Date: Wed, 4 Aug 2004 13:11:42 +0100 (BST)
From: Phil Hough
Subject: ScriptingWhile it's true that scripting is inherently a problem. Both from the security standpoint and the compatibility standpoint I think you're overreacting a little.
While it's pretty straight forward to craft a website that uses only server-side code (heck... I've written a good few), and that site then is inherently more secure (and compatible), at the end of the day it's the users that want more.
From my experience I tend to find that Javascript is essential to add "usability" polish. There are some things you just can't do with server-side scripts, that users want, or in my case demand.
Let's take an example of a form. The customer wants the form to be checked on submission and if the user hasn't filled a certain part out, for the submission to be cancelled.
To do this in Javascript you catch the onsubmit event, popup an alert and return false. a couple of lines of code, and the user is able to quickly modify and resubmit.
To do this sever side. The submission must be made. Any data that passes validation saved, the user then returned to the previous page, with their data in place. You can't do a popup at this point, so you must display the message prominently. And to do this you've added lots and lots of extra code. You've also slowed and made less obvious the whole process.
A brilliant example though is date selection. On the sites I've worked with we've got two date widgets. One a small pop-up window with a current month calendar, click the day and the form field gets filled in with that date. The other is a date field with today's date in, which has an arrow either side. Click to increase or decrease the date.
You simply can't do that anywhere near as well with ASP. At the very least you'd end up keep submitting the page every single click. Not good for the user experience at all.
So I'd suggest that while Javascript isn't essential, it certainly leads to a much nicer user experience, and possibly a less complicated set of code as a result.
ATB.
Phil
Date: Wed, 04 Aug 2004 06:35:08 -1000
From: Dan Seto
To: Phil Hough
Subject: Re: ScriptingWhile all of that is true, I think the situation you describe is not what I had. Dell was asking for information from me as opposed from me wanting something from them. Hence, if they want my input, they should make it easy and safe for me to do so.
As far as checking the form, I don't particularly care if the survey is complete or not. If I wanted to, I could leave it all blank and it wouldn't make any difference to me. In fact, if they did checking and bounced me back into the survey to answer all the questions I would probably just shutdown the browser and move on.
So, I think the user experience depends on who wants what from whom. Since Dell wanted me to tell them what their business should be, they had better make it easy and safe for me to do so or I won't come out and play. [g]
Date: Wed, 4 Aug 2004 18:16:38 +0100 (BST)
From: Phil Hough
Subject: Re: ScriptingSo what we're boiling down to is that the use of such tools is very much dependent on the task which is being carried out. Right tool for the job and all.
And to that, and your example, I don't disagree :)
ATB.
Phil
From: John P. Dominik Subject: Javascript, etc.
Date: Tue, 3 Aug 2004 13:28:24 -0500Well, color me a box in the "here here" column. I've disabled all of that stuff, or required it to ask. I routinely check cookies, and reject those that don't expire until next year - or thirty years from now. Like I'll still be using the same computer/browser that long.
ActiveX and other technologies are cool - the problem is, as with any tool, the more powerful you make it, the more responsible the user needs to be. And a very powerful tool with skript kiddiez around is a bad idea. For a time I managed to secure at least my own work machine by using IE only for internal work, and Netscape for external sites - but that didn't last long.
Oh well. My $0.02 - in Hawai'ian currency. ;-)
---
John Dominik
http://john.clandominik.com/current.html
Aloha!
