![]() ![]() Then, for every static rule where I enable JS for a domain, I add a corresponding `no-scripting: $domain false` in the dynamic rules. Web workers can be allowed on a per-site basis by overriding the csp directive with a I have a dynamic rule to allow `` tags to be rendered: (The fact that my default is to block everything is why the first example I gave above starts with too.) Override the previous rules by allowing first-party CSS, frames and images. Disable web workers by setting the CSP worker-src.Ĥ. Block images by replacing them with the built-in 1x1 GIF instead of canceling the request.ģ. *$css,font,frame,media,object,ping,script,websocket,xhrĢ. I have a "block everything by default" rule at the top that's: Which means "allow foo.com to fetch css from bar.com", the corresponding uBO static rule full list of things that can be allow/block'd by uBO is at. That's why disabling JS stopsa remarkable amount of ads and tracking. I believe this not because I think having a JS or other interpreter is technically necessary, but because these companies have become wholly reliant upon it. Without having automatic execution of code by the browser without user review, approval or even interaction, I do not believe the internet ad "industry" would exist as we know it. However, I believe the largest use of JS today is to support the internet ad industry. For example, it makes web-based commerce much easier. It is nice to have a built-in interpreter in a web browser for certain uses. There is nothing inherently wrong with the use of JS. I can still retrieve the content with the use of an HTTP request and no JS. Warnings and such one finds on web pages informing users that "Javascript is required" are usually false IME. The number of pages I visit that actually require JS for me to retrieve the content is so small that I can use a client that does not contain a JS interpreter. Doubtful it is a coincidence that all these browsers have JS enabled by default. However as we all know most users probably never change settings. In other words, these web browsers do not expect that all users should just leave JS enabled/disabled for every website, they acknowledge there will be situations where it should be disabled. ![]() They anticipate that the user will not have one default JS policy for all websites. The user configurable settings of popular browsers make it easy to designate the small number of sites that actually require JS and keep JS disabled for all other sites. IME, 9 times out of 10, web developers are using JS for non-necessary reasons. I am not a web developer, perhaps that is the reason. I must say, honestly, I don't understand the JavaScript (JS) movement. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |