To use this website fully, you first need to accept the use of cookies. By agreeing to the use of cookies you consent to the use of functional cookies. For more information read this page.

Giving more power to the browser (and JavaScript)

17 Oct 2018 at 10:33
We are always giving more to JavaScript, but is this a good thing? In this article I'm exploring some very basic reasons why security has improved in our browsers and why JavaScript is no longer the threat it used to be.

With new developments in web technologies each and every day, particularly in the JavaScript side of things, I as a web developer often stop and think, are we giving too much power to these devices?

Well, yes, and well no. Browsers are, no doubt, getting more and more powerful and obtaining more power over the host system, but did you know that with all these new powers there are more security features built into browsers than ever?

We've come a long way since we first saw the introduction of tabbed browsing since now tabs are not just a user interface element but they are in fact a different thread altogether. This has huge security benefits over the original window-based design and in fact, has performance benefits too. All of this has given JavaScript within the browsers more power, but with less access and potential to cause issues.

There was once a time when JavaScript was seen as being a necessary evil - websites could use it to plunder your browser and crash it over and over again, or manipulate you into giving data over, but I would be bold and say that those days are nearly over - websites conform or disappear nowadays, JavaScript engines can detect repetition and crashing a tab doesn't affect other websites open in other tabs.

But are we being too cautious with what JavaScript should be allowed to do? I for one see JavaScript as a future of web development, especially now that WebAssembly (WASM) is becoming such a big thing. The new APIs JavaScript offers such as the Battery API offer so much more than is needed on a regular basis, but they're great and they don't expose too much of the system whilst giving developers more capabilities and the ability to develop web apps better.

With the world moving to a mobile platform based web (not saying that desktop is disappearing, but we are all getting into mobile web a lot more since smartphones are so ubiqutious now), we need to have more power in JavaScript to do high-performance things that we only used to be able to do in native apps. Mobile app development within the web browser is definitely becoming more of a thing and that's great. It's just that at the moment we don't have everything we need to make that change perfect. Web browsers need more power (as mentioned WASM aims to do this, but it's not going to do it alone). The Battery API is a good example of adding more capabilities to JavaScript for the mobile environment as we can tailor the performance levels of the app based on the battery life remaining on the device. But what about if there was a really simple way of detecting capabilities of the device without having to do complex JavaScript. For instance, the specifications of the CPU? The amount of memory the device has? The amount of storage left on the device? All of these could be really useful to a developer of a mobile app, or even a mobile website.

What if web apps were permitted to access a sandboxed part of the file system, somewhere they can save a file for instance so that the next time the user visits the app or website they could load the file. For instance, with my ClickIt project this would be very useful. But how useful would this actually be for an everyday website? That I guess depends on the focus of the website.

So what do you think, should JavaScript be given more power or should we be careful about what we give to it?