a Mac”. So *** what?

    Anyway, a “better life” would eventually turn everybody into some lazy bastard.

  70. Jo
    Permalink to comment#

    So, we don’t use Flash and now we don’t used JS?

  71. Hi,

    I really don’t understand the debate about having a PC or a Mac. I see a load of crappy designers who are proud of having a Mac, .. well, good for you!

    In my personal opinion it doesn’t matter if you have a PC or a Mac, it’s how you use it to make nice stuff.

    Creativity or innovation doesn’t come automatically with a chosen OS, so stop jerking off on your Mac and do something with it!

    Learn how to code properly, that should be one of your main concerns in stead of babbling about how cool your OS is. It’s just a thought ..

    BTW: for the ones who want to know what I use? An iMac and a Windows-laptop

    • Sam
      Permalink to comment#


      Mac & PC user here too. Couldn’t do my job without both. Why pigeonhole yourself?

      It’s not the tool, it’s the talent. :)

  72. Mike
    Permalink to comment#

    Uninstalled NoScript after reading this article and some of the comments…

  73. “I think you cannot switch between Flash and Javascript, each one has it’s own strong point.”

    Not to mention, they’re both not mutually exclusive, and can interoperate well.

    Still, using flash as website-front is verboten, as far as I’m concerned, and progressive enhancement is king.

    Still not installing noScript; Adblock does a rather good job of keeping people from stealing my info.

  74. Tinfoil Hat Hater
    Permalink to comment#


    FF is the worst browser of the big 3… the plug-in feature makes it the most lax in security too… 90% of users already have trojans from that plug-in’s folder and don’t know it because 40 of the top 50 scanners out there don’t pick up what they need to. Google it if you don’t believe me…

    And you’re worried about flash and js.. so you’re using a FF plug-in to protect yourself? hahahahaha!

    It’s like you people are new to the internet or something…

    Here are some realities…

    IE6 won’t die until the users do… deal with it.

    JS and Flash won’t die either… suggesting it just goes away… wow dude… don’t EVER leave your mom’s basement, you won’t survive in the real world.

    PC/Mac each have small differences that make either one better for different things… but in the end, it’s a wash and a preference. Coke/Pepsi… same shit, different can. You might be cooler if you own a Mac, at least in your mind, but it doesn’t make you smarter. I have and use both… prefer PC because I can bash the shit out of it, wreck it, infect, fix it… a Mac is like being at your Grandma’s house… you can’t really touch anything.

    If you let your browser or any app save your personal info, passwords or your credit card / banking info… can you please just email it to me so I can use it, because you are clearly a MORON who doesn’t deserve to have any money anymore. Hopefully someone can steal your identity and you can start a new one… one that isn’t an idiot.

    To all those developers/designers who want to find work knowing lots of CSS3 and HTML5 and shunning flash and JS… enjoy pizza hut.

  75. nice story, don’t really see where Flash ‘lover’ and PC user collide, but still..

    best quote is in the comments imho
    “a Mac is like being at your Grandma’s house… you can’t really touch anything”

    • cinnak
      Permalink to comment#

      So true :) Mac is for looking at, while PC (running w/e OS you like) is for working with.

    • Kaeptn
      Permalink to comment#

      “a Mac is like being at your Grandma’s house… you can’t really touch anything”

      Don´t see that. You can touch everything, the only thing is knowing where. Maybe it´s harder for people, who do that what their grandmas told them to do. But once beyond that, it´s easy. And way more simpler than with an pc…

      If I develop a website, I never would demand from the user to enable JS. But it would be his falt, if the user can´t see the the full beauty of the website

  76. Hey Chris, this is a bit of a heated post! Definitely worth sharing though as it was a really interesting read. I too use a Mac and a pc daily and do a lot of website browsing all day every day and haven’t really had any recoil from anything regarding leaving my JavaScript left turned on… anyway even if I did, my bank is empty so they cant really steal my money…

  77. Jules Manson
    Permalink to comment#

    I hope I get this much traffic as your comments would indicate when I get my site up.


