javascript isn't evil
Post on 14-Jan-2017
732 Views
Preview:
TRANSCRIPT
JavaScript isn’t evil…
Chris Heilmann @codepo8, Copenhagen Frontend, October 2016
Of innovation and impatience
Chris Heilmann @codepo8, Future Decoded, London, Nov 2015
CHRIS HEILMANN @CODEPO8
We all know this character, right?
https://en.wikipedia.org/wiki/Mario#Concept_and_creation
But do you know why it looks like it does?
https://en.wikipedia.org/wiki/Mario#Concept_and_creation
Red and Blue offered the best contrast to the skin, boots and the game background.
https://en.wikipedia.org/wiki/Mario#Concept_and_creation
The cap meant there was no need to worry about hair style, eyebrows and forehead.
(There were also not enough pixels for waving hair when falling down a hole)
The large nose and moustache made it possible to avoid a mouth and facial expressions.
Design by limitations.!
Design by lack of definition.🌎🕸
Flexibility and forgiveness…
💧 HTML and CSS are fault tolerant…
Knives, bees and footguns…
🦂 JavaScript is not fault tolerant
With HTML and CSS you’re relying on the user agent to do the right thing…🙁
Using JavaScript, you have a means to test if what you’re trying to do succeeded…✅
Predicting things is tough…🔮
That’s why progressive enhancement was a great idea to solve this issue…
But is it still enough?🔬
And what does it mean?🤔
JavaScript can’t be trusted and can be turned off.💣
Everybody has JavaScript, and we can do everything with it?🔨
!
Story time…🐷*3🐺+🏠+🌳
https://a-k-apart.com/
Excellent, let’s do this!
https://codepo8.github.io/10kb-CSS-colour-game/
That was fun…😎 Written on a plane, offline and in
roughly two hours 😎 Works on desktop and mobile,
independent of input and is responsive
😎 Using ServiceWorker caches content locally and can be played offline
😎 All in all < 8 kb with the biggest part being iconshttps://codepo8.github.io/10kb-CSS-colour-game/
Here’s the source… …Luke?
The structure was not hard…😎 Have an array of all the possible colours. 😎 Get a random cut of n elements, display them as a list; store the name of the colour
as a data attribute 😎 Get one item of the list as the colour to match, show its name. 😎 Use event delegation on the list to add one click handler (also allows for keyboard) 😎 Compare the data attribute of the target of the event with the colour to match 😎 If true, display a new random list 😎 If false, decrease the possible moves counter 😎 If no more moves left, show game over 💩 Only issue: there is no array_rand()
Computers and smartphones are powerful. Browsers can do a lot and are open to feedback. JavaScript is flexible and has evolved. CSS has become amazing. Developer tools in browsers give us great debugging and even design capabilities
😍
🦄
🎉
The beauty of HTML, CSS and JS…
😍 All is contained in one package 😍 Everything is running on the end users
environments 😍 You wouldn’t even need ServiceWorker to
make this work offline - inlining everything would be enough
📦
Then I read the contest guidelines…😟
https://a-k-apart.com/faq http://stateofjs.com/
I FAQed up… 😭
Should I try to make this a NodeJS, universal, functional, gluten-free…🤔
Sod it, I know PHP…🤓
New, more sturdy structure…
😎 Write a PHP API with the named colours as the content 😎 Use array_rand() to get a cut of that, pick one as the one to match 😎 Write out a list of buttons with the same name and the colour as the value. 😎 If the colour matches the button that was clicked, get a new list 😎 If the colour doesn’t match, decrease the amount of moves and show the list again. 😠 Oh, crap…
As we don’t keep the state of the game in the browser, I need to maintain the random array in between reloads…
👜
The amount is not much, but you better make sure that there is no way to inject code to the server.🚨
Constant vigilance, Harry…
Now it works without JS, let’s add some…
😎 Load the API content with Francis, err… AJAX 🤔 Repeat the rest of the functionality client-side, or do
a lot of unnecessary server roundtrips…🍕
The better, sturdier, more webby version🤔 Almost same amount of
JavaScript content 🤔 Doesn’t work offline, unless
we also create a different API
🤔 But it does work with JavaScript disabled.
😨 It also allows bad people to inject code unless we are very vigilant in keeping our backend secure.
How about some heresy?😯
The “JavaScript not available” argument is largely bogus and is holding back the web!
⬇ 🎤
The “JavaScript is flaky and will break” argument is very much alive and will always be that way…🚧
We call this “programming”✊
🖥→💻→📱Evolution is happening around us…
…and user numbers are shifting.
This means that new error cases become much more important than “JavaScript is not available”⚠
✏ Small initial payload ✏ Form factor supporting content ✏ Form factor supporting interfaces ✏ Offline/Flaky connection support ✏ Taking advantage of the power of
the end user device ✏ Avoiding interaction latency
❤📲
This is achievable using HTML, JavaScript and CSS, but it is much harder - if not impossible - without client side scripting.
