我开始给多一点的关注使我的JavaScript和Ajax适度地降低。更推荐其中：

I'm starting to give a little more attention to making my javascript and ajax degrade gracefully. Which is more recommended:

在工作的结合了优雅降级到现有的code（可能会非常棘手） 或 显影一个不同组的对非js的用户页面。 working on incorporating the graceful degradation into your existing code (can be tricky) or developing a different sets of pages for the non-js users.

我倾向于在不同组的页面，因为我觉得它更容易和我提供最佳可能的结果为每个用户类型（JS-启用或JS-禁用）。你是否同意我的观点，如果没有，你为什么不同意？

I'm leaning towards the different sets of pages, because I feel it's easier and I get to deliver the best possible results for each user type (js-enabled or js-disabled). Do you agree with me, and if not, why do you disagree?

我还担心黑客攻击。例如黑客获取到JS-功能的版本，然后禁用了JS。在这一点上有什么想法？我不知道很多关于黑客攻击，但能成为一个安全问题，如果我去与不同的版本？

I'm also worrying about hacking attempts. For example hacker gets to the js-enabled version, then disables his js. Any thoughts on this point? I don't know much about hacking, but can this be a security concern if I go with the separate versions?

在此先感谢

推荐答案

开发两组独立的页面，一个是JS的启用，一个用于非JS，显然很多工作，不仅一开始，也可作为你应用程序保持发展。如果不打扰你太多，我想这是一段路要走。我认为你是对的同一页的优雅降级是非常棘手有时。有时候，这是布局仅仅是因为：随着JS启用，你可以简单地隐藏和显示元素，其中因为没有记者：在那里把一切吗？独立设置的网页，可以帮助保持页面结构更干净。

Developing two separate sets of pages, one for JS enabled and one for non-JS, is obviously a lot of work, not only initially, but also as your application keeps evolving. If that doesn't bother you too much, I think that's the way to go. I think you are right about same-page graceful degradation being very tricky sometimes. Sometimes this is just because of the layout: With JS enabled, you can simply hide and show elements, where as without JS: where to put everything? Separate sets of pages can help keep page structure cleaner.

关于黑客攻击：你可以永远，永远，永远不要依赖于客户端的JavaScript验证。一切都进行检查（或重新选中）服务器端和服务器端code可在用户输入任何不作任何假设。所以，我觉得有人在使用应用程序去激活JS的情况是不相关的。尽量保持期望的用户输入统一的非JS和JS版本，正确验证它，你是好。

About hacking attempts: You can never, never, never rely on client-side JavaScript validation. Everything has to be checked (or re-checked) server-side, and your server-side code may make no assumptions whatsoever on the user input. Therefore, I think the scenario of someone de-activating JS while using the application is irrelevant. Try to keep the expected user input uniform for the non-JS and the JS versions, validate it properly, and you're good.