|
|
|
|
|
|
by rorrr
5157 days ago
|
|
|
Well, grandpa, it's the age of the rich javascript apps. Backbone and Ember, and all kinds of client-side templating engines are widely used. Javascript is NOT a huge security vulnerability. There are occasional serious bugs that get patched nearly instantly by all major browsers (except maybe stupid IE). Javascript IS a right, only 1-2% of users disable it, and I generally don't give a shit about them. |
|
|
Second, progressive enhancement isn't "grandpa" thinking, it's good design, and more important today than ever. (A cursory search turned up .net magazine declaring it the #1 web design trend for 2012.) Skipping it for an experimental prototype is probably fine, but it's essential for serious work.
Third, as I mentioned from the start, the site in question here fails even when browsing with almost all scripts enabled: something essential in its design gets caught even by NoScript's minimal anti-XSS protection. That suggests an actual security risk to me.
And finally, I won't get into an argument about security bugs, but you haven't commented on the privacy issue at all. In its default mode NoScript prevents the vast majority of tracking systems that I've seen, while having a minor and entirely manageable impact on day to day browsing once you've used it for a week or so. You may not like that tradeoff, but it would be nice if you'd give some minimal level of respect to those who do.