-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/14/2014 02:35 AM, Ivan Zaigralin wrote: > This is the root of all evil: users are habituated to drive-by > downloads from sources unknown. If you think about it long enough, > you will realize that javascript itself is the problem. Users who > value their freedom browse with javascript off, and web designers > who value users' freedom SHOULD NOT USE javascript AT ALL unless > they complement it with a commitment to audit, document, and > publish all source in a timely manner.
I have to admit, I find that I agree with this entirely, even though I didn't think about it in these exact terms previously. The terms I was thinking in were, non-standard extensions must be installed explicitly by the users. But now you've basically got me convinced that JavaScript, in the form it's most commonly found, should be killed off entirely. JavaScript use for Web pages can remain solely in the form of user scripts. And this has made me think of something: perhaps a browser extension or user script can be developed to check the page for script requests, and find information (such as text) that is meant to be hidden unless a JavaScript program shows it? The hidden information could then be made accessible in some sort of list. This is a common, very annoying use of JavaScript that you have to deal with when browsing with JavaScript off; for example, a lot of forums have "spoiler" buttons that behave this way. An automatic analysis tool would make it much easier to deal with, and unlike LibreJS, it wouldn't require cooperation. Of course it wouldn't cover all cases of JavaScript requirement, but it would cover a great number of them. I don't know how hard such an extension or user script would be to develop, and I'm not really up to the task myself, but I would donate to such an effort, at least. - -- Julian Marchant https://onpon4.github.io Protect your privacy with GnuPG: https://emailselfdefense.fsf.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUZo0tAAoJELP1a+89AVMCvaYH/3xz3zEh+eIqXsNHW/jhVEsk tzPy5q/TjTG9/WA3C/4aJQBajxz6KhC2UH0gkdV+XXowv6NoAfS2BD0K6eiQfCmb 35pp5D7VkV5H4DQ9omGbc/5dZcW9Fh8uXgYktenEAkd+Oee+ovox7Xq9f35IY7Bs O5eeJZoktd5d5diQC63fWH0o8woAr/HeSwdkxXrQ7pp1A7d1pSxP8ZI5Ruvr0FNw yi8ijg99X3VUzmX7YHLuIb59TpWaShqLC0TD6ieshhMcCrzORf0/ry1nVsS/Ocd1 J39yErNyMMKUs5E3ib8/sEooaxkWvddj+IlxaFDN/vq4Vj1t4B0gh8Rk1lWnsr8= =9a6L -----END PGP SIGNATURE----- -- http://gnuzilla.gnu.org
