Recently, an ebook along the title of “No More Noscript” got thrown into the lion’s den of marketing. While the material of the book isn’t quite what you’d expect based on the title, the result has been a somewhat underground, yet very vocal debate. Whether or not a plugin that blocks all scripting, by default, is a good tool.
(Skip to Webmaster Tips) | (Skip to User Tips)
Inherently, scripts are neither evil or good. Many people use them to provide better functions on websites, whether for fun or functionality. The problem is that 1. not everyone who implements scripting has equal knowledge about making scripts play nice and 2. some people who use scripts knowingly do harmful things with those scripts. Even with a vast majority of developers having good intentions, one much approach scripting with the same sense as approaching a dog.
As many dogs are sweet and loving animals, all it takes is one vicious dog to unravel trust and sometimes all you get is one vicious attack to give you a long stay at the hospital (or worse). While computers are replaceable, taking one to get cleaned of malware or just to make it work again can be very expensive. The “cost” of securing your computer in the first place (approaching a dog with care and proper sense) is worth not having to pay for repairs (a bloody hand or worse) over a small bit of being in the wrong place.
In comes NoScript. This is a Firefox addon that by default assumes all scripts are untrusted. That is, they may not be bad, but you have not given permission for them to run. By default, this also makes for a very bland and sometimes, non-functioning web experience. While I feel strongly that it is my job as a webmaster to offer accessibility options, some things just cannot be done with plain HTML coding. This is where the arguing starts.
The contention is that Noscript is an unhealthy response to a marginal chance, which costs people quality web experiences and businesses a chunk of money. For instance, encrypted Paypal buttons use scripting, which means a customer may miss out on a special deal if Paypal has not yet been “white listed” in Firefox. Likewise, many “web 2.0″ applications depend heavily on scripting to provide the defining community elements.
So what’s the middle ground? We can start by considering this – people will have their opinions about NoScript, as well as Firefox, but this has little to do with a plugin and more to do with a global decision a person makes. When a person goes about placing limitations on scripting, whether through a plugin or manual settings, they are doing so out of legitimate concerns. The proper response is for a business to give due consideration to the needs of their target market and realize that they must choose between “paying” for accessibility coding or via lost sales.
Here are some basic ideas to still work around the issues of scripting.
Webmaster Tips (skip to user tips)
1. Check for whether a visitor has scripts enabled and let people that don’t know they’re missing something.
“This site uses scripting to improve user experience. Please enable scripting or whitelist our website: www.somebusinesswebsite.tld”
2. If you use a third party script to achieve something, switch out it’s spot for a link when a visitor has scripts disabled.
“To continue with payment, please enable scripting for somepaymentprocessor.com and click the link below.
[Proceed to payment page]”
3. Use proper sense when setting up scripts on your web site. While there are indeed functions best done or only capable of being done via scripting, it should not replace something that can be done just as well (or nicely) without scripting. Along the same lines, even scripts for entertainment should be presented to bring value to pages, not purely for the sake of placing scripting on a page.
4. Be aware of the technology. You don’t have to read a book on scripting to use it, but do take the time to at least get acquainted with what you’re running. If this is not reasonable, then hire someone to make sure your scripts behave. User loyalty has to be earned before you can get forgiveness on a script “gone wild”.
5. Cross test. Just because your preferred browser is “x” doesn’t mean people won’t visit your site on browser “y” (let’s skip the whole “unless you block their user agents”). Calling your visitors stupid for using a particular browser is as good as blocking them out for using a NoScript style plugin. It loses sales and achieves nothing.
I rather like BrowserShots.org for cross testing.
User Tips(skip to webmaster tips)
1. Learn the basic functions of your browser and the plugins you load. If documentation is truly lacking for a user-side tool, then it is probably going to give you problems anyway. The few minutes devoted to familiarizing yourself will save you from the most likely pitfalls in any given program, in turn saving your time.
2. Communicate respectably with webmasters. Many are very happy to respond to issues if you kindly let them know something isn’t working right. Even if a mistake is on your end, a little honey goes a long way.
3. Recognize that of the billions of websites out there, the vast majority are ran by people either incapable or unlikely to set up malicious scripts. Once you surfed a few pages on a given site, you should have a good idea of whether it’s safe to allow scripts or not. Of the hundreds of pages I see every day, I only revoke permission maybe five times per month and usually because I don’t expect to visit a site often enough to warrant an extra whitelist entry. If you’re unsure whether to enable scripts, but a site looks fine otherwise, you can have it scanned for free at the XPL SiteScanner website.
I can’t speak for all script management solutions, but the Firefox NoScript lets users set it to allow all sites while maintaining protection against certain other issues. (visit the NoScript homepage for details).
Overall, the issue of scripting [versus noscript] comes down to one thing: awareness. Invest time into learning your tools so that you can reap the benefits without tripping over the shortcomings. Whether it be with designing an accessible webpage or being able to buy that product you’ve been desiring for the last month.
