Enough that you should always design your sites so that users who have it turned off can still access all the content.

p.s. it's called JavaScript. It's not the same language as Java. ;-)

If we are talkijng about the java language then the number of browsers that don't support it. The jvm is large. When you download a browser you always get the download with or without java capabilities. The jvm is huge and makes the download take a very long time. Most users don't want to wait and get the browser without.

as far as javascript, most users do have this running. Most users don't even know how to turn it off. Only advanced webmasters can do this. With that being said, it is good practice to code sites so people without javascript turned on can make it through your site.

it is good practice to code sites so people without javascript turned on can make it through your site.

At the very real risk of looking silly for asking this, I've often heard this mentioned as being important - but, if you have do have a site where a good chunk of functionality has been implemented by the use of javascript, how could you go about offering the same of level of functionality to users without javascript turned on?

This is sort of off topic, but I read somewhere that about 40% of users don't have the flash/shockwave plug-in installed. I've never really understood why some people make their whole sites in flash.

At the very real risk of looking silly for asking this, I've often heard this mentioned as being important - but, if you have do have a site where a good chunk of functionality has been implemented by the use of javascript, how could you go about offering the same of level of functionality to users without javascript turned on?

This is a great question and one I've thought about a great deal.

There is a difference, in my opinion, between regular "websites" and web-based applications. Regular websites (kids pictures, blogs, basic eCommerce, etc.) shouldn't have that much functionality embedded in JavaScript. It should be accessible to all browsers, including the old ones and the new ones.

However, if you have designed a full-featured application that just happens to be delivered over the web, you can dictate more of the client configuration, such as javascript, cookies, and other plug-ins.

Chances are, that for an application delivered over the internet, the users have bought in to using your software. If they have accepted the fact that they are going to use it, they might need to make some concessions.

Remember - regular desktop software makes lots of demands on the end user - platform, CPU speed, #of colors, RAM, etc.
The list of System Requirements is complex. If you don't have that system, you can't use that program.

The beauty and the promise of the internet is that everyone should be able to see everything, which is true to some extent. However, if you are delivering complex software NOT for general usage, you can be selective.

Hence, in my applications, for Netscape,I don't support anything less than Netscape 7. If you have NN6, and want to use my program, you have to upgrade, or don't use my program. My feelings aren't hurt.

I could go on and on about this topic, but I think my thinking is clear. (?!)

Edit: I've changed the title of this thread from "Java" to "Javascript", assuming that Javascript is what herb is asking about - and noticing that this is what most of us are talking about. Herb, let me know if you are really asking about the Java language developed by Sun Microsystems (rather than Javascript, first developed by Netscape). If so, I'll change it back.

I read somewhere that about 40% of users don't have the flash/shockwave plug-in installed

Yes, it is a bit off-topic but the basic principle is the same. However, 40% is much too high a number, unless your source was talking about the LATEST version of the plug-in. Flash in some form has been automatically bundled with the major browsers since version 3 and has well over a 90% market, all told.

it is good practice to code sites so people without javascript turned on can make it through your site.

I definitely agree. Often it takes nothing more than a well thought out <noscript> tag. One common use of javascript is opening a new window, and with the target="" attribute now being deprecated, this will be the only valid choice.

When I have a link that opens in a new window, I've first created the function -- let's call it popUp() -- and then I write the anchor tag so that user agents without JS will still get the material, but in the same window. It goes like this:

<a href="newpage.html" onClick="popUp('newpage.html');return false;">Link</a>

Also it's good to remember that you may have frequent visitors that don't parse javascript -- the search engine bots! If a user can't deal with your site unless they have javascript, then you just stymied Slurp and Googlebot and host of others.

There is a difference, in my opinion, between regular "websites" and web-based applications.

This is absolutely critical. You aren't going to do complex math with a bare-bones browser. But it's very unlikely that those UA's will even want to use your application in the first place.

JaveScript is what I was speaking of. Thanks for making the change...

herb,

Just to throw out a number to help answer your question, the stats for one site I've worked on indicate that 93.25% of all visitors have JavaScript enabled. This number includes surfers, search engine robots, e-mail address harvesters, etc. - all user-agents which requested the page.

Jim

Most users don't even know how to turn it off. Only advanced webmasters can do this.

Yes. Advanced webmasters. And paranoids. Paranoids with things to lose. Like money. You want their money, don't you? :)

Seriously, the people brave enough to buy things over Internet will also be very careful, and javascript permanently on is a security no-no.

Thanks Jim,

---This number includes surfers, search engine robots, e-mail address harvesters, etc. - all user-agents---

Guess the answer would be 99.9% then. That's what I was looking for.

Thanks tedster for the additional insights on a number of issues

The site I was roped into is a public service site. Doesn't sell a thing and most of the users are seniors. We have put a linked text menu at the bottom of the pages
herb

I only have my JavaScript turned off when I'm trying to bust someone who is using JS to trick Googlebot. Bwahahahaha. [Insert evil smily here]

I quit worrying about the (then) 8% or so that had js off well over 2 years ago. Most of my menus and site navigation were then rewritten using external scripts. I can't say whether it diminished my success, but it surely didn't cause a catastrophic failure (or even a modest dip).

