why do web browsers only read HTML, CSS, and JS?

by Stephanie Coates

The purpose of a web browser is to render content from the internet. This is done with HTML for content, CSS for style, and JS for interactivity.

HTML and CSS aren’t technically programming languages - HTML is markup language, and CSS is a stylesheet language.

JavaScript’s interactive capabilities depend on the environment it’s running in. For example, JS running on Node.js supports funtions that allow JS to read/write to certain files, perform network requests, and more.

But for this context, we’re focused on in-browser JavaScript, or JavaScript that is specifically run in a web browser that provides a JavaScript engine, such a Chrome, Safari, or Firefox.

JS in general is considered a “safe” programming language because of it’s limitations and inability to access operating system memory or CPU.

What in-browser JS can do

The explosiveness of JavaScript as a language has make user web experiences much more dynamic than the standard, static pages from last decade. JS can:

  • dynamically add HTML to the page
  • change existing content
  • modify styles
  • react to user actions (mouse clicks, pointer movements, key presses)
  • send requests over the network via AJAX
  • download and upload files
  • get and set cookies
  • ask questions to the visitor
  • generate pop up messages
  • remember data on the client-side via local storage

All of these features have made web experiences more rich and dynamic, both in positive and negative ways.

What in-browser JS can’t do

  • know about other tabs/windows open on the user’s computer
  • communicate and receive data from cross-origin domains (CORS permissions must be set in HTTP headers coming from the remote server)
  • read/write or copy files onto the hard disk, or execute programs, since it has no direct access to operating system functions

    modern browsers do allow JS to work with files, however access is limited and only provided if the user “drops” the file into the browser window or selects it via an <input> tag. The same goes for interaction with other OS hardware, like the microphone or camera. The user has to explicitly approve for JS to get access.

To touch back on the original question - why JavaScript? The main reason is safety. If other, more powerful languages (such as C) were executed in the browser, that code would have access whatever information it wants from a user’s computer, like passwords, cache storages, and private files, without their knowledge.

Javascript has full integration with HTML/CSS and is supported by all major browsers and enabled by default. These three technologies used together have become the most widespread foundation for creating browser interfaces.