I'm starting to give a little more attention to making my javascript and ajax degrade gracefully. Which is more recommended:
我开始更多地关注让我的javascript和ajax优雅地降级。更推荐哪个:
- working on incorporating the graceful degradation into your existing code (can be tricky) or
- developing a different sets of pages for the non-js users.
努力将优雅降级纳入现有代码(可能很棘手)或
为非js用户开发不同的页面集。
I'm leaning towards the different sets of pages, because I feel it's easier and I get to deliver the best possible results for each user type (js-enabled or js-disabled). Do you agree with me, and if not, why do you disagree?
我倾向于不同的页面集,因为我觉得它更容易,我可以为每种用户类型(js-enabled或js-disabled)提供最佳结果。你同意我的意见吗,如果没有,你为什么不同意?
I'm also worrying about hacking attempts. For example hacker gets to the js-enabled version, then disables his js. Any thoughts on this point? I don't know much about hacking, but can this be a security concern if I go with the separate versions?
我也担心黑客攻击。例如,黑客进入启用js的版本,然后禁用他的js。关于这一点的任何想法?我不太了解黑客攻击,但如果我使用不同的版本,这可能是一个安全问题吗?
Thanks in advance
提前致谢
3 个解决方案
#1
2
Developing two separate sets of pages, one for JS enabled and one for non-JS, is obviously a lot of work, not only initially, but also as your application keeps evolving. If that doesn't bother you too much, I think that's the way to go. I think you are right about same-page graceful degradation being very tricky sometimes. Sometimes this is just because of the layout: With JS enabled, you can simply hide and show elements, where as without JS: where to put everything? Separate sets of pages can help keep page structure cleaner.
开发两个单独的页面集,一个用于启用JS,一个用于非JS,显然是很多工作,不仅在最初,而且在您的应用程序不断发展时。如果这不会打扰你太多,我认为这是要走的路。我认为你对同页优雅的退化是正确的,有时是非常棘手的。有时候这只是因为布局:启用JS后,您可以简单地隐藏和显示元素,而没有JS:在哪里放置所有内容?单独的页面集可以帮助保持页面结构更清晰。
About hacking attempts: You can never, never, never rely on client-side JavaScript validation. Everything has to be checked (or re-checked) server-side, and your server-side code may make no assumptions whatsoever on the user input. Therefore, I think the scenario of someone de-activating JS while using the application is irrelevant. Try to keep the expected user input uniform for the non-JS and the JS versions, validate it properly, and you're good.
关于黑客攻击:您永远不会,永远不会依赖客户端JavaScript验证。必须在服务器端检查(或重新检查)所有内容,并且您的服务器端代码可能不会对用户输入做任何假设。因此,我认为有人在使用应用程序时取消激活JS的情况是无关紧要的。尝试保持非JS和JS版本的预期用户输入统一,正确验证它,并且你很好。
#2
5
Though it doesn't work well for existing sites, often it's more useful to use the Progressive Enhancement paradigm: build the site so it works with no special add-ons, then start layering your awesomeness on top of that.
虽然它不适用于现有网站,但使用渐进增强模式通常更有用:构建网站使其无需特殊插件即可工作,然后开始层层化您的精彩。
This way you can be sure it works from the ground up and everyone (including those who use screen readers, those who turn off images or stylesheets, and those who don't use javascript) can all access your site.
通过这种方式,您可以确保它从头开始工作,每个人(包括使用屏幕阅读器的人,关闭图像或样式表的人以及不使用javascript的人)都可以访问您的网站。
For an existing site, however, it will depend on what functionality the ajax is delivering. In general you should strive to mirror all the ajax functionality with js disabled. If you have security holes in your js version, than you probably will in your non-js version too. AJAX can't get to anything that can't be accessed via ordinary URL.
但是,对于现有站点,它将取决于ajax提供的功能。通常,您应该努力在禁用js的情况下镜像所有ajax功能。如果您的js版本中存在安全漏洞,那么您的非js版本也可能存在安全漏洞。 AJAX无法访问任何无法通过普通URL访问的内容。
#3
0
You'll probably want to check out jQuery Ajaxy. It lets you gracefully upgrade your website into a full featured ajax one without any server side modifications, so everything still works for javascript disabled users and search engines. It also supports hashes so your back and forward buttons still work.
