[sedev]

I'm using NoScript because JavaScript is

* a privilege, not a right

* a huge security vulnerability

* a huge privacy vulnerability

You gotta earn epsilon trust to get me to whitelist your site for JS. If your site is 100% broken with JS off? You haven't earned that trust; you've instead told me that you're sloppy. Double points if your site is something that could get its basic functions done with JS - I have seen blogs, sites whose job is present straight text, that completely break with JS off. What that tells me is that I should be deeply suspicious of the technical chops of the people responsible.

It's not like it's hard to earn epsilon trust! Slap in a < noscript > element that says "here's what our site does, please turn on JS" is usually enough. "Please turn on JS" by itself, though, is not.

You don't have to cater to people who have JS turned off - you just have to not give us the middle finger! When site designers let their sites break when JS is off, that tells me that they're not worth my time.

[rorrr]

Well, grandpa, it's the age of the rich javascript apps. Backbone and Ember, and all kinds of client-side templating engines are widely used.

Javascript is NOT a huge security vulnerability. There are occasional serious bugs that get patched nearly instantly by all major browsers (except maybe stupid IE).

Javascript IS a right, only 1-2% of users disable it, and I generally don't give a shit about them.

[Steuard]

First off, name calling doesn't encourage polite conversation.

Second, progressive enhancement isn't "grandpa" thinking, it's good design, and more important today than ever. (A cursory search turned up .net magazine declaring it the #1 web design trend for 2012.) Skipping it for an experimental prototype is probably fine, but it's essential for serious work.

Third, as I mentioned from the start, the site in question here fails even when browsing with almost all scripts enabled: something essential in its design gets caught even by NoScript's minimal anti-XSS protection. That suggests an actual security risk to me.

And finally, I won't get into an argument about security bugs, but you haven't commented on the privacy issue at all. In its default mode NoScript prevents the vast majority of tracking systems that I've seen, while having a minor and entirely manageable impact on day to day browsing once you've used it for a week or so. You may not like that tradeoff, but it would be nice if you'd give some minimal level of respect to those who do.