[Owasp-leaders] Sites that won't work without Javascript

Antonio Fontes antonio.fontes at owasp.org
Thu Dec 20 15:20:31 UTC 2012


Hi Vicente,

Agreed, websites should offer a reduced mode that maintains access to
the content even without JS running.

However, on the question about OWASP encouraging the community to build
websites that work without JS, I am not sure I can identify the exact
link with OWASP. This appears to be more motivated by typical
usability/accessibility good practice than by security concerns. A
website that requires JS to run is not inherently more insecure (either
for the company or the client) than one, which does not. We could argue
that the attack surface gets increased but...that would basically mean
encouraging website designers to build plain text websites.

When organisations keep forcing their users/customers into enabling JS
in their browser, well then, basically they lose customers/users.
Including me, and all those around me that I was able to convince with
an alternative :)

Antonio



--
OWASP Switzerland, board member
OWASP Geneva, chapter leader
  skype: antonio.fontes

On 12/20/2012 12:25 PM, Vicente Aguilera wrote:
> Hello leaderes,
> 
> Richard Stallman sent me the following message which I reproduce it for
> your consideration:
> 
> ===
> I run into quite a few sites nowadays that won't work without
> Javascript.  Often WiFi portals do this.
> 
> Can OWASP help encourage Web designers to make their sites
> work with Javascript disabled?
> 
> Also, can it help encourage Web designers to make their sites
> pass the LibreJS test?
> ===
> 
> What's your opinion?
> 
> Best regards,
> -- 
> _________________________________
> Vicente Aguilera Diaz
> OWASP Spain chapter leader
> CISA, CISSP, CSSLP, ITIL, PCI ASV
> CEH Instructor, ECSP Instructor, OPSA, OPST
> vicente.aguilera at owasp.org <mailto:vicente.aguilera at owasp.org>
> Homepage: http://www.owasp.org/index.php/Spain
> Mailing list: http://lists.owasp.org/mailman/listinfo/owasp-spain
> Twitter: @vaguileradiaz
> Personal website: http://www.vicenteaguileradiaz.com
> PGP: 0xD21C1EF8 - D1F0 E0B5 2ACC B4B5 57CD  C427 58B7 CF0D D21C 1EF8
> _________________________________
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 


More information about the OWASP-Leaders mailing list