We switched to Joker almost a year ago, but just found out we can't renew our domains because they now require Javascript to be on. Where alternatives exist, we don't do business with companies that require client-side active scripting.

What reputable (preferably major) registrars do not require Javascript, and how recently have you confirmed that?

Thanks!

Any reason for not allowing javascript? Most larger companies do a fair amount of client side validation. There are a few low tech interfaces like gandi

Off the top of my head:

in Joker's specific case, it's bad/sloppy design
in general, client side validation is unreliable (can be easily defeated by the lamest of crackers), so is only used by those who do not understand basic security principles
client-side active scripting is a major security hole (check the last 100 incidents at CERT or any reputable security site)
requiring it encourages users to be unsafe


In other words, just because "everybody does it", doesn't mean it's good. :(

I think a lot of times it's used in conjunction with server-side checks, since it's quicker for low-bandwidth users.

The two registrars I use [eNom & Moniker] both use Javascript for atleast dropdown navigation. Are you opposed to that as well?

I think a lot of times it's used in conjunction with server-side checks, Thereby making the whole system more complex, and inherently less reliable. Every system should be designed and built as simply as possible (and no less).

since it's quicker for low-bandwidth users. More likely they don't understand the issues, or don't care. In Joker's case, they recently kludged in support for a new credit card security scheme, and chose to do it in a sloppy, lazy fashion. Why would I trust them, given that they've proven they're willing to compromise basic security tenets?

Javascript for atleast dropdown navigation. Are you opposed to that as well? Irrelevant. Since I have client-side active scripting off, I won't see any such elements.

The only relevant issue is:
is it possible to perform a domain transfer, using my browser's highest security settings?

I haven't bothered to do the experiment, and probably won't. But it seems like there are registrars like Godaddy and Namecheap with whom you can create an account before actually buying anything. So you could try creating the accounts with Javascript disabled, and see if you can at least navigate through the available settings. It's not a perfect test, since there may be settings you can't practice tinkering with until you've bought something, but it's a start.