If you are able to,
add a Content Security Policy (CSP) header to the HTTP headers.
That would disallow non-approved scripts from running, even if
included in the page body.
If you set it to:
Content-Security-Policy: script-src 'self';
then it will only host
scripts hosted on your own domain. If you set it to 'none', then no JS will be loaded
If you are not able to
edit the HTTP header, then it is also possible to add CSP rules
in a <meta> tag.
Hope that helps.
On 15/07/2019 13.38, The FLOSS
Since I am using a content management system, it will be
you about Disqus.
The FLOSS Information <address@hidden>
blog. It seems to be a bit difficult for me to throw them out
because Disqus and Google Custom Search are offered on my
content management system. What can I do?
You can stop using Google Custom Search and Disqus, of course.
As for Google, the freedom-friendly replacement is rather
straightforward, as Google _does_ allow you to embed their
normal search (which, as you know, works well with no any
client-side programs), if you know the magic option. MWE:
As for Disqus, I am not aware of any direct replacement. The
approach itself, that is placing the initial post of the
thread on your own website, while outsourcing replies to it to
some third-party network, actually, looks dubious to me.
The FLOSS Information