- From: Dave J Woolley <DJW@bts.co.uk>
- Date: Tue, 8 Feb 2000 17:18:14 -0000
- To: "'www-html@w3.org'" <www-html@w3.org>
> From: Simon St.Laurent [SMTP:simonstl@simonstl.com] > > I can't find any express prohibition of: > > <a href="javascript:myFunction()"> > > in HTML 4.01 or in XHTML 1.0. The references for URL and URI date back to > 1994 and 1995, and don't make reference of this technique. Is this > officially discouraged in favor of the event attributes? > URI's are extensible, so this could be valid. However the use of such URIs makes it difficult to produce HTML with good accessiblity characteristics - you end up with pages that only work for people with recent browsers who ignore CERT Advisory CA-2000-02. Preferably, if you are going to use Javascript and it isn't fundamentally++ required for the applications (true of most commercial web sites using javascript:) your links should be normal links and any Javascript effects should be achieved by intercepting the onclick or onsubmit events, such that, with the Javascript inactive, the page is still completely usable. That's my view, anyway. I sometimes use Lynx, which has no Javascript support, or even Amaya, and with IE4+ and NS I ran with Javascript disabled even before the Microsoft security alert on IE5 and the above CERT advisory. ++ NB, you should never rely on client side validation alone, as it is easy to re-write pages to bypass the validation, so using Javascript to validate client side should be treated as added value, not as fundamental to the operation of the page.
Received on Tuesday, 8 February 2000 12:22:56 UTC