JavaScript in the Enterprise – Your Questions Answered

In last week’s webinar, Analyzing the ROI of JavaScript in Enterprise Software Development, we discussed the requirements for building enterprise applications and highlighted some of the challenges commonly faced by our own customers. We also examined how choosing a JavaScript framework can impact the long-term economics relating to development, maintenance and operational processes.

To view the webinar, please visit the Sencha Channel on BrightTalk

At the end of the presentation (~56:00) we received a few interesting questions that we simply didn’t have the time to answer. We promised to follow-up on these questions — so here are our responses:

Upgrading JavaScript Frameworks

How mature is any Javascript framework (and Ext JS in particular) in terms of supporting upgrades? Transition from Ext JS 3 to 4 was relatively a big effort compared to a Java 5 – 6 upgrade. Do you consider a better upgrade transition supported by JavaScript frameworks in the future?

This was one of the major concerns we raised during the presentation. As you point out, many other enterprise technology platforms (e.g. Java) have far longer release cycles compared to web technologies. In fact, Wikipedia cites roughly two years between the major versions J2SE 5 and Java SE 6.

With the explosion of HTML5 in recent years, web technologies (specifically JavaScript) have enjoyed an incredible amount of innovation as browsers continue to implement new HTML5 capabilities. The downside to the innovation is that the technology changes so fast that we currently see a huge difference in functionality between legacy browsers (e.g. Internet Explorer 8) and the latest versions of Chrome.

During the webinar, we spoke about how some widely popular micro-frameworks (AngularJS and jQuery, among others) have completely abandoned legacy browser support in their most recent versions. This is of great concern to enterprise organizations who must continue to support older browsers for the foreseeable future — and to your question, many JavaScript frameworks are not “mature” in their support for upgrades in this sense.

Sencha however has firmly aligned itself with the needs of the enterprise, and we learned a lot from the experience of our customers during the Ext JS 3 > 4 migration. First we made sure that our latest release (Ext JS 5) offered a smooth upgrade from 4.x. Second, we kept support for the legacy browsers our enterprise customers still require. Third, based on our customer’s upgrade experiences, we have made upgrade paths and backward/forward compatibility a standard roadmap item.

While it’s hard to say if all JavaScript frameworks will mature into longer, more stable and smoother release cycles, we believe that Ext JS is the clear leader in this area.

Browser Support

What rule/commitment does Sencha have on supporting older browsers? For example, when will you stop supporting IE8?

The only rule Sencha has for deciding which browsers to support comes from what our customers tell us they need.

When we first released Ext JS 4.0 in 2011, the browser landscape looked a bit different than it does today. Internet Explorer 6 still had significant market share, and Chrome had only just begun its shorter 6-week release cycles. Mobile browsers were far from mature, and at the time, few enterprise companies had mobile strategies.

The browser landscape today is much different, as are the requirements for enterprise web applications. While the need to support Internet Explorer 8 is clearly still a priority for our customers, only a few organizations require anything older (and for those customers, we are supporting them via customized extended support programs). On the other hand, many of our customers also specifically asked us to begin supporting mobile browsers — particularly for use on tablets. Therefore, Ext JS 5.0 (released earlier this year) evolved with the needs of our customers.

When will we stop supporting IE8? Certainly not in the immediate future. The majority of our enterprise customers tell us they still need to support IE8, and this aligns with research from Net Market Share that legacy Internet Explorer still commands a sizeable chunk of IE usage.

Legacy browser support is truly one of the features that sets Ext JS apart from our competition — so while we plan to continue innovating with new features, we also plan to continue evolving with (and not away from) our customers.

Code Specialization

Micro-frameworks are specific. How can Sencha guarantee best-in-class features for each specialization?

I mentioned in the webinar that micro-frameworks, by definition, only strive to implement a subset of the functionality needed by enterprise applications. This isn’t necessarily a bad thing — as you point out, micro-frameworks can provide best-in-class features by specializing in their area of expertise.

Taking that point on its own, you might argue that it can be difficult for Sencha to compete with micro-frameworks that specialize in certain areas. One example might be charting and visualizations: Ext JS ships with charting and visualization packages, but how can Sencha guarantee ours are “the best”? There are several parts to this answer.

