Member:
Markus ⋅
Date: August 10, 2009, 06:47 PM
⋅ Subject: "The reason we employ AJAX and javascript"
Client-side interactivity without full page reload every time you want to interact means you must have javascript on. Yes, we want people to use browsers that support javascript, CSS, and other mainstream technologies that are used in making web applications prettier and smoother to use. Not using AJAX (and coincidentally javascript) is like a jump 10 years back in interfaces. Bottom line, no javascript equals static pages, static pages equals previous millennium technology.
In the context of iWiccle, no javascript means no WYSIWYG edtors, no page builder, no menu builders, no inline windows for comments, logins or any such, no inline image uploaders, no inline preview, and so on and so forth. None of this can be done without javascript. Additionally, every time you rated, commented, sent a mail and so on, you would have to load an entire new page. Without all that, iWiccle would be a good deal less interesting. It would be an interesting piece of retro software that fell off the wagon in 1998.
I do understand that some people have security concerns over javascript, but it is a very widely used technology, and really, its proper use makes a huge difference in the way your pages work. Just because a technology can be used in a sloppy manner, and because it can be exploited in some situations, doesn't mean one ought to avoid the technology altogether. Rather, the pertinent question is: Is javascript in a particular application (such as iWiccle) safe to use?
If there were to be a version without javascript, or with non-JS fallback plans for all user actions (not admin level), it would be primarily because some user agents could not support / fully support javascript by their very design --- not because a user chooses to disable an industry standard technology. Now, in principle I have no problem creating versions that work with javascript off, or that work with IE 4.0 or FF 1.0 for that matter. The question is, is that really necessary, and is our time best spent doing that?
The fact is that there is very little demand on Web 2.0 applications without javascript (and indeed one might even say there is no Web 2.0 without javascript), and therefore a javascript-free version is not very high on our list of priorities — even if we've talked about "retro support" for future versions, coming as we find the spare time to downgrade functionality for the small margin of users who either insist on javascript off or otherwise use ancient browsers.
To be proactive here, perhaps your members can mention the issues that concern them with javascript security while using iWiccle. I'll then do my best to either demonstrate that it is safe to use, or otherwise revise the code for as long as it takes for it to be safe to use, should someone point out problems in our javascript solutions. We can even have a security reminder when the user leaves iWiccle and enters the wild world of internet, something like below.
