[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] A need of a paradigm shift for solving the JavaScript

From: Jonas Wielicki
Subject: Re: [Bug-gnuzilla] A need of a paradigm shift for solving the JavaScript Trap
Date: Mon, 27 Oct 2014 12:57:49 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0

On 27.10.2014 02:37, Julian Marchant wrote:
> […]
> This is what I propose: the first time a website requests use of a
> particular JavaScript file, the web browser should tell the user, show
> the JavaScript code requested, and offer three choices:
> 1. Install the requested script
> 2. Install a different script for this purpose
> 3. Don't install any script
> If the user chooses to install a script, it should be installed
> *permanently*, i.e. saved to a local directory.

99% of the users don’t understand javascript. And those who do will
*still* be faced with ununderstandable minified gibberish. If the
LibreJS theory works, one *could* follow the link to the source, but
then the user isn’t verifying the script which actually runs, but the
script which is pointed to by the source link. If one always loads the
script from the source link, users will complain about load time and
possibly distributors will choose to always  serve a minified version,
even in the source repository.

Also, users will allow scripts until the website works.

I doubt that this can be fixed, honestly.

This would merely serve as an addition to things like NoScript.


> On repeat visits to the same website, the scripts requested should be
> compared to your installed scripts. If you have the same script
> installed, it should just run the script you have installed. If you
> don't, it should ask you if you want to update your copy of the script
> or continue to use the locally installed script, showing you either
> the two scripts side-by-side, or perhaps a diff. Here, it can offer
> you the option to reject the suggested script permanently.
> This kind of system would take away the often undeserved trust that
> JavaScript use gives to website maintainers. It would encourage
> everyone to actually think about what JavaScript code they run, the
> same way they think about any other program they might run.
> Another great thing about this system: it would be useful for more
> people than just us. People interested in security would find it
> useful for every script to be accepted or rejected on a case-by-case
> basis, too.
> Please discuss.
> --
> http://gnuzilla.gnu.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]