First, asking which framework is “best” is always a loaded question. Does “best” mean quality? Performance? Extensibility? It’s an entirely subjective analysis, and ultimately “best” is only true in given situations. From our perspective, Ext JS offers an extensible framework in which all of the features are fully integrated. We guarantee you’ll be able to easily modify and extend every class in our framework if the built-in features don’t meet a specific need; moreover, you’ll be able to do this using a consistent code style. Micro-frameworks typically don’t guarantee that because they’re specialized, so in cases where a library doesn’t perfectly fit your needs you are often stuck hacking away at code not intended for customization or extensibility.

Second, you need to consider that micro-frameworks are not used in a vacuum. A specialized charting library needs to be wired into the rest of your application stack — work that can be very tedious as none of the moving parts are fully integrated.

And finally, it’s important to find the right tool for the right job. Ext JS is ideal for building feature-rich and complex line-of-business applications — and while our framework delivers the overwhelming majority of features an enterprise application needs, there may indeed be cases where you want to pull in a third-party library to do something Ext JS doesn’t specialize in (e.g. cryptographic algorithms). Ext JS can play nicely with other libraries — the webinar just warned against complicated dependency chains as they cause problems for long-term maintenance.

Performance

What gains are you seeing in HTML5 performance for Sencha apps as it relates to overtaking native apps and becoming the standard for mobile app development?

Sencha engineer Ross Gerbasi recently wrote an article discussing how HTML5 performance on iOS 8 has gained a lot of speed — but that there are also some bugs that still need to be addressed.

Sencha has strategically focused on HTML5 because we feel incredibly confident in the direction HTML5 is heading. JavaScript performance continues to improve both in mobile browsers as well as in the WebView.

During the webinar, we briefly talked about different approaches to building applications. It is hard to beat the performance of native apps with HTML5 simply because native apps are built with technology one step closer to the physical OS, but HTML5 applications can still achieve fantastic speed. Sencha proved this two years ago with our Fastbook demo, and since then others have also built impressive HTML5 apps with performance so good that users can’t tell whether-or-not they’re native.

Our take is that HTML5 already offers great performance for mobile apps, and it will continue to improve to the point where “performance” is good enough that we stop asking this question.

Security

How do you secure your framework? Basically, how would a customer have assurances that it’s secure enough?

Security is definitely a big issue for enterprise applications, but application security also comes in many flavors. Browser applications are inherently insecure as the runtime is open for anyone to debug, so let’s examine how Sencha tackles security.

In the Ext JS framework, many of our classes can be configured to help mitigate common security threats. For example, Ext.ElementLoader automatically prevents remote scripts from being loaded unless configured otherwise. Classes that enable user input (e.g. Ext.form.field.Text) can easily be configured to prevent the direct input of certain characters or expressions, and can also be configured to validate their input on submission. Ext JS also ships with a number of utilities (e.g. Ext.util.Format.stripScripts and stripTags) that enable the developer to implement security as needed.

But as I already mentioned, the browser is inherently insecure. Even if the client application prevented direct user input, savvy developers can easily open their debugging tools to manipulate script logic, DOM interactions or access localStorage. At the end of the day, a client application running in the browser must rely on server-side and network security.

For mobile applications built with HTML5, having your web application wrapped with tools like Cordova might make this more difficult for a hacker — but unfortunately, Cordova applications are still not completely secure.

We created Sencha Space specifically to address the enterprise concerns around building secure mobile applications with HTML5. Our recent white paper goes deeper into the security details to discuss how Sencha Space can help to lower risk, strengthen security, and lower the total cost of ownership for application and data mobility.

Conclusion

Sencha understands the impact that HTML5 and JavaScript can have on the long-term economics for enterprise software development, and Ext JS has been strategically engineered to help the enterprise build applications more efficiently. Please feel free to ask us more questions about the presentation in the comments below!

We really hope you enjoyed last week’s webinar — please join us in November to hear about what is new in Sencha Space 1.2, and how Sencha Space makes it easier to develop and deploy secure cross-platform HTML5 applications!