Software, technology, sysadmin war stories, and more. Feed
Thursday, March 29, 2012

Uses and abuses of JavaScript

I didn't believe in Javascript for the longest time. It was one of those things which I kept disabled in my browser, because all it brought was pain and sadness. There were constant security attacks by evil scripts, to say nothing of the pop-ups, pop-unders, and everything else which could be done back in those days.

Even though browsers start adding restrictions on what could be done with scripts, I didn't trust it. I kept it off as a matter of policy. Looking at the web with it off was a fast and enjoyable experience, as I got all of the content and none of the added stupidity. Of course, this had to change eventually.

When I started working as a web support monkey, it became necessary to run a browser with JS turned on full-time to get to the ticketing system. There wasn't anything like NoScript back then, so I just had to turn it on globally and let it sit there. This gave me a reason to re-evaluate the web with JS on as I went about my business, and eventually it seemed that things were mostly manageable.

Still, I never really bought into it until I saw the utility in AJAX. One winter, someone posted a link to Digg about "how to learn AJAX in 30 seconds", or something to that effect. I was on vacation in a far away state and had nothing to do on that particular night, so I logged into my machine back home and started poking around.

I'm not sure if it happened in 30 seconds or not, but I did manage to write some horrible little pages which had dynamic elements coming from my server. This was all of the old-school raw stuff that things like jQuery handle for you now.

It didn't really hit home until I went back to work a week later and saw a perfect opportunity to use it. People kept asking me to run queries against our "reporting database", which was just a daily snapshot of Postgres from the day before. I always kept my queries in a series of files so I could just paste them in and run them again, but being in the loop was getting old. I wanted to escape.

My solution was to throw all of those queries in a directory, then I added a non-query metadata line which gave each one a title. I had a small CGI program which would opendir(), then readdir() to find all of the entries, and then it would open all of them and yank the title. It would then present them in a SELECT dropdown.

I was proud of what happened next. If you picked a query, it would call back to my backend and tell me which one, and I would return the HTML FORM elements for all of the parameters in the query. There were a few different types which turned into different kind of INPUT schemes. Once you filled it out and actually submitted it, then the usual stuff would run your query and return the results.

Once this existed, I could just point all of those requests at my workstation's web server and then people could run them any time they wanted. I was no longer on the hook for anything unless they managed to come up with a new variant.

It took a strong use case to make me pay attention. It had to be enough to overcome all of the past history where web pages had used JS to be abusive and evil. It took a long time, but it finally started providing more utility than pain, and so I let it through.

Of course, now, we have NoScript and friends, and I really appreciate having it around. It shows me who "gets" the web and actually delivers content, and who doesn't.

Stuff like this is what I'm talking about. It's still happening. I'm beginning to wonder if it's some trick to make other search engines less effective because they won't see any content for those pages unless they write a JS-aware robot.

Pretty sneaky, huh?