javascript isn't evil

JavaScript isn’t evil…

Chris Heilmann @codepo8, Copenhagen Frontend, October 2016

Of innovation and impatience

Chris Heilmann @codepo8, Future Decoded, London, Nov 2015

CHRIS HEILMANN @CODEPO8

We all know this character, right?

https://en.wikipedia.org/wiki/Mario#Concept_and_creation

But do you know why it looks like it does?


Red and Blue offered the best contrast to the skin, boots and the game background.


The cap meant there was no need to worry about hair style, eyebrows and forehead.

(There were also not enough pixels for waving hair when falling down a hole)

The large nose and moustache made it possible to avoid a mouth and facial expressions.

Design by limitations.!

Design by lack of definition.🌎🕸

Flexibility and forgiveness…

💧 HTML and CSS are fault tolerant…

Knives, bees and footguns…

🦂 JavaScript is not fault tolerant

With HTML and CSS you’re relying on the user agent to do the right thing…🙁

Using JavaScript, you have a means to test if what you’re trying to do succeeded…✅

Predicting things is tough…🔮

That’s why progressive enhancement was a great idea to solve this issue…

But is it still enough?🔬

And what does it mean?🤔

JavaScript can’t be trusted and can be turned off.💣

Everybody has JavaScript, and we can do everything with it?🔨

Story time…🐷*3🐺+🏠+🌳

https://a-k-apart.com/

Excellent, let’s do this!

https://codepo8.github.io/10kb-CSS-colour-game/

That was fun…😎 Written on a plane, offline and in

roughly two hours 😎 Works on desktop and mobile,

independent of input and is responsive

😎 Using ServiceWorker caches content locally and can be played offline

😎 All in all < 8 kb with the biggest part being iconshttps://codepo8.github.io/10kb-CSS-colour-game/

Well done, Chris!

https://www.google.com/patents/US4608967

https://www.google.com/patents/US4608967

Here’s the source… …Luke?

The structure was not hard…😎 Have an array of all the possible colours. 😎 Get a random cut of n elements, display them as a list; store the name of the colour

as a data attribute 😎 Get one item of the list as the colour to match, show its name. 😎 Use event delegation on the list to add one click handler (also allows for keyboard) 😎 Compare the data attribute of the target of the event with the colour to match 😎 If true, display a new random list 😎 If false, decrease the possible moves counter 😎 If no more moves left, show game over 💩 Only issue: there is no array_rand()

Computers and smartphones are powerful. Browsers can do a lot and are open to feedback. JavaScript is flexible and has evolved. CSS has become amazing. Developer tools in browsers give us great debugging and even design capabilities

😍

🦄

🎉

The beauty of HTML, CSS and JS…

😍 All is contained in one package 😍 Everything is running on the end users

environments 😍 You wouldn’t even need ServiceWorker to

make this work offline - inlining everything would be enough

📦

Then I read the contest guidelines…😟

https://a-k-apart.com/faq http://stateofjs.com/

I FAQed up… 😭

Should I try to make this a NodeJS, universal, functional, gluten-free…🤔

Sod it, I know PHP…🤓

New, more sturdy structure…

😎 Write a PHP API with the named colours as the content 😎 Use array_rand() to get a cut of that, pick one as the one to match 😎 Write out a list of buttons with the same name and the colour as the value. 😎 If the colour matches the button that was clicked, get a new list 😎 If the colour doesn’t match, decrease the amount of moves and show the list again. 😠 Oh, crap…

As we don’t keep the state of the game in the browser, I need to maintain the random array in between reloads…

👜

The amount is not much, but you better make sure that there is no way to inject code to the server.🚨

Constant vigilance, Harry…

Now it works without JS, let’s add some…

😎 Load the API content with Francis, err… AJAX 🤔 Repeat the rest of the functionality client-side, or do

a lot of unnecessary server roundtrips…🍕

The better, sturdier, more webby version🤔 Almost same amount of

JavaScript content 🤔 Doesn’t work offline, unless

we also create a different API

🤔 But it does work with JavaScript disabled.

😨 It also allows bad people to inject code unless we are very vigilant in keeping our backend secure.

How about some heresy?😯

The “JavaScript not available” argument is largely bogus and is holding back the web!

⬇ 🎤

The “JavaScript is flaky and will break” argument is very much alive and will always be that way…🚧

We call this “programming”✊

🖥→💻→📱Evolution is happening around us…

…and user numbers are shifting.

This means that new error cases become much more important than “JavaScript is not available”⚠

✏ Small initial payload ✏ Form factor supporting content ✏ Form factor supporting interfaces ✏ Offline/Flaky connection support ✏ Taking advantage of the power of

the end user device ✏ Avoiding interaction latency

❤📲

This is achievable using HTML, JavaScript and CSS, but it is much harder - if not impossible - without client side scripting.

