>Due to maintainability issues, the navigation header and footer are fetched via javascript ajax requests and inserted into pages on iacr.org.[1]

That these clowns don't use server-side scripting for this speaks volumes to why everyone should block their JavaShit.

[1]: https://www.iacr.org/tinfoil.html

The amount of pain caused by HTML not having a "client-side include" is ridiculous. Server-side include is very old, but for various reasons having it client side would be easier for use cases like this.

(Security would have to be the same as <script>)

We could call it <frame>, or maybe <iframe> since all the cool kids use isomethings these days.

Frames don't reflow. For headers etc people would want to integrate with the rest of the DOM.

"seamless" iframes were meant to, right? Don't know what happened to that.

Most headers today are expandable and need to be”open up” to take the full more of the screen when interacted with.

This is not possible with a frame.

Obligatory reminder that XSLT exists.

The JS on this page isn't even used to fetch the header/footer either. Most of the 230KiB of Javascript seems to be mathjax.

Childish stuff like this makes sense for personal blogs, but this unwarranted hostility immediately made me distrust this organisation.

Welcome to 2024 when JavaScript is indeed everywhere. It's not hostility. It's reality. Aside from two people here and Stallman, absolutely no one cares about disabling JS any more.

I almost always run websites with Javascript (sometimes I turn it off to get out of illegal cookie walls). I don't really care about the website requiring Javascript (even though it doesn't for this specific page), I care about the explicit hostility against someone whose browser doesn't load JS.

The website would've been fine if they hadn't added anything, yet they went out of their way to insult a small minority of their visitors using a <noscript> element, and took the time to write a weird rant about how you should really enable Javascript for some reason (I guess they only know frontend stuff and don't know how to run a backend server?).

To me, this degrades the website to the level of "personal blog of someone with a grudge" as much as websites that'll redirect you to a rant for leaving Javascript on. For a personal blog, that's just a weird quirk, but for a supposedly scientific, academic space to publish research, that's just bad vibes.

> Welcome to 2024 when JavaScript is indeed everywhere. It's not hostility. It's reality. Aside from two people here and Stallman, absolutely no one cares about disabling JS any more.

This is an irrelevant diversion, and materially untrue - "> What a lovely hat\nIs it made out of tin foil?" is absolutely hostile, and that fact is not contingent on the number of people who disable Javascript.

How many enterprise security suites offer remote browser isolation though

Have they considered iframes?

Yes, a textual site which requires Javascript - or any other active component really - for the text to be read is a bit like a book which requires a decoder ring to read. Just present a text-only or pre-rendered site if the visitor can not or does not want to enable scripting, Maybe add a reminder that the site has some functionality which only works when scripting is enabled.

It's not a message about websites working without JS. It's about browsing with JS disabled.