Following up on disabling JavaScript support for IE6 [1], here is some
additional research on other browsers. I'd appreciate if people with
experience testing/developing for/with these browsers would jump in
with additional observations. I think we should wait with adding other
browsers to the blacklist until the IE6 change has been rolled out,
which may expose unanticipated consequences (it already exposed that
Common.js causes errors in blacklisted browsers, which should be fixed
once [2] is reviewed and merged).
As a reminder, the current blacklist is in <resources/src/startup.js>.
As a quick test, I tested basic browsing/editing operation on English
Wikipedia with various browsers. Negative results don't necessarily
indicate that we should disable JS support for these browsers, but
they do indicate the quality of testing that currently occurs for
those browsers. Based on a combination of test results, unpatched
vulnerabilities and usage share, an initial recommendation for each
browser follows.
Note that due to the heavy customization through gadgets/site scripts,
there are often site-specific issues which may not be uncovered
through naive testing.
== Microsoft Internet Explorer 7.x ==
Last release in series: April 2009
- Browsing: Most pages work fine (some styling issues), but pages with
audio files cause JavaScript errors (problem in TMH).
- Editing: Throws JS error immediately (problem in RefToolbar)
Both of these errors don't occur in IE8.
Security vulnerabilities:
Secunia reports 15 out of 87 vulnerabilities as unpatched, with the
most serious one being rated as "moderately critical" (which is the
same as IE6, while the most serious IE8 vulnerability is rated "less
critical").
Usage: <1%
Recommendation: Add to blacklist
== Opera 8.x ==
Last release in series: September 2005
Browsing/editing: Works fine, but all JS fails due to a script
execution error (which at least doesn't cause a pop-up).
Security: Secunia reports 0 unpatched vulnerabilities (out of 26).
Usage: <0.25%
Recommendation: Add to blacklist
== Opera 10.x-12.x ==
Last release in series: April 2014
Browsing/editing: Works fine, including advanced features like
MediaViewer (except for 10.x)
Security: No unpatched vulnerabilities in 12.x series according to
Secunia, 2 unpatched vulnerabilities in 11.x ("less critical") and 1
unpatched vulnerability in 10.x ("moderately critical")
Usage: <1%
Recommendation: Maintain basic JS support, but monitor situation re:
10.x and add that series to blacklist if maintenance cost too high
== Firefox 3.6.* ==
Last release in series: March 2012
Browsing/editing: Works fine (MediaViewer disables itself)
Security: 0 unpatched vulnerabilities according to Secunia
Recommendation: Maintain basic JS support
== Firefox 3.5.* ==
Last release in series: April 2011
Browsing/editing: Works fine (MediaViewer disables itself)
Security: 0 unpatched vulnerabilities according to Secunia
Recommendation: Maintain basic JS support
== Safari 4.x ==
Last release in series: November 2010
Browsing/editing: Works fine
Security: 1 unpatched "highly critical" vulnerability according to
Secunia ("exposure of sensitive information")
Recommendation: Maintain basic JS support, but monitor
== Safari 3.x ==
Last release in series: May 2009
Browsing/editing: Completely messed up, looks like CSS doesn't get loaded at all
Security: 2 unpatched vulnerabilities, "highly critical"
Usage share: Usage reports for Safari in [3] are broken, all Safari
versions are reported as "0.0". However, [4] suggests that Safari 3
usage is negligible/non-existent.
Recommendation: Styling issue may be worth investigating in case it
affects other browsers and/or is JS-caused. Otherwise probably can be
safely ignored.
[1]
http://lists.wikimedia.org/pipermail/wikitech-l/2014-August/077952.html
[2]
https://gerrit.wikimedia.org/r/#/c/152122/
[3]
http://stats.wikimedia.org/wikimedia/squids/SquidReportClients.htm
[4]
http://stackoverflow.com/questions/12655363/what-is-the-most-old-safari-ver…
--
Erik Möller
VP of Engineering and Product Development, Wikimedia Foundation