How I handle disabled javascript

August 13th, 2015 Javascript 1,651 views

This time I would like to share something technical. As this is a very easy trick for hackers to break the website security or find out website vulnerability.

e.g. You have build a membership registration form for a website. You have put some form validation using javascript or any jquery plugin. That will definitely help us get authentic & validate data from that form. But what if you disable javascript in browser settings? As that option is given in most of the browsers. Then people will be able to easily bypass the form validations and will submit the trash data.

To overcome such issues, there are several solution. Specifically, in the example I gave, you can make it more secure by adding validations using server side scripting.

Another simple solution is to find out if javascript is disable then show some different output on browser. I use this solution most of the time. For this we have to use “noscript” tag.

Here is how W3Schools explains “noscript” tag :

The <noscript> tag is used to provide an alternate content for users that have disabled scripts in their browser or have a browser that doesn’t support client-side scripting.

The noscript element can contain all the elements that you can find inside the body element of a normal HTML page. The content inside the noscript element will only be displayed if scripts are not supported, or are disabled in the user’s browser.

Here is how I use noscript tag in all my sites. Take a look at the following code.

Here what I have done is, I have added one div block into my body javascript_error which will show a message only when the javascript is disabled. So default it is kept hidden and in noscript tag, I have added another style to make this block visible. And to Hide the full page container which is identified as page (in your sites, it depends on what id you choose for div block to wrap whole body code)

And that’s it. Hope this simplifies your security process for browsers with disabled javascript.

If you like it, Sharing is Caring !

Leave your comments: