[Steuard]

Using Firefox 12 with NoScript installed, your site is entirely unviewable. Even in its most permissive mode (which works for the vast majority of sites), NoScript does block cross-site scripts that it considers dangerous. On your site, I get this in my Error Console:

"[NoScript] Blocking cross-site Javascript served from http://flesler-plugins.googlecode.com/files/jquery.scrollTo-... with wrong type info application/empty, attachment; filename="jquery.scrollTo-1.4.2-min.js" and included by http://socketstudios.com/

I suspect that fixing the error mentioned there would make your site usable to more people (and more secure). But can I put in a plug for web design via progressive enhancement, rather than web design that just gives a blank grey page with a border and a few non-functional buttons if the scripts fail to load?

[SocketStudios]

Sorry, forgive my ignorance (I'm a designer not really a developer) but are you saying I should host all my JS myself?

As for the fall back to a working site should JS be disabled, or the scripts fail to load you're entirely right of course. There is a lot I could still do to the site, but it serves no real purpose and was largely just an experiment so isn't very high on my to-do list at the moment.

[eloisius]

Using a CDN is usually appropriate, but not hotlinking someone's site.

[rorrr]

That's not true. Linking to jQuery stuff on Google's CDN is widely accepted.

If you're using Noscript, don't act surprised when modern javascript websites break for you.

[sedev]

I'm using NoScript because JavaScript is

* a privilege, not a right

* a huge security vulnerability

* a huge privacy vulnerability

You gotta earn epsilon trust to get me to whitelist your site for JS. If your site is 100% broken with JS off? You haven't earned that trust; you've instead told me that you're sloppy. Double points if your site is something that could get its basic functions done with JS - I have seen blogs, sites whose job is present straight text, that completely break with JS off. What that tells me is that I should be deeply suspicious of the technical chops of the people responsible.

It's not like it's hard to earn epsilon trust! Slap in a < noscript > element that says "here's what our site does, please turn on JS" is usually enough. "Please turn on JS" by itself, though, is not.

You don't have to cater to people who have JS turned off - you just have to not give us the middle finger! When site designers let their sites break when JS is off, that tells me that they're not worth my time.

[rorrr]

Well, grandpa, it's the age of the rich javascript apps. Backbone and Ember, and all kinds of client-side templating engines are widely used.

Javascript is NOT a huge security vulnerability. There are occasional serious bugs that get patched nearly instantly by all major browsers (except maybe stupid IE).

Javascript IS a right, only 1-2% of users disable it, and I generally don't give a shit about them.

[Steuard]

First off, name calling doesn't encourage polite conversation.

Second, progressive enhancement isn't "grandpa" thinking, it's good design, and more important today than ever. (A cursory search turned up .net magazine declaring it the #1 web design trend for 2012.) Skipping it for an experimental prototype is probably fine, but it's essential for serious work.

Third, as I mentioned from the start, the site in question here fails even when browsing with almost all scripts enabled: something essential in its design gets caught even by NoScript's minimal anti-XSS protection. That suggests an actual security risk to me.

And finally, I won't get into an argument about security bugs, but you haven't commented on the privacy issue at all. In its default mode NoScript prevents the vast majority of tracking systems that I've seen, while having a minor and entirely manageable impact on day to day browsing once you've used it for a week or so. You may not like that tradeoff, but it would be nice if you'd give some minimal level of respect to those who do.

[Sivart13]

I tried to read your comment with my eyes closed, but was unable to understand it. Please assist.

[Steuard]

Cute.

When NoScript is in "Allow scripts globally" mode, the only things it blocks are particularly nasty vulnerabilities (its anti-XSS and anti-clickjacking features, mainly). As I said from the start, that mode presents no problem at all for the overwhelming majority of sites (script-heavy or not), so when it renders a site unusable that's probably a sign of a serious design or security problem. I've only seen that happen once or twice, so I figured it would be nice to point out the issue.

[lightyrs]

Using noscript in 2012 is like watching TV with your eyes closed. You reap what you sow.