JavaScript: Difference between revisions

(One intermediate revision by the same user not shown)

Line 10:

|Logo=JavaScript-logo.png}}

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).

'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]). JS is also known to enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.

Line 30:

==Why it is a problem==

Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:

*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to ~~migrate~~ to no-~~JS solutions~~

===Tracking===

*[[wikipedia:~~Web_hosting_service#Static_page_hosting|Static web-hosting]]~~. As the ~~developer has no control over~~ the ~~server~~, ~~any interactivity must be provided by~~ JS

Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. CSS stylesheets combined with HTMLshould be fine with most basic websites or webpages that do not need complex client side interaction.

*[[wikipedia:Instant_messaging|Instant messaging]] (self-~~evident)~~

~~Expanding on the tracking capability,~~ JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>

===Security===

Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref> Some examples of this are as follows:

~~Expanding on the security risks, these are the most common vulnerabilities found in JS code:~~

*[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate

*[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of ES), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.

*Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.

Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>

~~JS not only makes pages "dynamic",~~ the ~~language itself (ES) is very dynamic, which is hard to optimize by engines~~. ~~To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page~~ and a ~~"simple" [[wikipedia:React_~~(~~software~~)~~|React]] app,~~ the ~~bloated HTML had faster [https://developer~~.~~mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP]~~.~~<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which~~ has ~~a better First Meaningful Paint time? |url=https://twitter~~.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>

===Scraping===

Since the rise of big LLM's many brokers have started offering scraping services for companies that want more training data for their AI. and to that end a lot of headless browser agents have begun to scrape (collect a sites information provided) even with the users robots.txt provided as a common standard to tell agents not to do so. this has lead to many forums and websites that had not used JS before to start implementing CAPCHAS or Anubis to prevent increased overhead and bandwidth costs.

==Incidents==

Line 51:

===Google Search requires JS (2025)===

In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>

~~==List of sites refusing to work without JS==~~

~~The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled, even when its use is "illegitimate":~~

*[[YouTube]]

*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}

*[[Instagram]]

*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}

*[[wikipedia:Bluesky|Bluesky]]:

**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable

**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate

*[[Discord]]. While its instant-messaging functionality legitimately requires JS, they refuse to let the user change their account settings (including security and privacy ones) unless JS is enabled.