    I guess its a choice you’re making to not adapt to say 5% (bottom of that page) or even if it was only 2% now of Web traffic. I say flip the paradigm you are looking at… by that I mean…

    Hey it’s user choice and often not even their choice but their company’s choice… as a professional I’d say your job is to deal with that. Lock out that 5% of traffic? Ignore them? That’s a huge number of actual site visitors.

    So no, I kind of think the article has lost a little perspective. Your job is to meet your client’s business objectives on the Web, your job isn’t to tell your client’s customers that they don’t count because they don’t have JS enabled.

    I actually think too many web designers get caught up in themselves and start thinking the web is about them. I disagree. We are the minority. We aren’t the computer police.

    The day we start thinking this is all about us is the day we need a holiday and a slap on the bum with a table tennis paddle. Just my 2 cents. Failing to accept graceful degradation is actually unprofessional and lazy coding IMO.

    But what the hey, we’re all different, Chris. That 5% of traffic (or even 2% might mean nothing to you or your client). Personally, as a business person, I’d fire someone I hired that failed to meet my optimal ROI on a ‘political principal’ or due to being a ‘design prima donna’.

  79. … well, you kind of said all of that but I had to add to expand on it a little. It’s not about JS enabled or disabled, it’s about accepting that we have no control over the user software / hardware config and features – that’s the amazing challenge of our work.

    Imagine how drudgery our life would be with one stable browser and no problems to fix. Yuk. :-)

  80. Permalink to comment#

    wasn’t this post about javascript?

  81. Glizzue
    Permalink to comment#

    Is this supposed to be in favor of coding assuming javascript will always be on?

    The last two paragraphs seem to be at odds with this

    “Here’s another reason I browse with JavaScript on. I like JavaScript. I write JavaScript. It does cool stuff and I like to see how other people use it. So I’m biased in that regard. As a web designer and developer, I don’t like hearing how many people browse with JavaScript off. I want that to go away. I don’t want to create gracefully degrading websites because it’s often twice the work and only for accommodating people with outdated concerns about this technology. And don’t tell me all about accessibility, I hear that most screen readers handle JavaScript just fine.”

    This is a specious argument, guided by hearsay and laziness

    “A site that works well without JavaScript also means it also likely has good architecture. It works great alone, and JavaScript adds to the user experience as needed. Relying on JavaScript entirely is just lazy.”

    This is an extremely good argument, with empirically proven facts and sound reasoning.

    The “always javascript on” guy just seems like a doucher.

  82. Vince
    Permalink to comment#

    Only geeks turn JavaScript off, ‘normal’ users don’t even know what it is and stick to browser defaults which means it’s always on.

    I have no intention of building sites that support paranoid geeks who turn off JS because of some blog post on how Safari shares address book information.

    One of the most popular sites on the web (YouTube) does not work with JS turned off. Does that mean YouTube is not built on good architecture?

  83. Jean
    Permalink to comment#

    “The “always javascript on” guy just seems like a doucher.”

    I guess that mean’s the majority of users are idiots.

    Ask your mom “Mom, you brwose with JavaScript on? Like she cares…

  84. Emanuele
    Permalink to comment#

    “I knew I didn’t like you. You’re probably a PC guy too huh?”

    Welcome to the nursery school, again!

  85. me
    Permalink to comment#

    ca you recommend a browser that has options to see only text? i mean disable check-box for all technologies bloating right now the internet. im looking for a 10MB browser right now; thank you

  86. There used to be a time when I used a browser plugin and disabled Javascript completely suspecting I was getting spyware/redirects through Javascript, and only choose to allow certain sites I trust. Now, I no longer feel Javascript security issues are of concern if you have decent security on your computer. I am more bothered with Ads than javascript on certain sites…

This comment thread is closed. If you have important information to share, you can always contact me.

*May or may not contain any actual "CSS" or "Tricks".