OIT Tech 32px
pagemasters' toolbox -- static pages

Using Javascript on Web Pages

When you work with a programmer on a web-based project, there are two possibilities:  the program may be executed on the server or on the browser.

Server-based Execution

The program may be executed on the server, with the web browser providing the user interface.  This is routinely provided under the name "CGI scripting."

CGI scripting works well in a situation that will involve a modest number of simultaneous browsers.  If too many people run the program at the same time, the server system will be brought to its knees, slowing down or even preventing the presentation of other web pages from that server.

The CGI program may execute on the server with the identity of the web server, in which case it will have access to a great many files on the system.  In such a case, there will need to be appropriate precautions to ensure the integrity of the system.

The CGI program may execute on the server with the identity of the individual authorized user who wrote it.  In this case, the CGI program will have access to all files on that server that are owned by that user, including, for example, any personal E-mail files that are kept on that system.

Browser-based Execution

The program may be executed on the browsing computer.  This is available with many recent browsers using "Javascript."

Javascript has the advantage over CGI that the available resources for executing the program grow in exact proportion to the number of people running it, instead of being constant.

The disadvantages of Javascript include the following:

Limited Universality

Browsers run on all sorts of hardware and software, so providing access to the intended functionality will depend on the availability of a Javascript-capable browser for the particular hardware and operating system that the user already has on his or her desktop.  Some people will continue to use pre-Javascript versions of browsers because they have too little RAM or because they only have free access to the old version.  Visually impaired people are more likely to use Lynx, which does not include Javascript.

Limited Security

Javascript is a real programming language.  An evil Javascript program could be embedded in a page that you innocently browse to.  Such an evil Javascript program could, for example, erase your entire hard disk right then, or it could modify the system startup files so that the hard disk got erased the next time you start the system.  It could also send copies of all your data files to someone else on the network, one at a time, while you continue to browse.  There is no obvious limit to the mischief that could be done with Javascript.

If the browser has been flawlessly written, it will enforce limitations on the running program ("it has to play only in its own sandbox") to prevent the Javascript program from doing anything nasty.  Many people who have Javascript-capable browsers will configure them to leave Javascript turned off because they don't trust the browser to be bug-free.  This is a realistic fear:  most versions of FireFox and of Microsoft's Internet Explorer have permitted a Javascript program to erase files from the user's hard disk.

Limited Performance

Translating program source code (ASCII text strings) into machine language instructions (binary code) can be done in advance ("compiled"), at execution time ("interpreted"), or partially in advance and completed at execution time ("pre-interpreted").  These three strategies differ in their efficiency as measured by execution speed of the program, in their portability among hardware and software environments for program development, and in their portability among hardware and software environments for program execution.

Javascript can be either interpreted or pre-interpreted.  This has made it possible to produce Javascript program development environments for many platforms, and to produce Javascript execution environments for many platforms, but it does slow down the execution speed.  This shortcoming is being partially offset by speed increases in personal computers and by growing sophistication in the Javascript software, but it will always be an issue for some applications.

How does Javascript Work?

The HTML file can contain either the source code for the Javascript program (enclosed in a <SCRIPT> block) or the file on the server containing the Javascript program can be referenced by a special tag (<APPLET CODE=AppletName.class>) identifying its URL.

More information about Javascript is available on-line through the usual search engines and Wiki servers.

If the source code is part of the HTML, then the browser must be able to interpret that source code so as to execute the program.

If the program is referenced by a URL, that file must be brought down through the network from the server and executed.