Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should I completely stop using inline JavaScript?

In a discussion elsewhere on SO, I was informed that "[m]ost browsers will not execute inline javascript... these days." This is news to me, and I have been researching to try to verify this statement, in order to understand if I need to adjust the code on some of the websites I maintain in order to make them compatible with future browsers.

As far as I can tell, the commenter is referring to Content Security Policy, a relatively new proposal that would, if implemented, restrict or totally disable inline scripting.

However, I note:

  • This requires the use of a (currently optional) HTTP header or meta-tag equivalent, which I doubt any webserver will ever be able to send out by default.

  • The browser support for it is currently limited to the latest & greatest, especially on mobile.

  • Nothing in this indicates (to me) that 'most browsers' will not serve inline JavaScript at all, nor that they are planning to implement such a thing in the future.

My question is basically, am I wrong about #3? Is inline JavaScript support likely to be on the way out?


Incidentally, I ask this on SO because I think it might be a "practical, answerable problem that is unique to software development." If others believe this is too broad or belongs somewhere else on SE, I would like to hear your suggestions. Thanks in advance!

like image 820
Two-Bit Alchemist Avatar asked Mar 12 '14 17:03

Two-Bit Alchemist


2 Answers

There are hundreds of millions of web pages out there that would stop working if inline javascript was disabled by default. A browser that does that would have to be very brave.

Backwards compatibility in browsers is a good and a bad thing (just think about IE!). A bad thing, because they could be lighter and quicker if they didn't have to support legacy code, and a good thing, because, otherwise, hundreds of millions of useful webpages that no one maintains any longer would be almost lost.

Think that no browser, even when using HTML5, will enforce strict rules for HTML, so I doubt inline javascript will be disabled. And even if there is introduced a way to do it, you, as a developer, will have a way to disable that option (or even better, not to enable it).

That said, I'd be the first to enable it in my own websites, because I hate inline code. My advice: never use it except if strictly necessary.

like image 153
Oscar Paz Avatar answered Oct 21 '22 06:10

Oscar Paz


Like the comment said, whoever said that is wrong.

However, you should still stop using inline JavaScript (exception, frameworks like Angular) because it's poor practice. Concerns should be separated. For instance:

<someElement onlick="func()">Derp</someElement> // this is bad.
someElement.addEventListener("click",func,false); //this is much better

It's easier to read, and in larger apps, it's much easier to maintain, especially in a separate file.

It will still act the same, yes, but in my experience I have encountered many more problems debugging inline js than I did external scripts.

like image 29
Sterling Archer Avatar answered Oct 21 '22 07:10

Sterling Archer