commit: e8425a87312fa818bad900e0664f565b3c8fee3d
parent d1aaf2819c7585a9fb023d99041c76ae51a872cf
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Mon, 18 Aug 2025 11:52:43 +0000
articles/no-noscript-element: new
Diffstat:
4 files changed, 65 insertions(+), 1 deletion(-)
diff --git a/articles/no-noscript-element.xml b/articles/no-noscript-element.xml
@@ -0,0 +1,61 @@
+<entry>
+<title>The <noscript> element as a trap</title>
+<link rel="alternate" type="text/html" href="https://hacktivis.me/articles/no-noscript-element"/>
+<id>https://hacktivis.me/articles/no-noscript-element</id>
+<published>2025-08-18T11:52:43Z</published>
+<updated>2025-08-18T11:52:43Z</updated>
+<!--
+<link rel="external replies" type="application/activity+json" href="https://queer.hacktivis.me/objects/50be9d37-dee6-4c69-818e-013fa3b010d0" />
+<link rel="external replies" type="text/html" href="https://queer.hacktivis.me/objects/50be9d37-dee6-4c69-818e-013fa3b010d0" />
+-->
+<content type="xhtml">
+<div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="h-entry">
+ <p>
+ One of the few traps of the web is how the <code><noscript></code>
+ element doesn't provides the right behavior.
+ </p>
+ <p>
+ Definition: The <code><noscript></code> element provides alternate content when JavaScript is entirely toggled off or entirely unsupported.<br />
+ Sources:
+ <ul>
+ <li><a href="https://www.w3.org/TR/html4/interact/scripts.html#h-18.3.1">HTML4 § 18.3.1 The NOSCRIPT element</a> with ignoring non-JavaScript in <code><script></code> (W3C gives Tcl as example, I'd more point to JScript and VBScript, both of which are thankfully gone)</li>
+ <li><a href="https://html.spec.whatwg.org/multipage/scripting.html#the-noscript-element">WHATWG HTML (multipage) § The noscript element</a></li>
+ </ul>
+ </p>
+ <p>
+ While the way to obtain the right behavior is to have a generic
+ textual element being updated/deleted by your own script using
+ the DOM APIs.
+ You could also make the scripts so optional for you
+ to not need to provide a failure message,
+ but that's not the right method when the scripts are
+ needed for actually using the webpage.
+ </p>
+ <p>
+ And should be noted that WHATWG HTML contains a similar recommendation to the latter method:
+ <blockquote>
+ The <code>noscript</code> element is a blunt instrument. Sometimes, scripts might
+ be enabled, but for some reason the page's script might fail.
+ For this reason, it's generally better to avoid using <code>noscript</code>,
+ and to instead design the script to change the page from being
+ a scriptless page to a scripted page on the fly, […]
+ </blockquote>
+ </p>
+ <p>
+ Because the problem is, JavaScript can fail to load in several ways. Here's a non-exhaustive list of cases:
+ <ul>
+ <li>Blocked domains/URLs, think adblockers/anti-viruses or corporate firewalls</li>
+ <li>Blocked browsers/users, think hosting-side firewall (at any of the IP/TCP/HTTP/… level of encapsulation) which can be legitimate, over-zealous, or accidental</li>
+ <li>Basic connectivity issues, after all browsing using mobile data is usual, HTTPS configurations still routinely presents expired certificates, BGP/DNS/… still fails</li>
+ <li>Unsupported APIs or even language syntax, either due to a browser not supporting bleeding edge features or non-portable features</li>
+ <li>Badly restored website backup or incomplete one</li>
+ <li>Badly deployed website update, think HTML updated before JavaScript or even an incomplete deployment</li>
+ <li>Part of the hosting infrastructure being down or overloaded</li>
+ <li>Limits from the hoster, like rate-limits or limits on total bandwidth</li>
+ </ul>
+ I see most of the above on a regular basis, about multiple times per week to few times a month, and I tend to browse simple websites.
+ And that's without counting the various ways scripts tend to fail at properly handling errors.
+ </p>
+</div>
+</content>
+</entry>
diff --git a/config.ninja b/config.ninja
@@ -25,5 +25,6 @@ build articles/forgeless-ssh-signed-commit.html: article entry.xsl articles/forg
build articles/google-web-environment-integrity-illegal.html: article entry.xsl articles/google-web-environment-integrity-illegal.xml
build articles/libre-software-security-disclosure.html: article entry.xsl articles/libre-software-security-disclosure.xml
build articles/mozilla-foundation-has-no-members.html: article entry.xsl articles/mozilla-foundation-has-no-members.xml
+build articles/no-noscript-element.html: article entry.xsl articles/no-noscript-element.xml
build articles/self-hosting.html: article entry.xsl articles/self-hosting.xml
build articles/wasm-hype-wish.html: article entry.xsl articles/wasm-hype-wish.xml
diff --git a/feed.atom.in b/feed.atom.in
@@ -9,8 +9,9 @@
<name>Haelwenn (lanodan) Monnier</name>
</author>
- <updated>2025-04-07T01:37:22Z</updated>
+ <updated>2025-08-18T03:53:02Z</updated>
<!-- new.sh: new articles here -->
+<xi:include href="articles/no-noscript-element.xml"/>
<xi:include href="articles/forgeless-ssh-signed-commit.xml"/>
<xi:include href="articles/choosing-dependencies.xml"/>
<xi:include href="articles/mozilla-foundation-has-no-members.xml"/>
diff --git a/home.shtml b/home.shtml
@@ -13,6 +13,7 @@
<p>List of articles, newest first:</p>
<ol class="indexlist">
<!-- new.sh: new articles here -->
+ <li>2025-08-18: <a href="/articles/no-noscript-element">The <noscript> element as a trap</a></li>
<li>2025-05-02: <a href="/articles/forgeless-ssh-signed-commit">Forge-less SSH-signed git commits</a></li>
<li>2024-12-14: <a href="/articles/choosing-dependencies">How I choose dependencies</a></li>
<li>2024-06-25: <a href="/articles/mozilla-foundation-has-no-members">Mozilla Foundation has no members</a></li>
