DEV Community

Cover image for People disable javascript in their browser? 😱  Give 'em something to cry about!
IroncladDev
IroncladDev

Posted on

People disable javascript in their browser? 😱 Give 'em something to cry about!

Did you know that two percent of people that use the internet disable javascript in their browser? That's a surprising amount.

Guess what? If you're a web developer using react, jquery, or some other js lib, it's gonna go haywire on them. Pitiful, eh? It won't even run! If you are using react on the client side for a simple application, it won't even run.

In this article, I'm going to show you some pretty (dark) techniques to make them turn javascript on forever.

1. The tag

This tag will display an html document on top of the existing one if javascript is disabled. All you have to do is put it in your html somewhere. You can not only store text, but also meta tags, headers, html bodies, and more!

<noscript>
  <h1>Only Monkeys don't use javascript in their browser!</h1>
</noscript>
Enter fullscreen mode Exit fullscreen mode

Something I've found useful on stackoverflow is redirecting them to a different page in your site.

<noscript>
  <meta http-equiv="refresh" content="0;URL=/monkeysdontusejs">
</noscript>
Enter fullscreen mode Exit fullscreen mode

Pro Tip: Store a massive gif that takes up almost the whole screen size in the noscript tag or a rickroll video.

2. The IP logger prank

You can still log user IP addresses even when a client lives with javascript disabled.

I used Next.js for this since it does server-side rendering and can collect some sweet props from the backend and pass it to the frontend for you.

What I did was use the request-ip npm package and pass that as a prop from the backend with getServerSideProps.

import requestIp from 'request-ip'

...

export async function getServerSideProps(ctx){
  return {
    props: {
      addr: requestIp.getClientIp(ctx.req)
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

Here's the example: https://next-gen-noscript-killer.ironcladdev.repl.co/
And the code: https://replit.com/@IroncladDev/next-gen-noscript-killer

And I promise I'm not logging and stealing IPs. I don't even know what to do with one if I have it.

Well, what can you do with this? Maybe state something about still being able to log ips which makes no difference or that disabling javascript is a security vulnerability. Go wild!

3. Render your whole website with javascript

That'll make them feel left out. Even if a client has javascript disabled, they'll turn it on for a few sites that require it.

This isn't recommended for production websites, but yeah it works well.

If you don't want to do that, maybe render your css with javascript or make it so that they can't interact with any apis/backend functions. Get dirty!

4. Whoops.

Looks like @inhuofficial is gonna come after me for writing about making accessibility worse.

This article was for fun, and should be used for fun and not in production-level websites.

Adding some of these to your personal website or making a prank site would be reasonable.

Welp, have fun, don't get too dirty, and please share your ideas with me on how to take this a step further!

Also, happy new year!


Liked this post? Be sure to subscribe to my newsletter for new posts, new projects, recaps, and more!

Join my discord to get in touch and hang out!

Discussion (23)

Collapse
donaldsebleung profile image
Donald Sebastian Leung

There's a good reason some people refuse to run JavaScript in their browser (though I am not one of them), as outlined by the Free Software Foundation: gnu.org/philosophy/javascript-trap...

Please don't be that person who makes their lives miserable (even if it's just 2% of the Internet population) just because they choose not to trust arbitrary JavaScript code from a (possibly untrusted) website :-(

Collapse
jankapunkt profile image
Jan Küster

Their (gnu) perspective is highly debatable as it focuses on freedom of code. So if I release my full blown js app under agpl license (which we actually do!) and if I do it for a better good for the public (which we also do!) then their argument is invalid.

Collapse
cicirello profile image
Vincent A. Cicirello

Read the entire gnu article. They cover this. What you are doing (releasing your app under agpl) is an example of what they argue should be done. They provide a link near end of article covering how to state license details, etc.

Thread Thread
jankapunkt profile image
Jan Küster

This discussion is about disabling JavaScript and my argument is that if I publish my app via agpl and disclose the source and do some good then there is no reason to disable JavaScript so the argument is not good for why people should disable JavaScript. Our app fulfills all their requirements yet it's a pure JS app.