There comes a point where you have to consider whether stopping to pick up every stray puppy or kitten, and this industry is full of them, is a productive concern.

I have seen alot of sites rely upon JavaScript and when it is turned off the site does not work properly.

A fair number of people turn off javascript, for example to prevent popups.

Then you have the problem of an implementation of javascript not working correctly on every visitors machine. Those javascript error messages give the visitor the idea that your website is not very well made.

The only place I use JavaScript is in the clients admin section, where only the site owner can go. That way I can dictate which browser, browser version, platform etc they are to use.

9 times out of ten I can accomplish with server side scripting what javascript can do. Yes, it requires another call to the server but at least I can be much more sure of consistant results.

I surf with Active Scripting (JavaScript) disabled - primarily to avoid pop-ups, pop-unders and other JavaScript / VBScript induced nastiness.

To do this, I have the "Internet Zone" set to disable Active Scripting.

Sites that I wish to allow JavaScript I add to "Trusted Sites", and make the Trusted Sites zone have the same security settings as "Internet Zone" - thus keeping the same protection but allowing Active Scripting.

(referring to IE6 on WinXP)

There comes a point where you have to consider whether stopping to pick up every stray puppy or kitten

Well said, rc. With today's tools you can often create a site improvement that better serves 90%-95% of your audience. By giving those visitors a better experience, you can increase conversions significantly and the 5%-10% you miss are more than compensated for by the increase you get. Your decision is whether you draw the line at 85%, 90%, 95%.

But if you don't draw the line somewhere... The amount of development and maintenance overhead involved with complex browser sniffing and DOM sniffing gets very bad. Any software developer stops support at some point, and so should websites.

In the past year or so, it's become sane to drop NN4 worries in most cases, and that includes the antiquated object model for js. There is, at long last, an evolving convergence on standards for basic functionality that is extremely helpful. Instead of needing fork after fork in a browser sniffer or DOM sniffer, things are simplifying.

My only concern is that Microsoft intends to create a new "fork" for IE support in the near future, now that their stand-alone browser is a goner. That is one very competitive company, and I really don't expect them to play nice, just because they had a public wrist slap. But I'd be extremely pleased to see that I'm wrong about this.

I normally get about 15k page views per day. I use JS includes on all pages. At the end of the week, I normally see about a dozen JS files that failed to load. You can draw your own conclusions.

"Seriously, the people brave enough to buy things over Internet will also be very careful, and javascript permanently on is a security no-no."

Pronouncements like this really bug me because they have a way of getting picked up and carried along by non-experts and lead to all kinds of misunderstandings and serve the general internet user very poorly.
Now what dire crime is going to be committed against me because I leave javascript on all the time?
Duckula - What on earth are you talking about?

What on earth are you talking about?

To put it easy, javascript is sometimes advertised as cause of security troubles as cross site scripting, etc. so the security conscious people will deactivate it.

But, of course, that people should not have too much to worry about if they were not making transactions over internet. Ergo, the people who buys through internet will have to care about security and will have a trend to turning off javascript.

Even if not all of them do it, I'd speculate the percentage should be enough to care about not losing these sales. Therefore, needing to care enough for them to make possible to use the site without js.

That's what I think, I don't have numbers to back me up.

<added>

they have a way of getting picked up and carried along by non-experts and lead to all kinds of misunderstandings and serve the general internet user very poorly

I agree on that. But, still, it's silly having a scripting engine turned on when it is not needed. And it is an unnecesary risk, even if it is not exploited as much as buffer overflows are. I think I've let out my programmer side and played it safe. Anyway, the only way to solve this particular case, from my point of view, is with precise numbers of how many *buyers* (not visitors) have js on. </added>

[edited by: Duckula at 3:41 am (utc) on Aug. 19, 2003]

I don't think JavaScript should get a bad name because Microsoft has a risky implementation of it. Good browsers like Mozilla and Opera won't let users JS read / write information from iframes on remote domains, won't allow window aliasing of remote domains, won't allow remote files to load local files, &c.

The security model is very complete in Mozilla especially. For example, a script has to ask for specific permissions (with a dialog box, always) to read or write preferences, read the history object, and other security hazardous tasks, and the permissions only apply to the script they were given to and then expire. There are many other examples like this that hilite the security of a good JS implementation.

Jordan

The security model is very complete in Mozilla especially

Yes, and more than that with Mozilla + prefbar it's possible to turn on JavaScript with a click just in the moment it's needed. Of course, it's a small percentage of the browser jungle anyway.

Also the ones who implemented ECMAScript first, and best. ;)

But IE security vulnerabilities come in all shapes and sizes...they have them in just about everything they touch, it seems...but don't worry...there is a hotfix on the way. ;0

But not JavaScript's fault itself. An armored car is only as secure as it's drivers. If they wantonly open the door, they can't blame the armored car when they get robbed...they opened the door.

Jordan

>But if you don't draw the line somewhere... The amount of development and maintenance overhead involved with complex browser sniffing and DOM sniffing gets very bad.

My line in the sand; every 18 months or so I order a new 'doorbuster' desktop from Dell, pull it out of the box, and plug it in. Code for that.

<added>
I'd worry more about 'resolution creep' than js.