Client-side scripting is a process by which a web-based computer program runs on the user's computer rather than on the computer hosting the website. Specifically, it runs through a type of program known as a script, which is handled by the user's web browser. The main reason for client-side scripting is to allow a web page to be created specifically around the user's own data and options, rather than being a fixed page that always appears the same to every user.
The need for client-side scripting derives from the way web pages work. Originally, pages were written in standard HTML and were known as static pages; that is, every computer, and in turn every user, saw exactly the same page. This made websites very limited in dealing with large sets of data, such as a railway schedule. With static pages, the only solution was to print the schedule in full and let the user hunt down the relevant detail.
This problem was solved by the development of dynamic web pages. These can adapt to meet a specific situation, such as if a user is searching for a journey between two stations within a specific time period. The result of the search is displayed through a dynamic web page, which is automatically created for that query.
There are two ways to carry out the processing needed to generate the dynamic web page. Server-side scripting means that the computer hosting the website, known as a server, carries out all the work and then generates an HTML page to send to the user's computer. One method for doing this is known as VBScript, which is why occasionally users may carry out a search or other dynamic request on a website and get back a page listing a "VBScript database error."
The second method, client-side scripting, involves embedding special code in the web page. The user's web browser then uses this code to carry out the necessary processing, such as searching a behind-the-scenes database on the website, and produce a page from the results. The best known type of code used in this way is called Javascript.
The biggest drawback of client-side scripting is the security implications. In theory, the code could order the browser to carry out all sorts of actions, including accessing data on the computer itself. Web browsers use a variety of security measures to prevent this being abused, such as limiting the code to accessing only the browser. Flaws in these security measures are one of the main sources of opportunity for virus creators.