~~==Benefits==~~

It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>

==External links==

@@ Line 10: / Line 10: @@
 |Logo=JavaScript-logo.png}}
-'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]).
+'''[[wikipedia:JavaScript|JavaScript]]''' '''(JS)''', not to be confused with '''[[wikipedia:ECMAScript|ECMAScript]] (ES)''', is a [[wikipedia:Programming_language|programming language]] and core technology of [[wikipedia:World_Wide_Web|the Web]], alongside [[wikipedia:HTML|HTML]] and [[wikipedia:CSS|CSS]]. It was created by [[wikipedia:Brendan_Eich|Brendan Eich]] in 1995.<ref>https://exploringjs.com/es5/ch04.html</ref> As of 2025, the overwhelming majority of [[wikipedia:Website|websites]] (98.9%) uses JS for [[wikipedia:Client_(computing)|client]]-side [[wikipedia:Web_page|webpage]] behavior.<ref name="deployedstats">{{cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2024-02-27 |website=W3Techs }}</ref> It's even used on the [[wikipedia:Server_(computing)|server]]-side (see [[wikipedia:Node.js|Node.js]]). JS is also known to enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>
 For the entirety of this article (unless stated otherwise) the terms "JavaScript" and "JS" will be defined as "ECMAScript with access to [https://developer.mozilla.org/en-US/docs/Web/API Web APIs]" or "ES+WebAPI" for short.
@@ Line 30: / Line 30: @@
 ==Why it is a problem==
-Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. In 2026, considering the advancements in HTML<!-- TO-DO: cite `<portal>`. I remember an entire website that demos/showcases the Portal API, but can't find it. `<portal>` fixed the fundamental problem that SPAs try to solve, with minimal (or zero!) JS --> and CSS technology, there is minimal reason why an average website (excluding real-time simulations and low-latency gaming) would ''ever'' need JS.<ref>{{Cite web |last=Valkhof |first=Kilian |date=2023-12-02 |title=You don't need JavaScript for that |url=https://www.htmhell.dev/adventcalendar/2023/2/ |url-status=live |archive-url=https://web.archive.org/web/20260308161856/https://www.htmhell.dev/adventcalendar/2023/2/ |archive-date=2026-03-08 |access-date=2026-03-19 |website=HTMHell}}</ref><ref>{{Cite web |last=Archibald |first=Jake |date=2025-07-01 |title=Give footnotes the boot § Footnotes on the web |url=https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |url-status=live |archive-url=https://web.archive.org/web/20251220110553/https://jakearchibald.com/2025/give-footnotes-the-boot/#footnotes-on-the-web |archive-date=2025-12-20 |access-date=2026-03-20 |website=Blog - JakeArchibald.com}}</ref> The main valid justifications are:
-*[[wikipedia:Legacy_code|Legacy code-bases]]. As those are impractical to migrate to no-JS solutions
+===Tracking===
-*[[wikipedia:Web_hosting_service#Static_page_hosting|Static web-hosting]]. As the developer has no control over the server, any interactivity must be provided by JS
+Many webpages (and even entire websites), force the user to keep JS enabled, otherwise they break or deliberately refuse to work. CSS stylesheets combined with HTML<!-- TO-DO: cite `<portal>`. I remember an entire website that demos/showcases the Portal API, but can't find it. `<portal>` fixed the fundamental problem that SPAs try to solve, with minimal (or zero!) JS -->should be fine with most basic websites or webpages that do not need complex client side interaction.
-*[[wikipedia:Instant_messaging|Instant messaging]] (self-evident)
-Expanding on the tracking capability, JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>
+JS makes it harder for [[Ad block|ad-blockers]] to block ads, since it can be used to make overly-dynamic ads. The data collected by malicious JS makes it trivial to serve [[Personalized Ads|personalized ads]], even across unrelated sites. Some sites collect so much data that they are indistinguishable from [[spyware]] (see also [[wikipedia:Keystroke_logging|key-logging]]).<ref>{{Cite web |last=Hill |first=Kashmir |date=2017-06-20 |title=Before You Hit ‘Submit,’ This Company Has Already Logged Your Personal Data |url=https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |url-status=live |archive-url=https://web.archive.org/web/20260220091637/https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081 |archive-date=2026-02-20 |access-date=2026-03-19 |website=Gizmodo}}</ref>
+===Security===
+Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref> Some examples of this are as follows:
-Expanding on the security risks, these are the most common vulnerabilities found in JS code:
 *[[wikipedia:Cross-site_scripting|XSS]], which [[wikipedia:NoScript|NoScript]] tries to mitigate
 *[[wikipedia:Arbitrary_code_execution|Arbitrary code execution]] and [[wikipedia:Code_injection|code injection]]. Typically caused by <code>[https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval eval]</code> (part of ES), but there are Web APIs (such as <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setTimeout setTimeout]</code> and <code>[https://developer.mozilla.org/en-US/docs/Web/API/Window/setInterval setInterval]</code>) that can be misused as well.
