do some companies block client-side Javascript scripting on client-side browser?

Question

I'm aware users may turn support for Javascript on/off in their browsers. But, does anyone know if some corporations have the practice of locking down systems such that the user no longer has the ability to turn Javascript on/off?

I'm considering building an enterprise web application that depends on Javascript scripting on the client side browser. Let's assume for the sake of discussion all users of this application are fine with enabling Javascript in their browsers as long as they are able to. Just wondering if I might possibly encounter situations where the user is not permitted to turn his/her browser's Javascript support on/off.

If so, I wonder what other options are available to crunch numbers in the client's browser (and then the same question would apply).

Answer 1

I think your design goals and security concerns are in conflict. You cannot ask the question "how can I crunch numbers on the client side" if you have legitimate reason to suspect your target market will have a security posture such that even JavaScript is disabled. In my experience, companies and government agencies that don't allow JavaScript don't specifically disallow "JavaScript" - they disallow "portable code", or code that will execute on the client side. This means the whole gammit - JavaScript, ActiveX, Flash, etc.

If you're designing an app or service that is targeting this level of secure enterprise, you should abandon any notion of client side execution and focus on making the lightest weight interface possible to ensure that the form posts that will be required to get any form of dynamic behavior will require as little bandwidth as possible.

My .02 on that.

B

Answer 2

My understanding is that some companies use a proxy which actually removes javascript from the HTML for the page. That means that even if javascript is on, it won't be executed, because the browser never sees it.

The safe bet is to presume that JS may not be available, and code expecting that.

Answer 3

I think the vast majority desktop users in a company will have access to Javascript (or at least the option to enable/disable it). I can't think of a reason why this would not be the case.

However it might be disabled on remote servers which are used by a large number of users for the sake of security. Some of these machines are either very old or run very old software. So for example if one of them was running IE6, the administrator for that particular server might disable Javascript completely to prevent any malicious attacks.

In these cases, the machines are meant to be used for web browsing.

Answer 4

I think the best you can do is show some warning to the user that this site requires JS to function properly.

Other workarounds would be to do it via flash/activex/java applets but those can be turned be off too (and most likely they would be off if the corporation is that paranoid).