Javascript can be controlled by being recompiled into the Caja subset of javascript. I've been thinking along these lines, all right. So what functions of Javascript are nonessential to the concept of a "rich webapp" but useful for abuse and fingerprinting? If you could strip JS down to a set of awesome functions that reduce the abuse potential, what stuff would you strip out?
A lot of the nasty stuff isn't even JS engine stuff, it's DOM stuff from the browser being made available to JS, so it's not entirely linguistic. A lot of it's bad API, probably much harder to fix. Still, reduced-set JS, with an in-browser standard for verifying signed JS code, would be great. I'm often boggled when I think this over that RMS forgot to include code signing in his suggestion for how to markup non-trivial JS with source code and license text; I figured "code verification" would be a crucial part of the Free Software philosophy when it comes to drive-by code. Another crucial change I'd like to see: immutable javascript. When including a script with the <script> tag, there should be an attribute "immutable=true" and another saying "opaque=true" that prevents *code in the page* from reading or modifying that script, while not preventing the user from reading or auditing the code. Ability of dynamically included/injected JS to fuck up or spy on other JS on the page is the principal reason that you can't trust JS-crypto even if you trust the host. On Tue, 15 Oct 2013 21:51:46 +1000 "James A. Donald" <jamesd@echeque.com> wrote:
On 2013-10-15 19:54, Cathal Garvey wrote:
with folks that refuse to run JavaScript Not "JavaScript"; "Unverified, potentially malicious code with a rich history of exploits inside a frame I use to navigate the online world". It wouldn't matter if the code was LISP or Python; the problem isn't the language, it's the context.
That said, I do run Javascript, albiet through NoScript. I just wish there were more fine-grained policy restrictions I could place on it, such as "No XmlHttpRequest/Websocket" or "No browser introspection (fonts, boundaries, etc.)", and let webapps that are trying to fingerprint me without my permission just crash and burn.
Javascript can be controlled by being recompiled into the Caja subset of javascript.
In practice, however, this is only done when a server controlled by one organization is generating a web page containing javascript controlled by another organization - Caja is used to protect one website against another, but not used to protect the client against the website.