I really really wish that I could convince Web Developers that not every website needs to be a web app.
I keep bringing up that I don't want JS to execute random code, even if it's sandboxed, it's mostly unnecessary, and I always get the same sort of replies.
Everyone calls me out of touch, I'm downvoted to oblivion, everyone suggests that I'm a unique case and everyone wants JS, they say that they don't want fragmentation and want life to be easier for them.
I get it, their pay check literally depends on them using JS, it adds a lot of flexibility.
I'm going to make the additional, controversial, guess that most web-developers don't really know what they're doing either; I would surmise that they lean on frameworks and if those frameworks are ever under threat (from people like me requesting progressive enhancement) then they need to defend the frameworks to defend themselves.
Of all things that can be complained about, JS sandboxing is actually really hardened. I think the issue is the cross site wild west we have today. Cookies, requests etc go all over the place, when it should be isolated to same origin unless specific interactions are needed (and then they should probably be user facing and blockable).
I think the real answer to why this hasn't been toothfully patched yet is ads and the billions of dollars behind it. Not JS developers.
I was talking on a podcast yesterday about a wiki project I’ve been involved in and one of the things that was eye opening for the audience was just how insane those requests can be. We literally pulled up a page that showed a single wiki page making >500 ad server requests.
CDNs were a huge mistake, they are the slow point of many websites and people don't even second guess importing fonts, images and libraries from half a dozen different providers. The pros are grossly overstated and the cons are many.
> Of all things that can be complained about, JS sandboxing is actually really hardened.
It's still very useful for people who want to run arbitrary code on your CPU. Both AMD and Intel have severe flaws, called "speculative execution CPU bugs", that can be exploited to extract credentials, encryption keys, session keys etc. from your computer - even information living in other applications or [hardware layer] VM's.
Sales and management aren't going anywhere though, so we can expect web apps to continue to be user-hostile and better off avoided by anyone who doesn't want their privacy and security compromised.
I agree with you. As a user, I want web developers to have as little freedom as possible. The freedom they enjoy today implies the potential for abuse and boy do they abuse it. Tracking and fingerprinting everywhere, anti-patterns everywhere, sites that are painful to use because they use javascript for everything and even the back button doesn't works properly, sites that don't even render at all without javascript enabled.
This actually pushed me to scrape some websites. I essentially reverse engineered the site and created my own custom client for them just to ensure only my code ever runs. I don't have time or energy to do this for every site though...
To be fair, users expect websites to do a lot now. That is because brands pushed so much for interactivity. I do agree with you, but if we take away JS we would still want to enhance the web with interactivity.
I do recall building completely JS free eCommerce applications and in all honesty they were lightening fast compared to todays SPAs and still just as complex as applications. But we can do much better for user experience of complex applications with a sprinkle of interactivity.
If web developers had freedom, there would be minimal amount of tracking, fingerprinting or anti-patterns. If you want to assign blame, you have to look higher in the food chain
I was thinking that you could embed the 3rd party code in your wasm file, but also you can do it in js, so I‘m also curious what was thinking GP, because everything goes through the browser then you would just block the request to certain domains as we do now.
> Everyone calls me out of touch, I'm downvoted to oblivion, everyone suggests that I'm a unique case and everyone wants JS, they say that they don't want fragmentation and want life to be easier for them.
If they sat down with real users, then they'd know that most people get very frustrated when web apps make their phones slow, which happens relatively often.
If they cared, they'd also be frustrated, because they have the background knowledge to understand just how unnecessary such poor user experiences are most of the time. I've seen simple mailing address forms slow phones down. That doesn't need to happen.
> I really really wish that I could convince Web Developers that not every website needs to be a web app.
I'd say it's more that not every website needs to be written in JavaScript from the bottom up. There are web apps that I use that are tasteful and reserved with their uses of JavaScript, if they even use it at all.
You don't need to make web apps using using dynamic code for every little thing, like even building static HTML elements with JavaScript.
And not everything needs to be a SPA, nor does everything need to be built using nine layers of frameworks and abstractions.
Blaming web developers for this is so out of touch.. since when are the developers in charge of product? It's like blaming a construction worker for the poor architecture of a building. Come on..
> I keep bringing up that I don't want JS to execute random code, even if it's sandboxed, it's mostly unnecessary, and I always get the same sort of replies.
I mean having done front-end and back-end. I gotta say, the way a SPA framework lets you re-use front-end code is probably why such frameworks are selling like hot cakes. I legit feel like someone needs to spec out a back-end layout that is generic and implementable in any language, but supports some of the concepts like containers and such.
