Actually, it is not MY fear of Javascript -- it is my potential user who is afraid of it. Numerous "experts" such as http://www.cert.org recommend everybody turn OFF all scripting support, including Javascript, because of the potential of cross-site scripting.
Any good web2py'er knows that XSS is defeated by the design of web2py, but if the user has Javascript turned off because of the fear of it -- and my site depends on it -- we have a problem. I just have no feel for how prevalent this fear is, and what percentage of users has it turned off. My site is aimed at swimmers who participate in competitions. They will use the site to sign up and pay the entry fees by CC, so some degree of trust is needed on the user's part. The sites income will be derived from the entry fees, so I want everyone to use it. But if I design the site with no Javascript at all, I wind up with a pretty boring and hard-to-use result. Instead of easy point, click, drag, drop operations I get lots of form-filling and switching between pages. It's ugly. I guess I am mostly curious about how others deal with this conundrum and if it is a big impact to depend on Javascript. -- Joe B. On Sunday, December 23, 2012 7:38:02 PM UTC-7, rh wrote: > > > Are you distrustful of the javascript that web2py uses? jquery, et. al. > Surely that code has received intense scrutiny in regards to security. > And no doubt google has posted the security audit of the code in question > in a public place, right? > > --
