Aha, I hadn't even noticed it, thanks Nick, for bringing it to my attention

Like me. I have a friend who might be interested and wouldn't have seen it in the photography forum.

Why's that? It seems very handy to me.

Because it is insecure and it causes compatibility problems - more than HTML and CSS even!

None of the current browsers can run the latest version of JavaScript (ratified in 2006/2007)! They support different bits from different versions, but do some things in different ways. IE uses a different DOM model to other browsers. If it comes across standards-compliant code with the standard DOM, it will usually throw out an error dialog and allow the user to debug the code or run until the next error. Safari, if it encounters IE DOM code stops dead. Firefox is a little more flexible, it recognises the IE DOM and tries to work with it, but can sometimes come up with random results - sometimes a page will work, sometimes it won't.

Cross-site scripting is a big problem, as is the embedding of code from other sites within a site.

I use NoScirpt in Firefox, when I surf. It allows me to allow or forbid code on a domain by domain basis.

For example, macuser.co.uk runs JS code from doubleclick.net and skimlinks.com, I let the macuser code run, but doubleclick and skimlinks are blocked (the latter is responsible for all the barstardisation of the text with double underlines and popping up windows when you are trying to read the text on the page! With skinlinks disabled, the page looks normal and readable.

BBC, again, has doubleclick.net and also revsci.net code embedded in it (the latter for playing multimedia content).

Sky.com has pubmatic, ecustomeropinions and adtech code embedded in it.

failblog.org (also roflrazzi, icanhascheezburger etc.) has a lot of other code embedded in it: As well as failblog itself, you have code from youtube, viddler (both for video), quantserve (more multimedia), polldaddy, cheezburger-analytics, googleadservices, google-analytics and wordpress.

All it takes is for one of those to get compromised and the domain you are visiting is also compromised.

Glad i use chrome .

I read this thread, and I have no idea whatsoever it was originally about.

Indeed.

I'd just like to add though that it's nothing personal or unique to the photography thread.

I hate them all!

Ah I see, thanks Dave. So it's more of a problem with the language/code itself rather than what it does.

but bumping this too the top is fine?

Well, that's a different argument but probably a valid one. Whilst the original announcement will disappear soon, this may rumble on for ages

Al

What was this thread originally about? It seems to be about JavaScript and whether this should be a sticky.

I like sticky------------------------------------------toffees

Nick grumbling about the "Calling keen photographers" announcement at the top of the meeting place.

Dave no offence meant but me being a kingsize n00b has absolutely no idea what that means at all, but that's why i'm a horticulturist & not in I.T.


yours baffled in a big way wecrookie

Basically, at the moment, sites embed code from other sites, which they have no control over. From a security viewpoint a bad thing. Because the browsers allow for this, there are bugs in their code, which allows cross-site scripting exploits, a very bad thing.

The other point is that all JavaScript engines aren't built the same. MS did the usual and made their own version of JavaScript (and VBScript, which thankfully has pretty much died out) and their own object model (DOM), which is a list of objects (and associated methods (actions) and properties) which the language can interact with, to manipulate the state of the browser and the different elements on the page. Because of this, the developer has to put more effort into the code, to make sure it will run on the widest range of browsers. A lot of devs don't, don't know or can't be arsed to support more browsers than the one they use.

This means, for users of different browsers, that they can often get unexpected results or pages which just don't work.

From a safety/security viewpoint, I use an add-in called NoScript, which blocks JavaScript, unless I specificall click on the NoScript icon and say that I trust a specific domain (like macuser.co.uk, but it won't run the embedded code from doubleclick.net or skimlinks.com, because I don't trust them and haven't told NoScript to let their code through).

I hope that is a little more simplified for you. If you need anything else broken down, please say.