Mail Call

Date: Wed, 4 Aug 2004 13:11:42 +0100 (BST)
From: Phil Hough
Subject: Scripting

While it’s true that scripting is inherently a problem.
Both from the security standpoint and the compatibility
standpoint I think you’re overreacting a little.

While it’s pretty straight forward to craft a website that
uses only server-side code (heck… I’ve written a good few),
and that site then is inherently more secure (and
compatible), at the end of the day it’s the users that want

From my experience I tend to find that Javascript is
essential to add “usability” polish. There are some things
you just can’t do with server-side scripts, that users want,
or in my case demand.

Let’s take an example of a form. The customer wants the
form to be checked on submission and if the user hasn’t
filled a certain part out, for the submission to be

To do this in Javascript you catch the onsubmit event,
popup an alert and return false. a couple of lines of code,
and the user is able to quickly modify and resubmit.

To do this sever side. The submission must be made. Any
data that passes validation saved, the user then returned to
the previous page, with their data in place. You can’t do a
popup at this point, so you must display the message
prominently. And to do this you’ve added lots and lots of
extra code. You’ve also slowed and made less obvious the
whole process.

A brilliant example though is date selection. On the sites
I’ve worked with we’ve got two date widgets. One a small
pop-up window with a current month calendar, click the day
and the form field gets filled in with that date. The other
is a date field with today’s date in, which has an arrow
either side. Click to increase or decrease the date.

You simply can’t do that anywhere near as well with ASP.
At the very least you’d end up keep submitting the page every
single click. Not good for the user experience at all.

So I’d suggest that while Javascript isn’t essential, it
certainly leads to a much nicer user experience, and possibly
a less complicated set of code as a result.



Date: Wed, 04 Aug 2004 06:35:08 -1000
From: Dan Seto
To: Phil Hough
Subject: Re: Scripting

While all of that is true, I think the situation
you describe is not what I had. Dell was asking for
information from me as opposed from me wanting something from
them. Hence, if they want my input, they should make it easy
and safe for me to do so.

As far as checking the form, I don’t particularly
care if the survey is complete or not. If I wanted to, I
could leave it all blank and it wouldn’t make any difference
to me. In fact, if they did checking and bounced me back into
the survey to answer all the questions I would probably just
shutdown the browser and move on.

So, I think the user experience depends on who
wants what from whom. Since Dell wanted me to tell them what
their business should be, they had better make it easy and
safe for me to do so or I won’t come out and play.

Date: Wed, 4 Aug 2004 18:16:38 +0100 (BST)
From: Phil Hough
Subject: Re: Scripting

So what we’re boiling down to is that the use of such
tools is very much dependent on the task which is being
carried out. Right tool for the job and all.

And to that, and your example, I don’t disagree 🙂



From: John P. Dominik Subject: Javascript, etc.
Date: Tue, 3 Aug 2004 13:28:24 -0500

Well, color me a box in the “here here” column. I’ve
disabled all of that stuff, or required it to ask. I
routinely check cookies, and reject those that don’t expire
until next year – or thirty years from now. Like I’ll still
be using the same computer/browser that long.

ActiveX and other technologies are cool – the problem is,
as with any tool, the more powerful you make it, the more
responsible the user needs to be. And a very powerful tool
with skript kiddiez around is a bad idea. For a time I
managed to secure at least my own work machine by using IE
only for internal work, and Netscape for external sites – but
that didn’t last long.

Oh well. My $0.02 – in Hawai’ian currency. 😉

John Dominik



Comments are closed.