What options will you suggest for web developers instead? How can you develop a convenient user experience without js? Even the most simple things require it, and will likely use a third party framework.
As someone who blocks JS by default, don't depend on remotely hosted JS. If I go to example.com and I think it seems truthworthy I might allow scripts to run from that domain and that domain only. If the site doesn't work after that, I'll just close the tab and move on. The simple stuff doesn't need bloated frameworks.
Don't obfuscate your JS either if you can help it. If I'm not sure if I should be trusting your site I'll be looking over your JS to see what's doing, but I'm not spending more time than it takes to glance over it either.
a convenient user experience to me, is one that fails gracefully without JS. Displaying text/images shouldn't need JS at all. I'll accept that it won't be as fancy without it, and I won't hold it against you for having JS as a fancy default, but a site should still be mostly functional without JS. Content at least should remain accessible.
Displaying pictures is one thing. But how are you going to create a dashboard that updates every short interval without JavaScript?
Let's say a website serves React from its own domain, so no 3rd party references are used (which in this case it'll be very easy for them to serve you a modified version of the framework), they'd rightfully want to save bandwidth and minimize it! Which means obfuscation as a byproduct.
I understand where you're coming from and I do a fair share of blocking myself, but I also see why things are the way they are if you want to develop an online product.
For somethings you really can't help but depend on javascript. I don't really mind it if it's something ambitious enough, it's the display of basic content breaking that bugs me most.
A dashboard may still work if you can just display the current data and add a note that because JS is disabled the page must be refreshed manually to pull updated values. You don't even have to throw in a refresh button since the browser's already got one. If I go to a website without JS enabled I expect things to take a bit more work on my part.
Minified JS is a problem I run into a lot. Most of the time though, I err on the side of caution and just move on. There's so many interesting things worthy of my attention that if the site full of inscrutable javascript is just a random article/blog post or something shared as a general "hey look at this cool/fun/impressive site" it can easily be abandoned for something less troublesome.
For sites I actually do need to access for some reason I can take the time to analyze it properly, but most of the time those kinds of sites are already familiar/trustworthy, and I've got other options too like firing up a less restricted browser in a VM.
I certainly don't expect developers to give up using JavaScript for the sake of the few users like me, but the better a site does at keeping content accessible without it the less likely I am to just move on to the next tab.
I was converted once I discovered that amazon.com still works with javascript disabled. You just do things the old fashioned way, form submissions that change the session state on the server and generate the html for the next page. I use "redmine" for project development / issue tracking and that works without javascript too.
The different form input elements do a lot of work for you, and are very platform-agnostic, unlike javascript, which will fail silently as soon as someone is on an out-of-date android/ios version.
We had lots of convenient user interfaces on the web without JS.
"The most simple things" absolutely do not require it. Simple things can be done in pure HTML. That's what the web has always fundamentally been about.
You should TRY building a site without JS. Just try it! You'll be amazed.
The “simple things” like displaying a document don’t need JS. Why does every knowledge base system is JS when they are literally just showing a document? Or discussion forums when you’re JS reading them?
I could have said chat clients, games, maps or other things that absolutely require JavaScript. I said upvote on HN to illustrate that even the most basic site still needs some JS to create a sane experience. Having the page reload every time you upvote a comment is not a good alternative.
It's been working for me for years just fine without JS. As for chat clients and games, those things absolutely do not belong in the slow pile of abstractions that is a web browser. They should be native applications and they are on my computers.
But you're right about maps. They're extremely well suited to being viewed in a browser with javascript.
What of the most simple of things require JavaScript or a third-party framework?
Modern CSS can handle a lot on the visual side, and modern HTML allows you to do form validation, dynamic lazy-loading and resizing of images, dialogs, collapsible elements, etc without JavaScript.
I keep bringing up that I don't want JS to execute random code, even if it's sandboxed, it's mostly unnecessary, and I always get the same sort of replies.
Everyone calls me out of touch, I'm downvoted to oblivion, everyone suggests that I'm a unique case and everyone wants JS, they say that they don't want fragmentation and want life to be easier for them.
I get it, their pay check literally depends on them using JS, it adds a lot of flexibility.
I'm going to make the additional, controversial, guess that most web-developers don't really know what they're doing either; I would surmise that they lean on frameworks and if those frameworks are ever under threat (from people like me requesting progressive enhancement) then they need to defend the frameworks to defend themselves.