On 2013-10-15 19:54, Cathal Garvey wrote:
with folks that refuse to run JavaScript Not "JavaScript"; "Unverified, potentially malicious code with a rich history of exploits inside a frame I use to navigate the online world". It wouldn't matter if the code was LISP or Python; the problem isn't the language, it's the context.
That said, I do run Javascript, albiet through NoScript. I just wish there were more fine-grained policy restrictions I could place on it, such as "No XmlHttpRequest/Websocket" or "No browser introspection (fonts, boundaries, etc.)", and let webapps that are trying to fingerprint me without my permission just crash and burn.
Javascript can be controlled by being recompiled into the Caja subset of javascript. In practice, however, this is only done when a server controlled by one organization is generating a web page containing javascript controlled by another organization - Caja is used to protect one website against another, but not used to protect the client against the website.