Back to Top

Tuesday, December 19, 2006

What you don't need javascript for - part 2

Read part 1 of my rant

There is a saying in Hungarian: Don't look at the teeth of a horse you received as a gift. It refers to the fact that you shouldn't criticize something if you get it for free. However from time to time I feel the need to raise my voice about things which could be better done. Example:

Via Global Nerdy I found a site called JS-Kit which allows you to add dynamic functionality to your own site. After doing a little googling, I found out that supposedly it was created by a Cisco Security Engineer. My comments are: is this the Cisco trust us, we know what's best for you mentality or is this guy just inexperienced in the area of web security? Does he really think that I will include a script from his site that will run in the context of my page? And because the script is on his server, he can change it any time or even do sneaky things like only serve up the modified version when a referrer from my site is detected! An example of somebody getting it (partially) right is Widgetboy. You have to trust their javascript code, but after that they host every widget in an iframe, so that it can't interact with your site.

My other problem is: why do you need javascript to submit a comment? Bulletin boards existed for ages without javascript! What about disabled users who use screen readers?

Here is the way it should be implemented IMHO:

  • The user should insert a single line of HTML in the page: <a href="[page url]>Comment on this<a>, the page url being optional (although recommended, see below)
  • When the user clicks on this link, s/he is redirected to the js-kit website, where a script takes the referrer url (which is activated in 99.9% of the browsers) to find out the page the comment should be placed on. If no referred url is available, it can fall back to the url passed as parameter. If none of these two is available, it gives an error message and terminates.
  • Now it redirects to a page which is divided in two frames: one which displays the original site and one which display the comments. The comments page should contain a prominent close link which redirects the top frame back to the original page, eliminating the comment frame.
  • The comment area can be used to place comments. There is no need to use javascript, plain old forms can do it, however you can use the principle of progressive enhancement to add visual effects with something like, however the form should be usable without javascript.

The advantages would be:

  • Gives almost the same experience
  • There is no need to trust any third party javascript (no offense)
  • It works on a wide variety of browsers (event lynx knows frames)
  • It should work on speech browsers


  1. I used Js Kit's widget because I am not advanced enough to get anything else that does the same thing it does to work yet.I think it's a damn good option for people on the level I am.I wanted comments on my pages that show up right on the page-without having to log in somewhere else to read them or admin them or for the comments to be on a totally different site.And I wanted it to be as easy for my visitors to make a comment as it is for me to make a comment.
    So of course I worry about how the creator will abuse his authority.But until I find another thing that is as good as JS KIT and more secure or am shown concrete proof that my sites can be destroyed by JS KIT malevolence...I guess I'll sit tight.

  2. Anonymous8:33 PM

    The english way of saying it is, "Don't look a gift horse in the mouth". Same meaning, different words!

  3. Re. mccormicky's post.

    Well said, mccormicky. Whilst I fully understand the concerns expressed here regarding javascript, as you rightly say, it's the easy option for most of us. I too use the js-kit comment form on my blogspot. It looks (now that I've customised it with some CSS) and operates brilliantly.

    Having said that, if cdman could explain futher how to use js-kit without javascript, then I'd be willing to give it a go, but I'd want it to operate and look exactly how it does now.