There is a saying in Hungarian: Don’t look at the teeth of a horse you received as a gift. It refers to the fact that you shouldn’t criticize something if you get it for free. However from time to time I feel the need to raise my voice about things which could be better done. Example:

Via Global Nerdy I found a site called JS-Kit which allows you to add dynamic functionality to your own site. After doing a little googling, I found out that supposedly it was created by a Cisco Security Engineer. My comments are: is this the Cisco trust us, we know what’s best for you mentality or is this guy just inexperienced in the area of web security? Does he really think that I will include a script from his site that will run in the context of my page? And because the script is on his server, he can change it any time or even do sneaky things like only serve up the modified version when a referrer from my site is detected! An example of somebody getting it (partially) right is Widgetboy. You have to trust their javascript code, but after that they host every widget in an iframe, so that it can’t interact with your site.

My other problem is: why do you need javascript to submit a comment? Bulletin boards existed for ages without javascript! What about disabled users who use screen readers?

Here is the way it should be implemented IMHO:

• The user should insert a single line of HTML in the page: <a href="http://js-kit.com/comment?[page url]>Comment on this<a>, the page url being optional (although recommended, see below)
• When the user clicks on this link, s/he is redirected to the js-kit website, where a script takes the referrer url (which is activated in 99.9% of the browsers) to find out the page the comment should be placed on. If no referred url is available, it can fall back to the url passed as parameter. If none of these two is available, it gives an error message and terminates.
• Now it redirects to a page which is divided in two frames: one which displays the original site and one which display the comments. The comments page should contain a prominent close link which redirects the top frame back to the original page, eliminating the comment frame.
• The comment area can be used to place comments. There is no need to use javascript, plain old forms can do it, however you can use the principle of progressive enhancement to add visual effects with something like script.aculo.us, however the form should be usable without javascript.

The advantages would be:

• Gives almost the same experience
• There is no need to trust any third party javascript (no offense)
• It works on a wide variety of browsers (event lynx knows frames)
• It should work on speech browsers