[mike-cardwell]

I use NoScript mainly due to the prevalence of XSS attacks. If a website doesn't require me to enable javascript, even a trusted website, I wont. All it does is open you up to XSS attacks. Lets not forget that google, facebook, twitter, paypal, hotmail, yahoo and countless other big name websites have all fallen prey to these flaws, and will continue to fall prey to them.

[olalonde]

I'm willing to open up to a very unlikely XSS attack in exchange of a better user experience.

Do you know many people who say: "I won't run C applications because they are vulnerable to buffer overflows."

[acqq]

I'm one of those who browse without JavaScript and Flash and for me that IS a better experience. Try it once and see how much better signal to noise ratio is. I also like the additional benefit of having much less chance to be attacked through the browser.

And I also use Opera, exactly because I can enable using the built in browser settings both JS and Flash only for a few sites where I need it (like youtube).

I have just checked again: I don't have JS turned on for HN. It just works.

[BCM43]

Really? It does not work with noscript. I get a blank page when I attempt to vote.

[acqq]

You're right. The vote is counted, so I consider that as "works." The result is certainly ugly, but I'd name that a "minor display issue" as I can hit "back."

Of course it would be nice if that "back" step wouldn't be needed.

[mike-cardwell]

Yes, that is very annoying. It should just send you back to the page you were already on and to the position on the page where the comment you clicked is.

You could probably also do some clever trick with checkboxes, the css3 :checked pseudo class, and background images to make it work without javascript and without page refreshes. Browser support isn't going to be great atm though.

[acqq]

I would expect that it can be reasonably easy fix (a few lines on the right places) to simply deliver some sane content as the result of the vote HTML query.

Shouldn't the referrer tag from the query be enough?

[Natsu]

> Do you know many people who say: "I won't run C applications because they are vulnerable to buffer overflows."

Unless your C program takes in input from advertisers and posts from people on the internet, I don't think that's a valid comparison.

Also, you say "very unlikely" but these attacks happen all the time. Most of them don't make the news, but they're pretty much an every day affair.

[mike-cardwell]

You've made the mistake of thinking that turning on javascript gives you a better user experience. On most websites, it degrades the experience. On those where I see no worthwhile improvement, I don't enable it. It's a judgement call.

Very few websites give you a substantial improvement in user experience by enabling javascript.