[SecurityMatters]

The author demonstrated why Firefox, et al, made the correct choice on his example page. I visited his page using Firefox and the video would not play. My guess is that you need javascript turned on to play the videos on his site. I almost never enable javascript, and certainly would not do so just to watch a little video. It sounds like Firefox and others are trying to make the web pages more universally work.

[fhars]

Actually, your comment clearly illustrates why the choice Firefox et al. made is completely wrong. The only reason the video doesn't show in your browser is that he had been forced to use javascript hackery instead of a plain video elements to override this braindead default behavior. If they had made the correct choice, it would have worked for you, too.

[SecurityMatters]

I demonstrate no such thing. It may be true that a better example of an embedded video element would show why it is a bad idea. I am open to trying other examples of properly coded video elements. My point was that the author did not demonstrate his point and it could be that Firefox et al made the choice for a good reason he did not understand. I still suspect that, but there is not good evidence here either way.

[IgorPartola]

I am sorry but that is insane. Today's web relies heavily on JavaScript. I recommend you get yourself a clean browser (maybe on a virtual machine), if you are paranoid about security (SecurityMatters huh?), and try using Google Maps, Google Calendar, et al.

[aw3c2]

"Today's web" works just fine without Javascript if you browse around. One can easily enabled it per-site in good browsers for the sites where you actually need it.

It has the nice benefit that a lot of distracting annoyances (just to mention snap.com, most advertising, those pesky "2000 social web icons popup" footers) simply disappear.

If you want '"today's web"' with all its glittery blingbling and distractions, then go ahead. But don't fall for the illusion that you would miss anything by browsing with Javascript off by default.

[youngian]

Turning off Javascript is not insane. JS opens you up to a wide range of possible security problems. Also, you can think of it ideologically - websites should still work with JS turned off. Building an accessible, semantic, well-formed website means building a website that works without Javascript.

The only exceptions are Google Maps or anything equally as rich. And I do mean equally as rich.

[IgorPartola]

Sure. Check out http://www.bu.edu/maps. I agree that any "content" site should work, but as I use more and more web applications, I tend to rely on niceties of JavaScript more and more. Yes, it is a security concern, but keeping your browser up to date is not that hard. For the rest: AdBlock Plus solves my problems.

[rimantas]

You know, times has changed recently. Now we have not only web sites, but the web apps too. And there different rules apply.

[bphogan]

There are a lot of web application developers out there don't have a clue how to build accessible web applications. JS is not required to log in to sites, nor is it required to send data back to the server. But devs do it because they see other sites do it, and rather than learn how to do it the right way, they just do it the way they see how. Blind and low-vision users disable JS too, because it prevents popups from taking focus, and prevents mouseover events that can also mess with people who have motor impairments.

Javascript is a great way to enhance the user experience, but you are being irresponsible if you develop sites that only work with JS enabled. It's seriously not that hard. Make it work first, then detect xhr on the server to add the nice partial updates, etc. And don't tell me it costs more money to do that. If it does, you designed it wrong or chose tools that are inherently inaccessible. In both cases the blame falls on you.

Full disclosure; I am a low-vision web application developer, born with congenital cataracts, along with my father and my daughter. Developers who use the excuse of "you have to have JS on for my stuff to work" make me incredibly angry, so I tried to keep this as civil as possible.

[youngian]

Yes, and the vast majority of web apps boil down to forms with some flashy bits added. I'm not saying the flashy bits aren't nice, but you should build your forms in such a way that they still work without Javascript.

Like I said, Google Maps is my yardstick - anything less complicated than that should be built to work without Javascript. It might work slightly different and be a little less pretty, but there's no reason it can't work.

[prodigal_erik]

Google Maps is of course less interactive and shiny but still works fine without js. I'm dismayed that we don't routinely expect all web developers to be similarly talented and thorough.

http://maps.google.com/maps?f=q&source=s_q&output=ht...

[IgorPartola]

Interestingly, a while ago I had an application where JavaScript was added later on in the game. The result was that we could split into two apps: a rich fast glitzy one and a basic one suitable for mobile devices.

[bphogan]

Thank you so much for pointing this out. I agree completely with this. It's hard enough being a low vision user without having other developers falsely assert that you must have JS turned on to use "the new internet".

[youngian]

Wow, color me corrected. What an impressive example to set.

[SecurityMatters]

A clean browser would not address the problem. I think it is insane to browse with javascript, once you understand how it works. You are essentially letting random people run their code on your machine. How could that possibly be a good idea? I realize I miss out on a few fancy sites, but there is so much available, I just move along to the next story.

I've never used Google Calendar. I went over the code in Google Maps before I decided it was reasonably safe. That takes some time, and I have to do it every once in a while, since Google changes it. Most sites are not worth that trouble.

I don't say you are insane for blithely running javascript. You just obviously don't care much about security. That is your decision.