你可能想看看jQuery Ajaxy。它可以让您优雅地将您的网站升级为功能齐全的ajax,无需任何服务器端修改,因此一切仍适用于禁用javascript的用户和搜索引擎。它还支持哈希,因此您的后退和前进按钮仍然有效。
It's been implemented on these two sites (which I know of) http://wbhomes.com.au and http://www.balupton.com
它已在这两个网站上实现(我知道)http://wbhomes.com.au和http://www.balupton.com
#1
2
Developing two separate sets of pages, one for JS enabled and one for non-JS, is obviously a lot of work, not only initially, but also as your application keeps evolving. If that doesn't bother you too much, I think that's the way to go. I think you are right about same-page graceful degradation being very tricky sometimes. Sometimes this is just because of the layout: With JS enabled, you can simply hide and show elements, where as without JS: where to put everything? Separate sets of pages can help keep page structure cleaner.
开发两个单独的页面集,一个用于启用JS,一个用于非JS,显然是很多工作,不仅在最初,而且在您的应用程序不断发展时。如果这不会打扰你太多,我认为这是要走的路。我认为你对同页优雅的退化是正确的,有时是非常棘手的。有时候这只是因为布局:启用JS后,您可以简单地隐藏和显示元素,而没有JS:在哪里放置所有内容?单独的页面集可以帮助保持页面结构更清晰。
About hacking attempts: You can never, never, never rely on client-side JavaScript validation. Everything has to be checked (or re-checked) server-side, and your server-side code may make no assumptions whatsoever on the user input. Therefore, I think the scenario of someone de-activating JS while using the application is irrelevant. Try to keep the expected user input uniform for the non-JS and the JS versions, validate it properly, and you're good.
关于黑客攻击:您永远不会,永远不会依赖客户端JavaScript验证。必须在服务器端检查(或重新检查)所有内容,并且您的服务器端代码可能不会对用户输入做任何假设。因此,我认为有人在使用应用程序时取消激活JS的情况是无关紧要的。尝试保持非JS和JS版本的预期用户输入统一,正确验证它,并且你很好。
#2
5
Though it doesn't work well for existing sites, often it's more useful to use the Progressive Enhancement paradigm: build the site so it works with no special add-ons, then start layering your awesomeness on top of that.
虽然它不适用于现有网站,但使用渐进增强模式通常更有用:构建网站使其无需特殊插件即可工作,然后开始层层化您的精彩。
This way you can be sure it works from the ground up and everyone (including those who use screen readers, those who turn off images or stylesheets, and those who don't use javascript) can all access your site.
通过这种方式,您可以确保它从头开始工作,每个人(包括使用屏幕阅读器的人,关闭图像或样式表的人以及不使用javascript的人)都可以访问您的网站。
For an existing site, however, it will depend on what functionality the ajax is delivering. In general you should strive to mirror all the ajax functionality with js disabled. If you have security holes in your js version, than you probably will in your non-js version too. AJAX can't get to anything that can't be accessed via ordinary URL.
但是,对于现有站点,它将取决于ajax提供的功能。通常,您应该努力在禁用js的情况下镜像所有ajax功能。如果您的js版本中存在安全漏洞,那么您的非js版本也可能存在安全漏洞。 AJAX无法访问任何无法通过普通URL访问的内容。
#3
0
You'll probably want to check out jQuery Ajaxy. It lets you gracefully upgrade your website into a full featured ajax one without any server side modifications, so everything still works for javascript disabled users and search engines. It also supports hashes so your back and forward buttons still work.
你可能想看看jQuery Ajaxy。它可以让您优雅地将您的网站升级为功能齐全的ajax,无需任何服务器端修改,因此一切仍适用于禁用javascript的用户和搜索引擎。它还支持哈希,因此您的后退和前进按钮仍然有效。
It's been implemented on these two sites (which I know of) http://wbhomes.com.au and http://www.balupton.com
它已在这两个网站上实现(我知道)http://wbhomes.com.au和http://www.balupton.com