Jump to content

Polyfill: What's all this, then?


TrevMUN

Recommended Posts

So in Roytam1's post where he chronicles his work on XP-friendly browsers, I saw a lot of talk of Polyfill. I tried to follow along, but coming into the middle of a long ongoing discussion with no apparent beginning no matter how many pages back I went left me horribly confused as to exactly what it is, how it's used, what it can and can't do and oh no I've gone crosseyed.

So I thought the best thing to do would be to get a post specifically about Polyfill going, to untangle the discussion and get up to speed. With that in mind:

  1. What exactly is Polyfill?
  2. Which browsers can use Polyfill?
  3. How do you implement Polyfill into a browser?
  4. What can it do and what are its limitations?

EDIT: @UCyborg cleared it up for me in this comment! Big thanks to him!

Edited by TrevMUN
Link to comment
Share on other sites


1. https://remysharp.com/2010/10/08/what-is-a-polyfill

2. All (or most)

but it seems that this is just a modern term for an old thing. One could consider the classic MM_reloadPage javascript function from Dreamweaver 2 to be a polyfill. But if that is not an example of one, then perhaps I need clarification as well.

 

Link to comment
Share on other sites

I gave up trying to get websites working on poorer browsers, way too much hassle, there are incompatible regex expressions, incompatible general JavaScript syntax, incompatible scripts inlined right into HTML <script> tags, realiance on CustomElements support and all these things mixed together in various quantities.

Link to comment
Share on other sites

9 hours ago, Bruninho said:

As a former front-end web developer, my advice is to never use a polyfill in your website. It's better to follow the principle of "graceful degradation" for older, non-supported browsers.

While I agree with the sentiment and I've put that into practice for my own site, major websites appear to have gotten quite lazy, careless, and uncaring about maximizing compatibility. Just tonight I discovered that Pixiv, the Japanese art website, now completely blanks out on all of my browsers including Roytam1's New Moon builds. I've had similar experiences with LinkedIn, BlockFi, and Coinbase. A number of other sites (such as DeviantArt and a British company, Clove Technology) currently implement such unfriendly code to a point that their sites are mostly unusable but not completely so.

From the way people talked about it in Roytam1's thread, Polyfill is something we might be able to do "client-side" to address problems casued "server-side."

Link to comment
Share on other sites

5 hours ago, TrevMUN said:

From the way people talked about it in Roytam1's thread, Polyfill is something we might be able to do "client-side" to address problems casued "server-side."

I think the operative word there is "talked" and it is PAST TENSE.

The theory seems to have been dropped and there is no "current" discussion.

I think more and more are realizing that non-polyfill javascript engines are "dying", if not already "dead".

Link to comment
Share on other sites

You have mentioned just "modern" Web 2.0 websites, like LinkedIn.

They don't care about your old browser and they're not wrong on their side about that. They have to move forward with the path that is the Web 2.0. Don't get me wrong - this is just business for them. The world moved forward with that. Why should they care about someone using ancient browsers? Not good for their business.

Meanwhile, these old browsers are Web 1.0, which is the path I strongly believe they should have followed - browsers should just display pages, not heavy web apps or any flashy stuff, like a js based dosbox emulator... not stuff like ReactJS... best we, as classic web developers, can do is what I told before, graceful degradation. Businesses like LikedIn won't care about that for the reasons I mentioned before. It's the progress of technology and business.

I work for an organization that sells customized Moodle LMS with a theme that I built with the most modern HTML5/CSS3 stuff. And in spite of that, I did a test for Windows 98 & XP with some old browsers and while my Moodle instance was nearly functional, some parts of my design were blanked out, as expected. I do think that I did a good job considering the huge gap between old and new technology, and that the look of it was still pretty good, since I can log in, navigate, and do some activities in a course. This was only possible because of my "old school" style of programming HTML/CSS and attention to detail which subconsciously led me to do some graceful degradation even when I didn't want nor thought about it - I always try to rely more on CSS than JS for design solutions, this is only possible because of CSS3. I never liked JS, really.

