Javascript for the win: Modern day Web browsers are trying to improve by making speed improvements to their rendering engines, optimising memory usage and the latest trend — faster Javascript execution. Rich Internet Applications (RIA) have made it necessary that a browser be able to execute more and more complicated Javascript in lesser and lesser time. Leading the pack are Safari and Chrome (out of the mainstream browsers).

Javascript is the browser’s scripting language, and recent developments have made it a necessity in a web-page. One could say that improvements and increase in Javascript adoption started the Web 2.0 movement, which wouldn’t have been possible with static web-pages with only server-side dynamics. The new Web is fast, responsive and a delight to use, because there are many lines of code other than the presentational markup (HTML/CSS) working to make it so.

---

Flash to me: Flash has a shady history. Some say it was meant to replace Java from the start. Some say it was only supposed to be a way to embed smooth animations and vector art in older browsers which could not render them on the fly, or execute fancy Javascript for animations. Either way, Flash has become way too important today to be ignored. Of course, the use it is put to by some designers (to animate a button or a picture, for example) is annoying at best. But the real use of Flash shows us how important it actually is to the new Web.

That said, it is not used to and for its potential in majority of the cases. There have been multiple Flash related vulnerabilities in the past, and a scary one recently. The iPhone doesn’t support Flash, and Mobile Safari is the most used phone browser today. People use AdBlock and other extensions to strip a page of Flash because it is slow to load¹.

---

Script and Third Party Plug-in Blocking Extensions Must Die

My current and last few projects have required some heavy use of Javascript (my ups to jQuery) for animations, effects and data get/push. We’ve tried to stay away from Flash based trickery because more often than not, it is blocked. Plus, our needs haven’t been so high that we needed it. Even after all those considerations, the foremost question amongst the team has been “Will this work?”.

The use of NoScript extension makes developing web applications that much harder, because it makes us think of functionality in a hierarchy not by usability, but execution — critical/required/cosmetic. Any critical functionality should be kept away from Javascript, so that it doesn’t break no matter what the case. Required and Cosmetic functionality can be allowed to be disabled, but we show a little notice that the user’s experience would greatly improve if they turned Javascript back on.

Extensions like NoScript are taking the Web back to the stone age, and they’re scaring people into believing that the only use of modern technologies is malicious. One thing I’ve learnt in my years as a developer is that people are dumb. They will believe what you tell them, if you can show them even a doctored proof. They fear what they don’t understand, and the Web is full of things the common user doesn’t understand. Extensions like NoScript allow them to remain dumb, while making life harder for the developers, who have enough things to worry about apart from broken features because of paranoid users.

The result of extensions like NoScript dying is a net positive and it needs to happen fast. People need to be educated about a browser’s built in safety measures², choosing a filtered security model instead of an all or nothing approach.

Sooner or later, people need to know how security on the Web works. There is only so much vendors can do to make browsers safe, after which people’s intelligence needs to kick in. It’ll probably take a while for the transition to happen. Who knows, it might never happen, because like I said above - people are dumb. But the bottom line remains, extensions like NoScript need to die if the Web is to really evolve — evolving means more than new technology and methods. It’s a mindset.