InformAction Forums

Hi girls/guys

I am building a website and I am trying to make it as respecteful and secure as possible to visitors (it's kind of also a project to do this).
I therefore make it a static one, i.e. I don't use PHP & MySQL stuff.

I was wondering whether using JavaScript codes on my website could also be a possible risk. I know some websites might contain dangerous JS, which I guess is why tools like NoScript block them. But what if I "know" that the JS I use is "safe". Would there still be danger that some third party can somehow manage to manipulate my JS to make it dangerous to my visitors?

thanks

welly wrote:Would there still be danger that some third party can somehow manage to manipulate my JS to make it dangerous to my visitors?

If you're the one coding the JavaScript, that's not the case.
If you're including 3rd party JavaScript files, then those who are serving those files may decide to include malicious code which attempts to the privacy or the security of your visitors.

Either way, please ensure that the site works correctly even if JavaScript is disabled (in other words, gracefully degrade).

Hi

I haven't learned to code in JS yet, so what I'll be doing is probably copying-pasting codes I found around the web (if the source seems reasonably trustable).
Would that be OK?

What exactly do you mean by

in other words, gracefully degrade

?
I will attempt to make my website work even without JS (since I block JS myself and so I respect those who do it), and I will add a note for when JS is disabled to say "some functions of the website require JS which your browser doesn't support" or something similar. Is that what you meant be "gracefully degrade"?

welly wrote:Is that what you meant be "gracefully degrade"?

By "gracefully degrading" I mean that there's no vital functionality of the site which is inaccessible when JS is off, even though you can use JS to make it "prettier" or easier to use.