On Fri, Oct 15, 2010 at 2:57 PM, David ‘Bombe’ Roden <[email protected]> wrote: > On Friday 15 October 2010 17:29:52 Matthew Toseland wrote: > >> We are considering making it impossible to use Freenet without a browser >> supporting Javascript. Yes or no answers would be useful (feel free to >> make further comments). > > Require? No. Offer? Absolutely! Even a little JavaScript (I suggest jQuery–it > rocks as an abstraction layer, offers a couple of nice effects and can be > extended with plugins) can make the web interface feel a lot more responsive > and polished. It is possible to extend the functionality of the user interface > without requiring JavaScript at all.
I don't agree. (not that my view matters). JS can be used for a lot of really really nasty tracking and anonymity busting. So, If the freenet sanitation is really powerful enough to reliably strip all Javascript regardless of the browser in use— then Javascript should be used wherever it will make freenet better. If it is not powerful enough to strip all javascript in all cases for all browsers, then javascript should not be used at all and users should be encouraged to disable javascript (in fact, fproxy should check if JS is enabled and deny access or at least nag the user to disable it). I can't see any real purpose for "use it but don't make it mandatory", either the freenet project has sufficient security confidence in JS enabled browsers or it doesn't. The benefits of having JS available (e.g. realtime loading controls and status reports, for example) are obvious and substantial. JS could even be used to increase security, by making freenet itself parse the HTML of freenet pages then pass the parse tree in symbolic form to JS on the client which then builds the page by manipulating the dom, thus completely avoiding differences in browser HTML parsing and the security problems that they can cause. _______________________________________________ Devl mailing list [email protected] http://freenetproject.org/cgi-bin/mailman/listinfo/devl
