[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnuzilla] A need of a paradigm shift for solving the JavaScript
|
From: |
Narcis Garcia |
|
Subject: |
Re: [Bug-gnuzilla] A need of a paradigm shift for solving the JavaScript Trap |
|
Date: |
Mon, 27 Oct 2014 14:04:42 +0100 |
"99% of the users don’t understand javascript. And those who do will
*still* be faced with ununderstandable minified gibberish"
Julian's (and mine) proposals are enhancements to face this reality.
99% of the users don't understand Java, but they install java
applications from mobile's repositories, and select what to add or remove.
And many users understand the concept of "extensions" or "plugins" for
an application. If we consider a website as an application (as most
users do), we can consider JavaScript functions (or libraries) as
optional plugins.
This conceptual view can allow in the future to develop better
webbrowsers and give easier access to security and privacy.
Al 27/10/14 12:57, En/na Jonas Wielicki ha escrit:
> On 27.10.2014 02:37, Julian Marchant wrote:
>> […]
>>
>> This is what I propose: the first time a website requests use of a
>> particular JavaScript file, the web browser should tell the user, show
>> the JavaScript code requested, and offer three choices:
>>
>> 1. Install the requested script
>>
>> 2. Install a different script for this purpose
>>
>> 3. Don't install any script
>>
>> If the user chooses to install a script, it should be installed
>> *permanently*, i.e. saved to a local directory.
>
> 99% of the users don’t understand javascript. And those who do will
> *still* be faced with ununderstandable minified gibberish. If the
> LibreJS theory works, one *could* follow the link to the source, but
> then the user isn’t verifying the script which actually runs, but the
> script which is pointed to by the source link. If one always loads the
> script from the source link, users will complain about load time and
> possibly distributors will choose to always serve a minified version,
> even in the source repository.
>
> Also, users will allow scripts until the website works.
>
> I doubt that this can be fixed, honestly.
>
> This would merely serve as an addition to things like NoScript.
>
> regards,
> jwi
>
>>
>> On repeat visits to the same website, the scripts requested should be
>> compared to your installed scripts. If you have the same script
>> installed, it should just run the script you have installed. If you
>> don't, it should ask you if you want to update your copy of the script
>> or continue to use the locally installed script, showing you either
>> the two scripts side-by-side, or perhaps a diff. Here, it can offer
>> you the option to reject the suggested script permanently.
>>
>> This kind of system would take away the often undeserved trust that
>> JavaScript use gives to website maintainers. It would encourage
>> everyone to actually think about what JavaScript code they run, the
>> same way they think about any other program they might run.
>>
>> Another great thing about this system: it would be useful for more
>> people than just us. People interested in security would find it
>> useful for every script to be accepted or rejected on a case-by-case
>> basis, too.
>>
>> Please discuss.
>>
>>
>> --
>> http://gnuzilla.gnu.org
>>
>
>
>
>
> --
> http://gnuzilla.gnu.org
>