[Mapserver-users] JavaScript vs MapScript for interface
development...
Thorsten Fischer
thfischer at mapmedia.de
Fri Jun 27 10:37:10 EDT 2003
On Fri, 2003-06-27 at 10:38, Palle Due Larsen wrote:
> It is my opinion that JavaScript is the solution that intrudes the least
> on the user's browsing experience. If I want to copy something from a
> WebPage with JavaScript onto the clipboard, I just do it. On a Flash
> page or in an Applet I don't have that opportunity. The same goes for
> searching on the page and viewing the source. Today we are in a
> situation where the major browsers are pretty standards-compliant. It is
> not very hard to make a JavaScript-driven site that runs both in IE5.5+
> and netscape 6.0+. See http://vestamt.carlbro.dk as an example (for the
> fortunate few who understand Danish).
Not having looked at that site yet, I want to add the following:
Before starting to develop an application that relies on JavaScript to
run, please search the archives of your local CERT and mailing lists
like Bugtraq and Full Disclosure for the keywords 'javascript' and/or
'active scripting'. Happy reading.
Bottom line is: there are _a lot_ of good reasons to have javascript
turned off entirely. Every week a new security hole appears in one
browser or another (IE for example has 19 unpatched security holes at
the moment, some of them known for several months), and some of them are
related to client-side scripting languages (mostly in combination with
the completely broken 'zones' concept).
Requiring the user to have javascript activated to use a web application
can have one of two effects. First, the user may think: 'they require me
to do things i do not want' and go elsewhere. Not exactly the effect
desired by the developers. The second possibility is that they think 'so
many apps require javascript, i better turn it on or I will be left
behind', thus destroying the small, slowly growing plant of security
awareness among computer users worldwide (growing plant? well i am not
known for the quality of my english metaphors).
If you, after careful consideration, really think that you _need_ things
like javascript, please make sure that you establish an alternative
version of your application, maybe with reduced functionality, that the
users can choose from. I, like many others, am terribly sick of
applications that were made by obviously unknowing web designers who
think of javascript as an everyday programming and design tool like html
is. It isn't. It has proven to be plainly dangerous again and again and
again. Please let the user choose.
In addition, John Hockaday already pointed out that most accessibility
guidelines discourage the use of javascript (same goes for html frames,
shockwave flash and so on).
Of course I do understand that our business - creating maps, browsing
them and querying them for the data that they are built from - is a
highly visual one. One could argue - even without being cynical - that a
blind person cannot make too much use of an online map anyway.
The key is to let the user choose.
hth,
thorsten
More information about the mapserver-users
mailing list