Security Trick – for Who Disable Javascript From Browser

Security 18 Sep , 2013  

Buffer

A Question to all Developers – What will you do if the user disables Javascript from browser options. That way anybody can submit the form without getting alerted for missing fields and the validations you added to the page ???

litmus-disable-javascript

Here I am to show you we can add a security in the browser with disabled javascript

Solution

Best solution for this is to use noscript tag.

Let’s see the possibilities when we are supposed to face browsers with no javascript.

1. If the person is using Cellphone for browsing website and that browser has no support for javascript
2. If the person has disabled javascript with purpose
3. If a person is using very old browser that has support for javascript but does not support latest javascripts

The <noscript> tag is used to provide an alternate content for users that have disabled scripts in their browser or have a browser that doesn’t support client-side scripting.

The noscript element can contain all the elements that you can find inside the body element of a normal HTML page.
The content inside the noscript element will only be displayed if scripts are not supported, or are disabled in the user’s browser.

Here is how I use noscript tag in all my sites. Take a look at the following code.

<!-- Add this into Head tag --->

<style type="text/css">
#javascript_error{
display:none;
}
</style>

<noscript>

<style type="text/css">
#page{
display:none;
}

#javascript_error{
display:block;
font-size:20px;
color:red;
}
</style>

</noscript>

<!-- Add this into Body tag where you want to display your error -->
<div id="javascript_error">Please enable javascript into your browser.</div>

 

So the logic is to hide a main container of the page when noscript tag executes. This is what I have done , I have added one div block into my body to display javascript error. Default it is hidden.And in noscript tag, I have added another style to make Error block visible. And to Hide the full page container which is identified as “page”.

Hope this simplifies your security process for browsers with disabled javascript.

, , ,