[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnuzilla] A need of a paradigm shift for solving the JavaScript
|
From: |
Julian |
|
Subject: |
Re: [Bug-gnuzilla] A need of a paradigm shift for solving the JavaScript Trap |
|
Date: |
Fri, 14 Nov 2014 18:15:57 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.2.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/14/2014 02:35 AM, Ivan Zaigralin wrote:
> This is the root of all evil: users are habituated to drive-by
> downloads from sources unknown. If you think about it long enough,
> you will realize that javascript itself is the problem. Users who
> value their freedom browse with javascript off, and web designers
> who value users' freedom SHOULD NOT USE javascript AT ALL unless
> they complement it with a commitment to audit, document, and
> publish all source in a timely manner.
I have to admit, I find that I agree with this entirely, even though I
didn't think about it in these exact terms previously. The terms I was
thinking in were, non-standard extensions must be installed explicitly
by the users. But now you've basically got me convinced that
JavaScript, in the form it's most commonly found, should be killed off
entirely. JavaScript use for Web pages can remain solely in the form
of user scripts.
And this has made me think of something: perhaps a browser extension
or user script can be developed to check the page for script requests,
and find information (such as text) that is meant to be hidden unless
a JavaScript program shows it? The hidden information could then be
made accessible in some sort of list.
This is a common, very annoying use of JavaScript that you have to
deal with when browsing with JavaScript off; for example, a lot of
forums have "spoiler" buttons that behave this way. An automatic
analysis tool would make it much easier to deal with, and unlike
LibreJS, it wouldn't require cooperation. Of course it wouldn't cover
all cases of JavaScript requirement, but it would cover a great number
of them.
I don't know how hard such an extension or user script would be to
develop, and I'm not really up to the task myself, but I would donate
to such an effort, at least.
- --
Julian Marchant
https://onpon4.github.io
Protect your privacy with GnuPG:
https://emailselfdefense.fsf.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUZo0tAAoJELP1a+89AVMCvaYH/3xz3zEh+eIqXsNHW/jhVEsk
tzPy5q/TjTG9/WA3C/4aJQBajxz6KhC2UH0gkdV+XXowv6NoAfS2BD0K6eiQfCmb
35pp5D7VkV5H4DQ9omGbc/5dZcW9Fh8uXgYktenEAkd+Oee+ovox7Xq9f35IY7Bs
O5eeJZoktd5d5diQC63fWH0o8woAr/HeSwdkxXrQ7pp1A7d1pSxP8ZI5Ruvr0FNw
yi8ijg99X3VUzmX7YHLuIb59TpWaShqLC0TD6ieshhMcCrzORf0/ry1nVsS/Ocd1
J39yErNyMMKUs5E3ib8/sEooaxkWvddj+IlxaFDN/vq4Vj1t4B0gh8Rk1lWnsr8=
=9a6L
-----END PGP SIGNATURE-----