👷
Which is annoying, as the HTML5 revolution promised a move from documents to apps…
The problem is that eight years after the proposal and five years after HTML5’s “last call”, there are still many basic support issues…
😦
https://vimeo.com/176453149
Monica Dinculescu < INPUT > HTML Special, CSS Day
https://www.filamentgroup.com/lab/type-number.html
And the bad people of the internet don’t stop abusing old technology either…💀
In UGC, we can’t have nice things…
https://mathiasbynens.github.io/rel-noopener/https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c#.mjuw7q3cf
Keep users on this page…
https://mathiasbynens.github.io/rel-noopener/https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c#.mjuw7q3cf
🔓💩
Fix for newer browsers…
https://mathiasbynens.github.io/rel-noopener/https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c#.mjuw7q3cf
Fix for all browsers…
https://mathiasbynens.github.io/rel-noopener/https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c#.mjuw7q3cf
Almost…
Listen for the click event and prevent the default browser behavior of opening a new tab. Inject a hidden iframe that opens the new tab, then immediately remove the iframe. “
https://github.com/danielstjules/blankshield
Our solutions should have excellent error handling instead of automatic tolerance.👌
And they should be great solutions and not just “good enough without breaking”.
https://twitter.com/dieni/status/767589581046841344
Non-defensive coding is a problem…
We all make mistakes and errors happen…
There is a culture of “let’s use whatever until it works”😐
Standing on the shoulders of… …people?
http://status.npmjs.org/incidents/dw8cr1lwxkcr
Better be safe and require()…
More detail: the "fs" package is a non-functional package. It simply logs the word "I am fs" and exits. There is no reason it should be included in any modules. However, something like 1000 packages *do* mistakenly depend on "fs", probably because they were trying to use a built-in node module called "fs".
This is not a JavaScript thing…
We have a lot of messy solutions, and we keep building more tools to undo what clogs up the web.
Best practices can help with that, but only when they apply to the people who build things and when they solve current issues and needs…
What about older browsers?
What about extreme environment browsers?
These are valid concerns, but edge cases. And shouldn’t be used as a punishment scenario.🗞
What about accessibility, eh?♿
Used sensibly, JavaScript is an accessibility benefit. Sometimes the only way to make things accessible. ARIA is not magic.
🕹
https://codepo8.github.io/gridnav/
It is more important for us to get a grip on the overall quality of the web and our code…🏅
Using instead of a URL or using a button is not JavaScript’s fault. It is a bad idea and practice - probably copy & paste.
💩<a href="javascript:void(0)">
Instead of bashing bad use of JavaScript, let’s embrace and scrutinise new ideas like components and paradigms like functional programming.
🔎
There is a very cool thing happening right now…😃
A lot of the next improvements of the web are progressive enhancements of existing JavaScript solutions.🍾
https://www.youtube.com/watch?v=NPM6172J22g
Passive Event Listeners
true: apply on capture
false: apply on bubble
false enables event delegation😊
Passive Event Listeners
Service Worker & PWAs
https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
🔧 🦄
✅ Create and publish as much content independent of JavaScript as you can
✅ JavaScript can make things much more enjoyable and some things are just not worth while to implement without.
✅ Use JavaScript to benefit from the user’s hardware
✅ Spend more time building great interfaces, less time relying on what is there and can’t break - in many cases it is disappointing.
It is time to re-think our best practice for the web approach…
🙂 You don’t rely on automatic fixes. JavaScript breaks and it is painful. It allows us to analyse what went wrong.
🙂 Tooling is much better and we get much more insights into what happened than with, for example, CSS
🙂 We take responsibility of the interface. It is our job to make it happen - not browser makers to agree and find a consensus
🙂 We have full control over what gets loaded when, cached where and rendered when.
Benefits of an “It’s OK to rely on JS for this” approach…
⚠ We shouldn’t hide functionality in magical abstractions. A product that relies on the availability and maintenance of a framework is not a script dependency - it is a support issue.
⚠ Just because we can do everything in JavaScript, doesn’t mean we have to. Use it when HTML is not good enough or too broken to rely on.
⚠ While the client is powerful, it is also unknown. A lot more can be done on the server - and in JavaScript.
Dangers to be aware of…
Important considerations independent of technology used…
💣 Shit happens! Spend more time in creating sensible error messaging and fallbacks, spend less time in trying to predict every possible error
💣 Slowness kills - our solutions must load fast what is needed and enhance when they can. They also need to be snappy.
💣 Offline and flaky is the norm - avoid network dependency as much as you can
💣 Security is paramount. A hacked server sending out malware or spam is worse than an app that needs a restart…
We have to stop thinking in binaries, and consider writing great, secure and failure-aware solutions using each technology to its strengths.
🐝
Mario evolved - so can the web…
top related