I have recently given in and finally disabled NoScript because it was too annoying to whitelist seventeen domains upon visiting a new page. What other options do I have?
Name:
Anonymous2018-06-25 7:15
not much in the era of JS generating HTML. either go with the whitelisting song and dance or stop going to websites that require JS
This is infeasible, 97% of the websights use JS for core functionality. What about if I render it on an external machine and then fetch the output HTML?
Name:
Anonymous2018-06-25 7:40
>>3 and that will help with what? all the tracking shit your're are trying to avoid will track the external machine, but because you use it for everything, it will effectively track you
Name:
Anonymous2018-06-25 8:07
I don't care about being tracked, I don't want to give js access to my filesystem et al
Name:
Anonymous2018-06-25 8:10
did something change? js in browser didn't have access to your're are filesystem because of sandboxing and lack of API
I still use whitelisting with my phone, or else the internet is unusable due to the amount of ads.
Name:
Anonymous2018-06-29 2:34
I have an idea: what if, instead of letting JavaScript do anything at all, or blocking a script entirely (two very extreme options!), you instead could block certain functions? NoScript only focuses on where a script is from, not what it’s doing.
Something like app permissions, but for JS. Think about it. Probably impractical to implement but I think it’s worth exploring.
Example scenarios: 1. You allow a script to run but it cannot do any networking-related shit 2. You allow only document.writeln() and console.log() and block everything else 3. You allow specific builtins 4. You disallow all minified JS 5. You allow a script to run but you block the of it that track your browser’s performance and mouse movements
Just throwing some ideas out there. I have always been a fan of capability-based permissions like PaX. Granularity is good. Need to know, need to run, etc.