However, I did drop the Internet Explorer compatibility, years ago (circa 2019) because I totally despise how the Trident engine render the things in a page. I always needed a polyfill to fix that, server-side. I was always angered at how it was different to Gecko and Webkit based browsers. Now we support newer Edge and all other browsers. This helped to move forward the development of our product instead of losing time with *censored* old browsers. This is why I do understand why the business work that way with Web 2.0. We can't be bothered about ancient browsers and with using polyfills to support them anymore. This was the case when IE was still around and gave me a huge headache for nearly a decade.

If you want to access modern websites with your old machine, just do the MITM technique. You'll need a modern machine between you and the web to do that effort. It will at least let you access TLS 1.3 websites by downgrading that protocol to your machine, but won't fix the issue with modern HTML5/CSS3 code not being understood by your browser. And please don't do some internet banking with that technique, as it is very unsecure for you. I do that for my old Win 9x and MacOS 9.2 emulators just to access a secondary email I set up for that purpose only, and some fun pages like this one and VOGONS where I don't have to disclose some sensitive data.

Some techniques for example is Browservice (look for it on github) and Crypto Ancienne (also on github, a technique to overcome TLS 1.3 limitation for the Classilla browser on MacOS 9.2, but I think it could work for RetroZilla, since the codebase is similar to Classilla. This is the best you can do "client side".

However, your problem is completely unfixable unless someone does a new browser for these old machines with a modern rendering engine - and this will never happen. Browsers like Pale Moon won't do that, because the premise of Pale Moon is to follow the path Mozilla should've followed instead of being a "Chrome wannabe" and with a different rendering engine.

Best you can do is live with some concessions.

If you want to make something really useful with your Web 1.0 browser, take a look at this niche effort on MacRumors forums: https://forums.macrumors.com/threads/web-1-1-building-the-new-old-web.2290616/

It's a small community effort to create a Web 1.1 (evolution of Web 1.0) network of pages to enjoy our old macs, pcs and ancient browsers.

Cheers

Edited by Bruninho
Link to comment
Share on other sites

1 hour ago, Bruninho said:

You have mentioned just "modern" Web 2.0 websites, like LinkedIn.

They don't care about your old browser and they're not wrong on their side about that. They have to move forward with the path that is the Web 2.0. Don't get me wrong - this is just business for them. The world moved forward with that. Why should they care about someone using ancient browsers? Not good for their business.

I don't get the condescension in your response. Was it not apparent that I already acknowledged this in my previous reply? I don't find this attitude helpful at all in trying to understand what Polyfill is or does.

You repeatedly use the phrase "old macs, pcs" and "ancient browsers" in your response to me. I think you're making an assumption that I'm trying to access these websites on a Pentium-based machine using IE5 or something. In terms of specs, my machine isn't as old as you may think. And I think it's similarly a mistake to assume the browsers involved are ancient. Personally, if I devoted as much time as Roytam1 does to backporting a browser that's still being developed, I'd be insulted by someone calling it ancient, as if it hadn't received updates and support in over a decade.

1 hour ago, Bruninho said:

If you want to access modern websites with your old machine, just do the MITM technique. You'll need a modern machine between you and the web to do that effort. It will at least let you access TLS 1.3 websites by downgrading that protocol to your machine, but won't fix the issue with modern HTML5/CSS3 code not being understood by your browser.

The issue isn't TLS 1.3. And anyway,  I've noticed that older Firefox-based browsers (and offshoots like Pale Moon/New Moon) don't have this problem. Older versions of Chrome/Chromium will report "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" if they encounter a site using TLS 1.3, but Firefox-derived browsers will display the page without issue.

It's also not a case of HTML5/CSS3 not being understood by the browsers I'm using (I would have had a very hard time developing my site using HTML5/CSS3 if I wasn't able to preview my work as I wrote it). In Roytam1's thread, InterLinked referred to this problem as "breakage-causing JS code."

1 hour ago, Bruninho said:

And please don't do some internet banking with that technique, as it is very unsecure for you.

Really, it seems like you're just taking this post as an excuse to lecture about a whole gamut of things unrelated to the topic at hand. I can't speak for others on this topic, but regardless of the operating system I've made a point of installing script and ad blockers on my browsers. I'm particularly fond of NoScript's "don't trust anything inherently" approach.

Link to comment
Share on other sites

59 minutes ago, TrevMUN said:

I don't get the condescension in your response.

I didn't really read any condescension, per se.  Disliked the pro-Mac rhetoric and the banking reference.

1 hour ago, TrevMUN said:

"don't trust anything inherently" approach

Bingo!

And that INCLUDES banking web sites.  I once contacted Customer Service for one of the three largest credit card companies and requested to speak with the supervisor of the customer service representative.  Then pulled teeth to get that supervisor to properly direct my call.  All on account of me attempting to pay my credit card in a SECURE manner but their web site pulling over 60+ javascript files and I saw 8 (if I recall correctly) in the list that were coming from FACEBOOK and I don't even have a Facebook account.

Quite a bit off-topic, apologies for the "rant".

But it is kinda related, all these polyfills, from the way I understand it, all come into play NOT because the site you are visiting is employing them, but because they have OUTSOURCED large portions of their "web design".  The "chaining" aspect of polyfill disturbs me, sounds similar to what "script kiddies" used to do when they "obfuscated" their code.

Link to comment
Share on other sites

5 hours ago, TrevMUN said:

1) I don't get the condescension in your response. Was it not apparent that I already acknowledged this in my previous reply? I don't find this attitude helpful at all in trying to understand what Polyfill is or does.

2) You repeatedly use the phrase "old macs, pcs" and "ancient browsers" in your response to me. I think you're making an assumption that I'm trying to access these websites on a Pentium-based machine using IE5 or something. In terms of specs, my machine isn't as old as you may think. And I think it's similarly a mistake to assume the browsers involved are ancient. Personally, if I devoted as much time as Roytam1 does to backporting a browser that's still being developed, I'd be insulted by someone calling it ancient, as if it hadn't received updates and support in over a decade.

3) The issue isn't TLS 1.3. And anyway,  I've noticed that older Firefox-based browsers (and offshoots like Pale Moon/New Moon) don't have this problem. Older versions of Chrome/Chromium will report "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" if they encounter a site using TLS 1.3, but Firefox-derived browsers will display the page without issue.

4) It's also not a case of HTML5/CSS3 not being understood by the browsers I'm using (I would have had a very hard time developing my site using HTML5/CSS3 if I wasn't able to preview my work as I wrote it). In Roytam1's thread, InterLinked referred to this problem as "breakage-causing JS code."

5) Really, it seems like you're just taking this post as an excuse to lecture about a whole gamut of things unrelated to the topic at hand. I can't speak for others on this topic, but regardless of the operating system I've made a point of installing script and ad blockers on my browsers. I'm particularly fond of NoScript's "don't trust anything inherently" approach.

1) I was just trying to be helpful from the point of view of a web developer in a serious organization, to explain it to you.

2) The hardware doesn't matter. XP is ancient (2002) and no longer supported by MS. All of the browsers Roytam1 is backporting to XP are third-party, non-official forks of ancient versions of Firefox, released years ago, and are no longer actively developed nor mantained by Mozilla. He knows it and will acknowledge it. I do know his (brilliant) work. He will not feel insulted by it.

3) Correct, your issue is not TLS, because he did update the ciphers and protocols in his forks, so did the developers of Pale Moon/New Moon. That was the easiest part for them. Your issue is the rendering of the modern web pages in these browsers. What you are seeing is that we are now reaching to a point where the development of these particular forked browsers will hit a wall and eventually stop.

