there is a notation for declaring the license of inline scripts; but that does not cover external scripts downloaded on-the-fly from *wherever*, and that really should not be desirable
the key point there is that it declares the license of the inline script - it is not merely to say: "this is all kosher (and everything it includes) - just go ahead and run it - dont bother my users you pesky scrutinizer" - a typicaly bloated website today includes dozens, perhaps hundreds of external scripts, under many different licenses; so a global whitelist does not even make sense - if that was the desired result, you may as well not use librejs at all, and just blindly run everything they throw at you, regardless of who says its "ok" the very point of librejs is not to block javascript; it is to encourage developers to properly license their javascript, and to publish the original source code of obfuscated scripts, and to make it easier for users to verify that - a whitelist is not a license and anyways it is not possible for most websites to declare a global license that claims to cover all external scripts published by *whoever* - and worst of all, a whitelist would not indicate where users can find the source code parsing web-labels is not brittle at all - that is the beauty of well-formed XML - web-labels are as convenient as it could possibly be to itemize and declare the licenses of each included script in a human-readable and machine-parsable way i should also add that the current version of librejs is a complete re-write for 'web-extensions' capable browsers - any problems you might have had with previous version would not apply to the current version
