Only supporting users who have Javascript enabled.

Question

I am considering creating a website that only supports users with JavaScript enabled.

My justification for this is that I want to offer a rich user experience, in a fairly limited time budget, so if I only support people who have JS enabled, I don't have to spend time making sure the UI works without JS and create server side equivalents for validation etc.

1. Is this possible? Do different browsers\platforms prevent me from achieving this?
2. What percentage of users have JS disabled these days?
3. How would I go about checking if JS is enabled in C#.

Answer 1

Thats possible of course and if the client (if you have one) agrees it's okay. But you still have to do validation on the server side.. else some script kid (even if it will be used in a corp.) will break your script and maybe even do stuff you didn't want to happen.

http://www.w3schools.com/browsers/browsers_stats.asp

You would check with JS to check if JS is enabled ;)

Answer 2

These days, the only people who don't use JS are usually:

• Visually impaired, and use screen readers (all effect of JS is usually lost)
• Security-conscious (or paranoid?) and browse with NoScript turned off
• Mobile users with limited browsers

In ASP.NET, or any HTML site, use:

<script type="text/javascript">
    window.location="/hasJs.aspx";
</script>

Which will redirect them to a page for JavaScript users, which may set a cookie or something you can check for in your master page. Like so (or similar):

(in hasJs.aspx):

protected void Page_Load(object sender, object e) {
    Response.Cookies.Add(new HttpCookie("hasJs", "yes"));
    Response.Redirect("/Default.aspx");
}

(Site.master) :

<% if ( ! Request.Cookies.Contains("hasJs") ) { %>
    <script type="text/javascript">
         window.location="/hasJs.aspx";
    </script>
    This site requires JavaScript.
<% } %>

Answer 3

Your justification is fine. However, you must implement validation on the server side of things as otherwise abusing your code will be very easy by just disabling JavaScript.

No, making it "impossible" to submit any data without JavaScript will not solve it.

From personal experience I think most internet users hava JS enabled nowadays. The portion of users who may have problems with JS-heavy site is mobile-based users, so unless you need to reach them, it probably should not be a big issue.

The easiest way to determine JS with just a single redirect would be to set a cookie with JavaScript code (document.cookie) and then use the aforementioned window.location to redirect. After that the server should be able to read the cookie set by JS, assuming it's enabled.

Also, while it's quite difficult to share validation rules and other logic automatically on both server and the client using tech like C#, I would suggest checking out Aptana Jaxer. Jaxer is a JavaScript based server-side framework which, amongst other things, will allow you to share the very same JavaScript code on both client and server. Very nice if you want to validate on the client, but don't want to write your validation rules twice!

Answer 4

See:

• How many people disable Javascript? (around 1%);
• How to detect if JavaScript is disabled?; and
• Detect when JavaScript is disabled in ASP.NET.

As for validation you should always do serverside validation and never rely on clientside validation. You're just asking to be hacked otherwise.

If you are doing a rich user experience and/or you don't have the time to do two (or more) versions of your Website to cater for such a small percentage, I think we've reached the time where that's usually acceptable.

It does however depend on the circumstances. Certain sites may target uses that disproportionately disable Javascript and so on.

Answer 5

Please don't take this as a criticism of your plans. The choice to require Javascript is certainly yours to make -- though as others have mentioned you may need to be concerned about accessibility issues. You might find it easier, however, to develop a web site that is non-Javascript friendly using ASP.NET MVC rather than WebForms.

The new AjaxHelper extensions make it almost trivial to include code that relies on AJAX for most people, but work in the absence of Javascript in the client. Obviously the experience is degraded for people who don't have it -- more so, if you use jQuery plugins for tabs/menus, popups, etc -- but it is still usable. The framework provides a pretty easy mechanism on the server side to determine whether the request is an AJAX request or not so you can respond appropriately by rendering a new View or sending back JSON/HTML/XML as appropriate.

I know that I've found it much easier to write accessible web sites using MVC than I did with WebForms.

Answer 6

You're missing a couple browser scenarios:

• A lot more people are using NoScript and similar systems, where javascript is initially disabled. This may not really be a problem for you, because most of those people will just turn it on when they need it.
• Googlebot doesn't know javascript. You need to make sure the content good enough without javascript for Google to index it properly.

Answer 7

It is not, never has been the people without javascript that take a lot of time and bother.

It is the different versions of javascript...