4) Firefox forks like Pale Moon are starting to struggle to render Web 2.0 properly, because HTML5/CSS3 has a fast paced development and tomorrow, and due to the ancient and aging, old mozilla rendering engines used by them, they will soon struggle to keep up with it. Even Roytam1 will acknowledge that it will come to a point where he cannot update these browsers anymore, and we aren't far from it now.

5) You can install scripts and ad blockers, heck I do support it, as long as they come from trusted sources. The point I was trying to make was about HTML/JS/CSS polyfills used from the server side, by developers, and explain to you, from the point of view of a developer, why any organization with a web service will not give support to these browsers you mentioned and nor will use these polyfills just to support them.

Client side, you do what you think it's best for you, sure. No one will stop you.

Let me put it simple straight: Windows XP and these browsers based on ancient Firefox versions are really cool for some retro computing, casual web browsing and gaming entertainment. I know, because I do it from an emulator just to play old games. But it's strongly advised not to use it as a daily driver, for work, for internet banking, and to store sensitive data, simply because it's not secure anymore.

Edited by Bruninho
Link to comment
Share on other sites

1 hour ago, Bruninho said:

But it's strongly advised not to use it as a daily driver, for work, for internet banking, and to store sensitive data, simply because it's not secure anymore.

I can agree to 90% of your post but I do take a bit of an issue with the "hype and propaganda" contained within this sentence.

No offense, I do agree with 90% of your viewpoint.

XP is dead - does not stop me from using it as my "daily driver".

Roytam browsers are dead - I stopped using them two and a half years ago!

But I see too much "hype and propaganda" (reminds me of political "throw grandma from the cliff" ads here in the States) in ANY statement citing "security" above-and-beyond consumer-choice and XP is this consumers choice - for now.

Link to comment
Share on other sites

2 hours ago, NotHereToPlayGames said:

I can agree to 90% of your post but I do take a bit of an issue with the "hype and propaganda" contained within this sentence.

No offense, I do agree with 90% of your viewpoint.

XP is dead - does not stop me from using it as my "daily driver".

Roytam browsers are dead - I stopped using them two and a half years ago!

But I see too much "hype and propaganda" (reminds me of political "throw grandma from the cliff" ads here in the States) in ANY statement citing "security" above-and-beyond consumer-choice and XP is this consumers choice - for now.

It's not "hype and propaganda", it's pure logic and common sense.

XP is dead. Microsoft officially ended support for Windows XP on April 8, 2014. Because no further security patches were developed since then, these computers are substantially more vulnerable to security risks and prone to malicious attacks. XP and its supported browsers are no longer up-to-date with the current security standards. For that reason alone you shouldn't be using it as your daily driver.

I am not saying that Roytam1's browsers are dead. They are still pretty good for light casual browsing, nothing serious. Modern web unfortunately now relies much more on JS frameworks like Vue and React to build CMS and Web Apps, all of which I despise. I doubt that an ancient rendering engine like the one used by these old Firefox forks can keep up with it.

Check here: https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide

I do understand why one would want to stick to Windows XP. As a retro enthusiast, I'd love to keep using Windows 98 and/or 2000 as my daily driver today, because I love how simple and easy to use they were back in their heydays, but I cannot because nowadays it's not safe, it's vulnerable, not practical due to lack of updates and security patches, and not compatible with my work assignments. Instead I let them run in a sandboxed environment, running in an emulator just for gaming purposes, disconnected from the local network and internet.

Less than 1% of the Windows Market Share Worldwide is Windows XP users nowadays. So in a nutshell, as long as you don’t connect to the internet; you are fine with running Windows XP.

Edited by Bruninho
Link to comment
Share on other sites

12 hours ago, NotHereToPlayGames said:

I think more and more are realizing that non-polyfill javascript engines are "dying", if not already "dead".

Polyfilling is just plugging in new JavaScript functionality at runtime not supported by the browser's engine, so your usage of "polyfill" in that sentence is kinda off. But I know what you meant.

