GNU LibreJS

While the comments here are almost universally negative, this actually isn't that bad of an idea. Not just because of the freedom aspect, though I'm generally fairly principled about that--I'm more concerned about security and tracking. I've been increasingly paranoid in the post-Snowden era about this kind of stuff, using NoScript, RequestPolicy, and other plugins. And guess what... it's a huge pain in the ass. So many sites are broken, and I have to whitelist sites/external frameworks/CDNs quite often just to read simple articles. And even after all this effort, I know that I could still be running malicious code. I probably shouldn't care so much, but it's an irritating possibility. The implementation here isn't necessarily the best solution, but the idea of limiting javascript to trivial functionality could make things for the paranoid/security-conscious a lot easier.

Their definition of &quot;non-trivial&quot; includes using computed member expressions, so the following program is not supported:<p><pre><code> var greetings = {world: &quot;Hello World&quot;}; var subject = &#x27;world&#x27;; console.log(greetings[subject]); </code></pre> This is zealotry in action, who do they think is going to use this?

For the curious, this is what is considered &quot;non-trivial&quot;:<p><pre><code> .it makes an AJAX request or is loaded along with scripts that make an AJAX request, .it loads external scripts dynamically or is loaded along with scripts that do, .it defines functions or methods and either loads an external script (from html) or is loaded as one, .it uses dynamic JavaScript constructs that are difficult to analyze without interpreting the program, or is loaded along with scripts that use such constructs. These constructs are: ..using the eval function, ..calling methods with the square bracket notation, ..using any other construct than a string literal with certain methods (Obj.write, Obj.createElement, ...). </code></pre> ( <a href="http://www.gnu.org/philosophy/javascript-trap.html" rel="nofollow">http:&#x2F;&#x2F;www.gnu.org&#x2F;philosophy&#x2F;javascript-trap.html</a> )<p>I generally support Richard Stallman (or, as I&#x27;ve taken to referring to him lately, GNU&#x2F;Stallman or GNU plus Stallman), but this is a set of directives so wildly out of step with <i>common engineering practice</i> that I have to question how seriously others will take it.<p>Or, perhaps, there&#x27;s a deeper question here--can programs consumed from others on a network (such as embedded scripts) ever truly be considered free?

It&#x27;s funny how clueless comments here are focused almost entirely on the matter of non-triviality, which is completely unrelated to the point of this project. Triviality heuristics are in fact only an implementation detail, something made to make the usage of this extension a bit more bearable. It could be completely missing and the gist of this extension would still be preserved - that is, ensuring that no proprietary code gets executed in the browser.

This is self-imposed, owner-initiated DRM: it&#x27;s software specifically to make your computer run fewer programs and be less useful, because it might hurt the owner to come to rely upon powerful non-free programs.

NB: I saw LibreJS in use months ago, in person at the FSF offices. I also got in an argument about it in which I brought up points that are echoed in comments on this page.<p>But, I was missing the point then. (Maybe I still am.)<p>I think the point of this thing is show web users a truth that they might not have thought about: that most javascript in the wild isn&#x27;t licensed at all &amp;&amp; they depend heavily on it.<p>To see this point clearly, try an experiment: install and activate the add-in. Now, try to do something on the web. Find a restaurant, buy airline tickets, comment on a post, author a post on your blog. Most likely, you can&#x27;t do any of those things. That&#x27;s the point. Even ardent free software supporters are depending on [large number] lines of non-free software every day.

this is great for its audience(true gnu believers) and idk why every other comment is defensive like you feel personally slighted by some peoples&#x27; decision to avoid unsigned&#x2F;licensed js code running on their machine without explicitly feeding it to a runtime(don&#x27;t tell me they should curl down &#x27;source&#x27; and dependencies and check licenses before viewing a page, this actually does it for them!).<p>If you don&#x27;t care about GPL&#x2F;&quot;as in speech&quot;&#x2F;etc then it&#x27;s not for you, don&#x27;t install it.<p>RMS is a zealot but he backs it up with his crazy ass longsoon unlocked bootloader laptop from china(and other unusual practices, look up his speech rider sometime)

I don&#x27;t want to be negative about this, but TBH I can&#x27;t think of a webpage -besides Wikipedia- that will work fine restricting non-free JS.<p>At this point I can&#x27;t put my faith in web authors, since they could not even take care of prefixing the CSS for non-webkit browsers (not trying to fault the web authors, but trying to point out that prefixes were a less-from-ideal solution that ended up in the -webkit-disaster)... How can I expect from them to license their code with a free license?<p>On the other side, the awful practices (like using JS for animation, or tightly coupling the site code with the Tracking code) exists in most websites (including mainstream ones).

I think this involves a big misunderstanding of the web as a medium. You may produce non-free content using Open Software as a tool. E.g., I may write a book using LibreOffice and sell it (with copyrights). I may also embed this book into HTML code and provide it for free to my readers, even when not granting rights to copy or change the text. But, if I would use JS for the means of embedding the same text, I&#x27;m off. And I haven&#x27;t even mentioned of all the use cases, where a web project is the final product, aka the text, in its own end ...

Would this be a good choice for Tor? Although I think Tor is even more restrictive since it blocks all scripts and even Mozilla&#x27;s JIT.

It doesn&#x27;t even make sense philosophically to say client side should be treated differently from server side. If you want to block this then you&#x27;d surely also what to block servers that can&#x27;t prove they&#x27;re running free software. You&#x27;re still using the non free software either way; the only distinctions are technical not practical.

What&#x27;s next, GNU LibreCSS?<p>(I read somewhere that html5+css3 can be turing complete)

&quot;It blocks...&quot;<p>ah yes, freedom

Classic GNU&#x2F;Stallman. Putting ideology ahead of actually accomplishing anything. Thankfully, less than 1000 people will ever use this.<p>It is not evil to make proprietary software.

Blocking &quot;nontrivial JavaScript&quot;?! You have got to be kidding me. Let&#x27;s block Linux kernel for &quot;nontrivial C&quot; while we at it. It sure as hell looks far more nontrivial than an average js script.