Collapse
inhuofficial profile image
InHuOfficial

Your New Years resolution should be to not “poke the bear” calling me out on articles you know are going to anger me 😜🤣

Seriously though funny article with some actual useful tips sprinkled in there (the meta refresh in a no script is one I love ❤️) and it is obviously my silly sense of humour 😄

Much deserved ❤️🦄 from me!

Collapse
ironcladdev profile image
IroncladDev Author

lol I'm glad I didn't get a whooping from the accessibility master!

Collapse
inhuofficial profile image
InHuOfficial

Hehe I don’t know if this reputation I have is a good or a bad thing but either way it makes me smile 😃 🤣.

Collapse
nikitakhutorni profile image
Nikita Khutorni

This is hilarious :'D

Collapse
darkwiiplayer profile image
DarkWiiPlayer • Edited on

In this article, I'm going to show you some pretty (dark) techniques to make them turn javascript on forever.

More like leave that shitty site and never look back

Well, what can you do with this? Maybe state something about still being able to log ips which makes no difference or that disabling javascript is a security vulnerability. Go wild!

It makes a huge difference. And it's enabling javascript that is the security vulnerability ;)

Even if a client has javascript disabled, they'll turn it on for a few sites that require it.

Or just leave


But yea, it's sad how many websites need javascript to sow static content. In my opinion, this is primarily a sign that many "web"-developers these days don't understand the technologies they're working with and don't know any better than to write their entire website in JS.

Collapse
oniichan profile image
yoquiale

Disagree, js is also used to create cool interactions and effects.

Collapse
darkwiiplayer profile image
DarkWiiPlayer

Yes, there are indeed very valid use-cases for JS on static websites.

These use-cases, however, should not be used as an excuse to make a whole website of static content unavailable to a user who wants to opt out of providing websites with access to their processing power because they don't want to audit any website they use for potential crypto-miners.

Thread Thread
oniichan profile image
yoquiale

Who would stop using JavaScript on their static websites because of some conspiration paranoid?

Thread Thread
darkwiiplayer profile image
DarkWiiPlayer

People who aren't massive dicks

Collapse
sargalias profile image
Spyros Argalias

Lol, I love it. I'm gonna start using these tips in production.

If we don't have JavaScript, we don't have nothing!

Collapse
ironcladdev profile image
IroncladDev Author

Very true. Without javascript, I'm not a web dev.

Collapse
peerreynders profile image
peerreynders

please share your ideas with me on how to take this a step further!

In November 2020 heydonworks.com went the opposite direction — to view the web site you had to disable JavaScript:

But JavaScript isn't the point
… it, is that forcing a visitor down a specific path just so that they can access the content is a burden that they should not carry.

In truth most visitors wouldn't know how to disable JavaScript even if they wanted to. Which leads us back to:

and not in production-level websites.

Sure but some other resources might be nice:


Unrelated but perhaps thought provoking — (Mobile) Apps Must Die (2011):

(Native) apps are a remnant of the Jurassic period of computer history, a local maximum that is holding us back.

Collapse
19wintersp profile image
Patrick Winters

Yeah no don't do this

Collapse
jankapunkt profile image
Jan Küster

How is this an accessibility issue? I would even say that disabling js can cause accessibility issues. For example: we use js to generate browser speech synthesis for functional illiterates to be able to read any text.

"bUt ScReEnReAdErS" - yeah no one has them installed because many functional illiterates can't but they know how to open a browser or scan a qr code. With js disabled they would actually have a real disadvantage here.

Collapse
artidata profile image
Imaduddin Haetami

How did you know the number? You made it up? I think it should be way lower than that.

Collapse
ironcladdev profile image
IroncladDev Author

What number?

Collapse
artidata profile image
Imaduddin Haetami

The two percent

Collapse
jzombie profile image
jzombie

As recently as 2007 (15 years ago), I was blocking JavaScript on nearly every site I visited because I didn't trust it, didn't understand it.

By 2008 it became my favorite language.

Collapse
vreezyde profile image
Lars Eschweiler

In Germany you have to serve a no javascript Site with an Impressum and contact data. It's a law. But no one does it or control it. I think other contries have similar laws.