SEARCH

How-To Geek

HTG Explains: Should You Disable JavaScript?

javascript-disabled

Few people disable JavaScript, but many who do are very vocal about it. JavaScript makes the type of web pages we have today possible. While you could disable JavaScript, it would be a lot of annoyance for little benefit.

The security benefits of disabling JavaScript are dubious, and you will give up so much of the modern web if you do. You can whitelist websites to only run JavaScript on certain websites, but that’s a never-ending task that will take precious time.

What is JavaScript?

JavaScript is a programming language used on web pages. JavaScript was initially pretty basic and was used for things like alert boxes and menus that appeared when you hovered your mouse over elements on the page. However, JavaScript isn’t just used for such minor things anymore. It’s the language that powers modern web apps, allowing web pages to dynamically load and send content in the background without page loads and do other dynamic, interactive things. Most websites use JavaScript to provide various features.

Note that JavaScript isn’t the same thing as Java. JavaScript and Java aren’t really related at all, aside from the name. (The similar name was chosen for marketing reasons.) JavaScript is built into your web browser – Chrome, Firefox, Internet Explorer, Safari, and Opera all have their own JavaScript engines. It’s not a plug-in produced by a single company that doesn’t seem to care about security, as Java is.

We have pleaded with our readers to disable Java, which has been recently used to compromise computers in organizations as big as Facebook and Apple. However, JavaScript isn’t the security threat Java is.

What Happens if You Disable JavaScript

If you disable JavaScript, many websites won’t work properly. This is particularly true for web apps like Gmail and Google Docs, but it’s also true for other websites. Disabling JavaScript may break the ability to log in, post comments, or dynamically request content.

For example, when you perform a search on Google Images, you can keep scrolling down to view more images without having to reload the page. Google Images is using JavaScript to dynamically request new images from Google’s servers and add them to the current page. When you click an image, you will see a larger in-line popup with that image. You don’t have to wait for a new web page to load – it all happens on the current web page without any obnoxious load times.

google-images-with-javascript

If you disabled JavaScript, you would have to click “next” over and over to view more images. When you clicked an image, you would have to load a new page entirely. The nicer interface above requires JavaScript to make its various features work.

google-images-without-javascript

This is just one example – many other features on websites use JavaScript. Some websites don’t even provide fallback pages that function without JavaScript.

If you disable JavaScript, you may be unable to use certain features on a website, the website may break completely, or you may use a version of the website with reduced features for users on older browsers. For example, Gmail offers a plain-HTML mode for people with JavaScript disabled.

Why Do People Disable JavaScript?

Many people who disable JavaScript do it because of a perceived security benefit. There have been a few browser vulnerabilities that were exploited via JavaScript. However, this is extremely uncommon and the rare security holes in JavaScript engines have been patched very quickly. Most websites use JavaScript – it’s what makes the web we have today possible.

In contrast, Java has had a never-ending series of security holes. They’re often not  patched very quickly – in fact, the Java plugin is still vulnerable today. Java seems to spend most of its time with unpatched security holes, waiting to be exploited. Very few websites use the Java plugin. It’s a relic most people can get by without.

Disabling JavaScript also prevents some types of ads from loading. We don’t encourage blocking ads, but if you must, there are better ways to do so than disabling JavaScript.

How People Disable JavaScript

Modern web browsers have an option to disable JavaScript entirely, just as they have the option to disable images and other web features. If you don’t want to use JavaScript at all, you’ll find an option to disable JavaScript in your browser’s options window.

firefox-disable-javascript

Most people who disable JavaScript use an add-on like NoScript instead of just disabling JavaScript in their browser. This type of add-on allows you to selectively enable JavaScript on certain websites. This might seem like a convenient compromise, but it requires micromanaging your whitelist and often stumbling across new websites that won’t work properly.

javascript-disabled-with-noscript

Should You Disable JavaScript?

We recommend against disabling JavaScript. It’s a widely used language that makes the web what it is today, allowing for websites to be more responsive, dynamic, and interactive.  Disabling JavaScript takes websites back to a time when they were simple documents without any other features. While some people may long to return to that time, that’s not the web we live on today.

There have certainly been a few cases where disabling JavaScript could have blocked a new security vulnerability from being exploited, but those have been rare and fixed quickly.

Bear in mind that there have been cases where browsers themselves were exploited and disabling JavaScript didn’t help. To protect against such attacks, we could stop using browsers entirely, downloading web page HTML files and reading them by hand in a text editor. But we don’t. The small risk of using a web browser instead of a text editor is worth the huge improvement in usability a browser offers. The same is true for JavaScript – leaving it enabled is a very small risk for a very big benefit.

Of course, your browser is yours. You have the ability to control what it does – you could even disable all images entirely and browse the web without ever downloading an image. You could disable Flash entirely and never watch videos online. You could use a text-mode browser like w3m in the terminal instead of using a graphical browser.

What You Should Disable

We do recommend uninstalling Java entirely (or disabling Java if you can’t uninstall it). Adobe Reader has also been another source of compromises – you may want to uninstall it and use a third-party PDF reader. Chrome and Firefox both include built-in support for PDFs, while there are other lightweight options like SumatraPDF.

Rather than disabling JavaScript and whitelisting it, you will see more performance and security improvements from using click-to-play plugins in Firefox or Chrome.

click-to-run-flash-in-chrome


The choice is ultimately up to you, but we recommend you leave JavaScript enabled and don’t worry about it. Just keep your browser up-to-date and you should be fine.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 02/28/13

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!