JavaScript rant

I remember a friend of mine gave me his website URL some time ago, telling me to check it out. When I got there, the first thing I noticed was that the opening page was blank except for a "button" you were supposed to push to get to the actual site. I've never quite understood title pages like these, since they just get in the way of what you really want to get at. However, what was even more irritating was that the picture of a button which served as a link to the main site wasn't a real HTML link; it was connected to a JavaScript function which took you there.

Now, why would you want to do that? Why make a JavaScript link like that when making a normal HTML picture link works just as well, and would work even with JavaScript turned off? I bugged my friend about it and he eventually fixed it, doing away with the title page altogether and making the URL go directly to the site index page. That was better, but on the index page, I soon noticed something else: Instead of using normal links (again), it used what apparently are called CSS, or Cascading Style Sheets, a form of JavaScript which makes drop-down boxes where you can choose items from a list. In other words, without JavaScript, it was impossible to go anywhere in the site.

(UPDATE: It has since been called to my attention that what I am referring to is, in fact, *NOT* CSS. CSS is a method for creating pretty-looking web pages with nice colors on the scroll bars. I was incorrectly informed that JavaScript drop-down menu boxes are CSS. So, I should instead refer to them as "stupid things which work like links, except they require you to select an item from a drop-down list instead of just clicking on a link, and which also require JavaScript". It happens that CSS, while relatively useless (it is a cosmetic enhancement, not a functional one), is a server-side language and so does not pose any security risk to the browser, nor does it require the browser to enable any weird security features. Server-side languages, such as PHP, JSP, ASP, and CGI, are outside the realm of idiocy, because they run on the web server, rather than on the browser's computer. This means no security problems and no requirements on the client's part; Even Lynx can view pages in ASP or PHP. The downside falls to the web developer: Their server must support the language.)

Excuse me? First of all, a normal link list is easier to use, because it shows all the items available without you having to click to pull down the list. Secondly, a person using a non-JS-capable browser would be completely unable to use the site at all.

When Java and JavaScript first came out, they seemed to be mostly used for creating animations, which was interesting but much easier to do with animated GIFs, which had been around long before Java. Now, however, as these two languages become more widely known and used, people are extending their usage of them to make their entire websites dependant on them. The idea seems to be that the more Java/JavaScript, the better, even if it does nothing more than things like linking, showing pictures, redirecting, etc. which HTML can do by itself. In response to all this, only one word comes to my head: "Why?"

Do people think it's cool? Do they think it'll impress people who go to the site? Do they think it will actually make for a better, more informative, easier-to-use website? As far as I can tell, they do this just because these functions are new, and they think that must mean they're cool. The friend mentioned at the beginning of this rant says he wants his website to be an "experience", which is why he uses JavaScript.

Huh? Does making a drop-down list box instead of a normal link list make your site an "experience"? Does it create an exhilarating rush, a sense of peace with the world, or even just a nice, warm feeling of something good?

Uh... No. But he seemed to think so.

I see this more and more. Recently I was on the website of a fairly well-known company (which shall remain nameless), and found that I couldn't get a list of places to go. It turns out that, as they put it, their website makes "extensive use of the capabilities" of new Web browsers, including, of course, JavaScript. With JavaScript turned on, however, the site had *nothing* beyond some basic text and graphics; The JavaScript was used for nothing more than displaying the page content and navigating it. Again, why?

If you browse the Web much, you've probably seen plenty of smaller-scale examples of the same. People use JavaScript to link to other pages for no reason.

OK, so people sometimes use JavaScript where it isn't needed. Big deal, right? If you're a JS advocate, you're probably wondering why I don't just turn JavaScript on in my browser, let everything work the way it should, and stop whining. After all, why not? If that's you, you probably don't read Bugtraq (a mailing list about computer security problems). The fact is that JavaScript, because it's essentially a programming language which gets its code from websites, can do anything to your computer that the site creator wants. A "malicious" site operator (if you do read Bugtraq, I bet you're tired of hearing THAT word) could basically read, modify, or delete files on your hard drive, steal passwords, or essentially do anything you yourself can do with the computer. This is why I always browse with it turned off.

I can understand using JavaScript for genuinely useful functions which HTML can't do. It can do some interesting things. But please, why make the whole site hinge on it uselessly? What about the people using browsers which don't support it? Why be more incompatible than you have to be, especially for no reason at all?

To all the people who say "Just upgrade!": Why? There are computers in the world which cost several million dollars and are much more powerful than the one you're probably using right now. How would you feel if software were written only for these computers? I bet you would stop screaming "Upgrade!" to those with anything less.

Do I sound bitter? I guess I am, a little bit. Not because of JavaScript itself so much as the way people use it. Ask at least 90% of the people who use needless JS on their sites WHY they have it there, and they'll answer: "I dunno... It's cool." The other 10% will probably say the same except without the "I dunno". These people know how to write a JS script and put it on their websites, but if you make them look back, they don't know why they did it, or what it adds to the site. A line from "Calvin And Hobbes" comes to mind: "How can little kids know so much and still be do dumb?"

If you're making a website, for Tim Berners-Lee's sake, use real HTML links to link around. Use real HTML to show the pictures. Use ALTs on the images for the people with graphics turned off. Use JavaScript in places where it would actually do useful things that HTML couldn't do. But don't use it because you think it makes you cool or because you think JS scripts automatically make your website more interesting. It doesn't. People with JS turned off will only be annoyed, and people with it on may well not even notice it.

Now, after reading this, you may wonder why I don't attack other mobile code on the Web, like Java or ActiveX. After all, JavaScript on its own probably isn't a mortal security threat, whereas with the proper ActiveX control, it can be pig-simple to wipe out the user's entire hard drive, right? Well, yes, and everything I said about JS goes for Java and ActiveX too, but the nice thing about Java is nobody seems to use it on websites a lot. As far as I can tell, this is because Java needs to be compiled with a compiler, which most of the 8-year olds who put worthless mobile code on their sites either can't figure out how to do, or are too lazy to do. Making your own ActiveX control is even more complicated. JS, on the other hand, is put right into your site source code, making it as easy to do as HTML. If we could just make JavaScript a little harder to use, we might help a whole new generation of people take a more sensible approach to website design.

Java is a trademark of Sun Microsystems, and I'm pretty sure JavaScript is trademarked by somebody too. I'm not sure who, but the point is, don't use it for yourself or bad stuff might happen.

Back to the main page