 *Remote code execution. This is used by hackers and crackers to build [[wikipedia:Botnet|bot-nets]] for [[wikipedia:Ddos#Distributed_DoS|DDoS]] or [[wikipedia:Cryptocurrency|crypto]]-mining, but it's mostly used for spyware since it can hide more easily.
-Browser-engine developers (such as [[Google]] and [[Mozilla]]) not only feel compelled, but are financially incentivized to optimize JS to its limits. This leads to complex code-bases that are harder to verify for correctness. Browser vendors mitigate this via [[wikipedia:Sandbox_(computer_security)|sandboxing]]. Unfortunately, since modern browsers compile JS to native CPU code (see [[wikipedia:Just-in-time_compilation|JIT]]) to improve performance, this introduces a higher risk of sandbox-escape.<ref>{{Cite web |last=Norman |first=Johnathan |date=2021-08-04 |title=Super Duper Secure Mode |url=https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/ |url-status=live |archive-url=https://web.archive.org/web/20260218110912/https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode |archive-date=2026-02-18 |access-date=2026-03-19 |website=Microsoft Browser Vulnerability Research}}</ref>
-JS not only makes pages "dynamic", the language itself (ES) is very dynamic, which is hard to optimize by engines. To put into perspective how much JS can slow down rendering, someone bench-marked a [[Bloatware|bloated]] pure-HTML page and a "simple" [[wikipedia:React_(software)|React]] app, the bloated HTML had faster [https://developer.mozilla.org/en-US/docs/Glossary/First_meaningful_paint FMP].<ref>{{Cite web |last=Leatherman |first=Zach |date=2019-09-06 |title=Which has a better First Meaningful Paint time? |url=https://twitter.com/zachleat/status/1169998370041208832 |url-status=live |archive-url=https://web.archive.org/web/20240529104252/https://x.com/zachleat/status/1169998370041208832 |archive-date=2024-05-29 |access-date=2024-05-29 |website=Twitter/X}}</ref>
+===Scraping===
+Since the rise of big LLM's many brokers have started offering scraping services for companies that want more training data for their AI. and to that end a lot of headless browser agents have begun to scrape (collect a sites information provided) even with the users robots.txt provided as a common standard to tell agents not to do so. this has lead to many forums and websites that had not used JS before to start implementing CAPCHAS or Anubis to prevent increased overhead and bandwidth costs.
 ==Incidents==
@@ Line 51: / Line 51: @@
 ===Google Search requires JS (2025)===
 In January 2025, Google's web-search engine mandates that user-agents must have JS enabled. Google's justification was that it's a defense mechanism against abusive bots (see also [[Deceptive language frequently used against consumers]]).<ref>https://techcrunch.com/2025/01/17/google-begins-requiring-javascript-for-google-search/</ref><ref>https://daringfireball.net/linked/2025/01/18/google-search-javascript</ref><ref>https://serpapi.com/blog/google-now-requires-javascript/</ref> However, some people claim that it's an invalid justification.<ref>https://blog.jim-nielsen.com/2025/javascript-required/</ref>
-==List of sites refusing to work without JS==
-The following is a non-exhaustive list of websites where most or all pages deliberately only work with JS enabled, even when its use is "illegitimate":
-*[[YouTube]]
-*[[Facebook]]. It used to work without it, but at some point it became mandatory. Some people claim that it's possible to use without JS when visiting the "lite" or "mobile basic" variants.{{Citation needed}}
-*[[Instagram]]
-*[[X Corp|Twitter]]. It also used to work without it, but some time after being bought by [[Elon Musk]], it became mandatory.{{Citation needed}}
-*[[wikipedia:Bluesky|Bluesky]]:
-**The web app (<code>bsky.app</code>) shows this message if JS is disabled<blockquote>This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.</blockquote>which is questionable
-**Its legal docs ([https://bsky.social/about/support/tos ToS], [https://bsky.social/about/support/privacy-policy PP], [https://bsky.social/about/support/community-guidelines CG]) need JS to be viewed by humans, however this seems more of an oversight than deliberate
-*[[Discord]]. While its instant-messaging functionality legitimately requires JS, they refuse to let the user change their account settings (including security and privacy ones) unless JS is enabled.
-==Benefits==
-It's worth noting that, while JS is trivial to misuse and abuse, JS can enhance the [[wikipedia:User_experience|user-experience]] (UX). The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) provides comprehensive guidelines for such purposes.<ref>https://www.w3.org/wiki/The_principles_of_unobtrusive_JavaScript</ref>
 ==External links==