👷

Which is annoying, as the HTML5 revolution promised a move from documents to apps…

The problem is that eight years after the proposal and five years after HTML5’s “last call”, there are still many basic support issues…

😦

https://vimeo.com/176453149

Monica Dinculescu < INPUT > HTML Special, CSS Day

https://www.filamentgroup.com/lab/type-number.html

And the bad people of the internet don’t stop abusing old technology either…💀

In UGC, we can’t have nice things…

https://mathiasbynens.github.io/rel-noopener/https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c#.mjuw7q3cf

Keep users on this page…


🔓💩

Fix for newer browsers…


Fix for all browsers…


Almost…

Listen for the click event and prevent the default browser behavior of opening a new tab. Inject a hidden iframe that opens the new tab, then immediately remove the iframe. “

https://github.com/danielstjules/blankshield

https://github.com/danielstjules/blankshield

Our solutions should have excellent error handling instead of automatic tolerance.👌

And they should be great solutions and not just “good enough without breaking”.

https://twitter.com/dieni/status/767589581046841344

Non-defensive coding is a problem…

We all make mistakes and errors happen…

There is a culture of “let’s use whatever until it works”😐

Standing on the shoulders of… …people?

http://status.npmjs.org/incidents/dw8cr1lwxkcr



Better be safe and require()…

More detail: the "fs" package is a non-functional package. It simply logs the word "I am fs" and exits. There is no reason it should be included in any modules. However, something like 1000 packages *do* mistakenly depend on "fs", probably because they were trying to use a built-in node module called "fs".


https://www.npmjs.com/package/groot

Passive Event Listeners

https://www.npmjs.com/package/groot

This is not a JavaScript thing…

We have a lot of messy solutions, and we keep building more tools to undo what clogs up the web.

Best practices can help with that, but only when they apply to the people who build things and when they solve current issues and needs…

What about older browsers?

What about extreme environment browsers?

These are valid concerns, but edge cases. And shouldn’t be used as a punishment scenario.🗞

What about accessibility, eh?♿

Used sensibly, JavaScript is an accessibility benefit. Sometimes the only way to make things accessible. ARIA is not magic.

🕹

https://codepo8.github.io/gridnav/

It is more important for us to get a grip on the overall quality of the web and our code…🏅

Using instead of a URL or using a button is not JavaScript’s fault. It is a bad idea and practice - probably copy & paste.

💩<a href="javascript:void(0)">

Instead of bashing bad use of JavaScript, let’s embrace and scrutinise new ideas like components and paradigms like functional programming.

🔎

There is a very cool thing happening right now…😃

A lot of the next improvements of the web are progressive enhancements of existing JavaScript solutions.🍾

https://www.youtube.com/watch?v=NPM6172J22g


https://www.youtube.com/watch?v=NPM6172J22g

true: apply on capture

false: apply on bubble

false enables event delegation😊

Service Worker & PWAs

https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API

🔧 🦄

https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API

✅ Create and publish as much content independent of JavaScript as you can

✅ JavaScript can make things much more enjoyable and some things are just not worth while to implement without.

✅ Use JavaScript to benefit from the user’s hardware

✅ Spend more time building great interfaces, less time relying on what is there and can’t break - in many cases it is disappointing.

It is time to re-think our best practice for the web approach…

🙂 You don’t rely on automatic fixes. JavaScript breaks and it is painful. It allows us to analyse what went wrong.

🙂 Tooling is much better and we get much more insights into what happened than with, for example, CSS

🙂 We take responsibility of the interface. It is our job to make it happen - not browser makers to agree and find a consensus

🙂 We have full control over what gets loaded when, cached where and rendered when.

Benefits of an “It’s OK to rely on JS for this” approach…

⚠ We shouldn’t hide functionality in magical abstractions. A product that relies on the availability and maintenance of a framework is not a script dependency - it is a support issue.

⚠ Just because we can do everything in JavaScript, doesn’t mean we have to. Use it when HTML is not good enough or too broken to rely on.

⚠ While the client is powerful, it is also unknown. A lot more can be done on the server - and in JavaScript.

Dangers to be aware of…

Important considerations independent of technology used…

💣 Shit happens! Spend more time in creating sensible error messaging and fallbacks, spend less time in trying to predict every possible error

💣 Slowness kills - our solutions must load fast what is needed and enhance when they can. They also need to be snappy.

💣 Offline and flaky is the norm - avoid network dependency as much as you can

💣 Security is paramount. A hacked server sending out malware or spam is worse than an app that needs a restart…

We have to stop thinking in binaries, and consider writing great, secure and failure-aware solutions using each technology to its strengths.

🐝

Mario evolved - so can the web…

CHRIS HEILMANN

@CODEPO8

CHRISTIANHEILMANN.COM

THANKS!

http://christianheilmann.com