Only supporting users who have Javascript enabled

Question

I am considering creating a website that only supports users with JavaScript enabled.

My justification for this is that I want to offer a rich user experience, in a fairly limited time budget, so if I only support people who have JS enabled, I don't have to spend time making sure the UI works without JS and create server side equivalents for validation etc.

1. Is this possible? Do different browsers\platforms prevent me from achieving this?
2. What percentage of users have JS disabled these days?
3. How would I go about checking if JS is enabled in C#.

Answer 1

Your justification is fine. However, you must implement validation on the server side of things as otherwise abusing your code will be very easy by just disabling JavaScript.

No, making it "impossible" to submit any data without JavaScript will not solve it.

From personal experience I think most internet users hava JS enabled nowadays. The portion of users who may have problems with JS-heavy site is mobile-based users, so unless you need to reach them, it probably should not be a big issue.

The easiest way to determine JS with just a single redirect would be to set a cookie with JavaScript code (document.cookie) and then use the aforementioned window.location to redirect. After that the server should be able to read the cookie set by JS, assuming it's enabled.

Also, while it's quite difficult to share validation rules and other logic automatically on both server and the client using tech like C#, I would suggest checking out Aptana Jaxer. Jaxer is a JavaScript based server-side framework which, amongst other things, will allow you to share the very same JavaScript code on both client and server. Very nice if you want to validate on the client, but don't want to write your validation rules twice!

Answer 2

See:

• How many people disable Javascript? (around 1%);
• How to detect if JavaScript is disabled?; and
• Detect when JavaScript is disabled in ASP.NET.

As for validation you should always do serverside validation and never rely on clientside validation. You're just asking to be hacked otherwise.

If you are doing a rich user experience and/or you don't have the time to do two (or more) versions of your Website to cater for such a small percentage, I think we've reached the time where that's usually acceptable.

It does however depend on the circumstances. Certain sites may target uses that disproportionately disable Javascript and so on.

Answer 3

You're missing a couple browser scenarios:

• A lot more people are using NoScript and similar systems, where javascript is initially disabled. This may not really be a problem for you, because most of those people will just turn it on when they need it.
• Googlebot doesn't know javascript. You need to make sure the content good enough without javascript for Google to index it properly.

Answer 4

These days, the only people who don't use JS are usually:

• Visually impaired, and use screen readers (all effect of JS is usually lost)
• Security-conscious (or paranoid?) and browse with NoScript turned off
• Mobile users with limited browsers

In ASP.NET, or any HTML site, use:

<script type="text/javascript">
    window.location="/hasJs.aspx";
</script>

Which will redirect them to a page for JavaScript users, which may set a cookie or something you can check for in your master page. Like so (or similar):

(in hasJs.aspx):

protected void Page_Load(object sender, object e) {
    Response.Cookies.Add(new HttpCookie("hasJs", "yes"));
    Response.Redirect("/Default.aspx");
}

(Site.master) :

<% if ( ! Request.Cookies.Contains("hasJs") ) { %>
    <script type="text/javascript">
         window.location="/hasJs.aspx";
    </script>
    This site requires JavaScript.
<% } %>