I have recently given in and finally disabled NoScript because it was too annoying to whitelist seventeen domains upon visiting a new page. What other options do I have?
Name:
Anonymous2018-06-29 2:34
I have an idea: what if, instead of letting JavaScript do anything at all, or blocking a script entirely (two very extreme options!), you instead could block certain functions? NoScript only focuses on where a script is from, not what it’s doing.
Something like app permissions, but for JS. Think about it. Probably impractical to implement but I think it’s worth exploring.
Example scenarios: 1. You allow a script to run but it cannot do any networking-related shit 2. You allow only document.writeln() and console.log() and block everything else 3. You allow specific builtins 4. You disallow all minified JS 5. You allow a script to run but you block the of it that track your browser’s performance and mouse movements
Just throwing some ideas out there. I have always been a fan of capability-based permissions like PaX. Granularity is good. Need to know, need to run, etc.