People disable javascript in their browser? 😱 Give 'em something to cry about!

Publish Date: Jan 1 '22

61 24

Did you know that two percent of people that use the internet disable javascript in their browser? That's a surprising amount.

Guess what? If you're a web developer using react, jquery, or some other js lib, it's gonna go haywire on them. Pitiful, eh? It won't even run! If you are using react on the client side for a simple application, it won't even run.

In this article, I'm going to show you some pretty (dark) techniques to make them turn javascript on forever.

1. The tag

This tag will display an html document on top of the existing one if javascript is disabled. All you have to do is put it in your html somewhere. You can not only store text, but also meta tags, headers, html bodies, and more!

<noscript>
  <h1>Only Monkeys don't use javascript in their browser!</h1>
</noscript>

Something I've found useful on stackoverflow is redirecting them to a different page in your site.

<noscript>
  <meta http-equiv="refresh" content="0;URL=/monkeysdontusejs">
</noscript>

Pro Tip: Store a massive gif that takes up almost the whole screen size in the noscript tag or a rickroll video.

2. The IP logger prank

You can still log user IP addresses even when a client lives with javascript disabled.

I used Next.js for this since it does server-side rendering and can collect some sweet props from the backend and pass it to the frontend for you.

What I did was use the request-ip npm package and pass that as a prop from the backend with getServerSideProps.

import requestIp from 'request-ip'

...

export async function getServerSideProps(ctx){
  return {
    props: {
      addr: requestIp.getClientIp(ctx.req)
    }
  }
}

Here's the example: https://next-gen-noscript-killer.ironcladdev.repl.co/
And the code: https://replit.com/@IroncladDev/next-gen-noscript-killer

And I promise I'm not logging and stealing IPs. I don't even know what to do with one if I have it.

Well, what can you do with this? Maybe state something about still being able to log ips which makes no difference or that disabling javascript is a security vulnerability. Go wild!

3. Render your whole website with javascript

That'll make them feel left out. Even if a client has javascript disabled, they'll turn it on for a few sites that require it.

This isn't recommended for production websites, but yeah it works well.

If you don't want to do that, maybe render your css with javascript or make it so that they can't interact with any apis/backend functions. Get dirty!

4. Whoops.

Looks like @inhuofficial is gonna come after me for writing about making accessibility worse.

This article was for fun, and should be used for fun and not in production-level websites.

Adding some of these to your personal website or making a prank site would be reasonable.

Welp, have fun, don't get too dirty, and please share your ideas with me on how to take this a step further!

Also, happy new year!

Liked this post? Be sure to subscribe to my newsletter for new posts, new projects, recaps, and more!

Join my discord to get in touch and hang out!

Comments 24 total

Spyros ArgaliasJan 1, 2022
Lol, I love it. I'm gonna start using these tips in production.

If we don't have JavaScript, we don't have nothing!
- IroncladDevJan 1, 2022
  Very true. Without javascript, I'm not a web dev.
GrahamTheDevJan 1, 2022
Your New Years resolution should be to not “poke the bear” calling me out on articles you know are going to anger me 😜🤣

Seriously though funny article with some actual useful tips sprinkled in there (the meta refresh in a no script is one I love ❤️) and it is obviously my silly sense of humour 😄

Much deserved ❤️🦄 from me!
- IroncladDevJan 1, 2022
  lol I'm glad I didn't get a whooping from the accessibility master!
  - GrahamTheDevJan 1, 2022
    Hehe I don’t know if this reputation I have is a good or a bad thing but either way it makes me smile 😃 🤣.
Jan Küster 🔥Jan 1, 2022
Their (gnu) perspective is highly debatable as it focuses on freedom of code. So if I release my full blown js app under agpl license (which we actually do!) and if I do it for a better good for the public (which we also do!) then their argument is invalid.
- Vincent A. CicirelloJan 2, 2022
  Read the entire gnu article. They cover this. What you are doing (releasing your app under agpl) is an example of what they argue should be done. They provide a link near end of article covering how to state license details, etc.
  - Jan Küster 🔥Jan 2, 2022
    This discussion is about disabling JavaScript and my argument is that if I publish my app via agpl and disclose the source and do some good then there is no reason to disable JavaScript so the argument is not good for why people should disable JavaScript. Our app fulfills all their requirements yet it's a pure JS app.
Jan Küster 🔥Jan 1, 2022
How is this an accessibility issue? I would even say that disabling js can cause accessibility issues. For example: we use js to generate browser speech synthesis for functional illiterates to be able to read any text.

"bUt ScReEnReAdErS" - yeah no one has them installed because many functional illiterates can't but they know how to open a browser or scan a qr code. With js disabled they would actually have a real disadvantage here.
Patrick WintersJan 1, 2022
Yeah no don't do this
jzombieJan 1, 2022
As recently as 2007 (15 years ago), I was blocking JavaScript on nearly every site I visited because I didn't trust it, didn't understand it.

By 2008 it became my favorite language.
Imaduddin HaetamiJan 2, 2022
How did you know the number? You made it up? I think it should be way lower than that.
- IroncladDevJan 3, 2022
  What number?
  - Imaduddin HaetamiJan 3, 2022
    The two percent
Lars EschweilerJan 2, 2022
In Germany you have to serve a no javascript Site with an Impressum and contact data. It's a law. But no one does it or control it. I think other contries have similar laws.
peerreyndersJan 2, 2022
please share your ideas with me on how to take this a step further!

In November 2020 heydonworks.com went the opposite direction — to view the web site you had to disable JavaScript:

But JavaScript isn't the point
… it, is that forcing a visitor down a specific path just so that they can access the content is a burden that they should not carry.

In truth most visitors wouldn't know how to disable JavaScript even if they wanted to. Which leads us back to:
- Everyone has JavaScript, right?
- Why Availability Matters.
and not in production-level websites.

Sure but some other resources might be nice:
- Responsible JavaScript: Part I, II, III
- Book
Unrelated but perhaps thought provoking — (Mobile) Apps Must Die (2011):

(Native) apps are a remnant of the Jurassic period of computer history, a local maximum that is holding us back.
𒎏Wii 🏳️‍⚧️Jan 3, 2022

In this article, I'm going to show you some pretty (dark) techniques to make them turn javascript on forever.

More like leave that shitty site and never look back

Well, what can you do with this? Maybe state something about still being able to log ips which makes no difference or that disabling javascript is a security vulnerability. Go wild!

It makes a huge difference. And it's enabling javascript that is the security vulnerability ;)

Even if a client has javascript disabled, they'll turn it on for a few sites that require it.

Or just leave

But yea, it's sad how many websites need javascript to sow static content. In my opinion, this is primarily a sign that many "web"-developers these days don't understand the technologies they're working with and don't know any better than to write their entire website in JS.
- yoquialeJan 3, 2022
  Disagree, js is also used to create cool interactions and effects.
  - 𒎏Wii 🏳️‍⚧️Jan 3, 2022
    Yes, there are indeed very valid use-cases for JS on static websites.
    
    These use-cases, however, should not be used as an excuse to make a whole website of static content unavailable to a user who wants to opt out of providing websites with access to their processing power because they don't want to audit any website they use for potential crypto-miners.
    - yoquialeJan 4, 2022
      Who would stop using JavaScript on their static websites because of some conspiration paranoid?
      - 𒎏Wii 🏳️‍⚧️Jan 4, 2022
        People who aren't massive dicks
Nikita KhutorniFeb 14, 2022
This is hilarious :'D
Sophia NelsonJun 3, 2022
Thanks for writing this!

Add comment

IroncladDev @ironcladdev