On 4/5/2022 at 10:14 AM, TrevMUN said:

How do you implement Polyfill into a browser?

Specifics are tricky, an example is @InterLinked's chromefill extension for Chromium browsers (https://github.com/InterLinked1/chromefill). You basically write new functions and make them available in a way JS interperter encounters them before site's code that tries to call them. Due to the nature of this particular extension, it can be easily implemented as the user script. They're more universal and advanced users tend to already have an user script manager extension such as GreaseMonkey or TamperMonkey.

You take the content of polyfills.js and add the metadata block like the one below at the top. There are additional options that are supported by user script managers, their docs are your friend, but these should be sufficient for now.

// ==UserScript==
// @name         chromefill
// @namespace    http://yourwebsiteorjustuniquestringyouwilluseforyourscripts.net/
// @version      0.1
// @description  Automatically injects polyfills for older browsers into webpages
// @author       Your name
// @match        *://*/*
// @run-at       document-start
// @grant        none
// ==/UserScript==

Use the option to create a new user script in your user script manager and paste everything into the editor window and save. Set it ro run before other scripts you may have do.

InterLinked's polyfills script was tested on Pale Moon 28.9.3 with GreaseMonkey for Pale Moon 3.31.4 and SRWare Iron 70 with TamperMonkey 4.15 on stackoverflow.com - not the best example since the site has other issues with old browsers, but the script seems to execute correctly, message about missing globalThis is gone. I don't know any other site to test.

For usage with TamperMonkey, in its settings, Advanced mode should be set under Config mode and then Inject Mode set to Instant.

On 4/5/2022 at 10:14 AM, TrevMUN said:

What can it do and what are its limitations?

Regarding limitations, you can't eg. make Firefox support Web Serial API with Polyfills since this requires new low-level code interacting with COM ports. Polyfills also don't cover new JavaScript language syntax, eg. the famous nullish coalescing operator or optional chaining operator.

Edited by UCyborg
Link to comment
Share on other sites

1 hour ago, UCyborg said:

Polyfilling is just plugging in new JavaScript functionality at runtime not supported by the browser's engine, so your usage of "polyfill" in that sentence is kinda off. But I know what you meant.

Man, thanks for explaning this! I thought I was losing my mind with what these other guys were saying, claiming it's a server-side only thing (not to mention the irrelevant and condescending "your computer and browsers are ancient, accept the inevitable" lecturing) yet seeing people talk about github-wc-polyfill in Roytam1's thread.

1 hour ago, UCyborg said:

I don't know any other site to test.

Try LinkedIn and Pixiv? Both sites have recently blanked out on me. Well, LinkedIn just endlessly shows its loading animation, but Pixiv just goes stark white.

Coinbase and BlockFi do the same thing, but only when you try to log in, so those wouldn't be as easy to test.

Edited by TrevMUN
Link to comment
Share on other sites

26 minutes ago, TrevMUN said:

but only when you try to log in, so those wouldn't be as easy to test.

Same thing happens with my water bill payment web site.  I am "forced" to use 360Chrome v13 for that one solitary web site.  Everything else I need the web for can be achieved with 360Chrome v11 without github-wc-polyfill.

But github-wc-polyfill is not a fix-all or I would be able to pay my water bill with github-wc-polyfill added to 360Chrome v11, which I cannot, I "have to" use v13  :realmad:

I was not trying to push anti-XP, I hope it didn't come across that way, I use XP on 7 of my 9 computers  :cool:

I can still love and use XP but still agree with 90% of what an anti-XP'er has to say - HIS views on XP will NOT alter MY views of XP.

In fact, I'll go so far as to make this claim - without XP, MSFN would be DEAD.  XP threads seem to FAR outweigh non-XP threads.  But maybe that's just the "rose colored glasses" I'm wearing, lol.

Edited by NotHereToPlayGames
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...