[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/philosophy javascript-trap.html
From: |
Richard M. Stallman |
Subject: |
www/philosophy javascript-trap.html |
Date: |
Sun, 25 Dec 2011 02:21:23 +0000 |
CVSROOT: /webcvs/www
Module name: www
Changes by: Richard M. Stallman <rms> 11/12/25 02:21:23
Modified files:
philosophy : javascript-trap.html
Log message:
Update nontrivial criterion based on LibreJS experience.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/philosophy/javascript-trap.html?cvsroot=www&r1=1.28&r2=1.29
Patches:
Index: javascript-trap.html
===================================================================
RCS file: /webcvs/www/www/philosophy/javascript-trap.html,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -b -r1.28 -r1.29
--- javascript-trap.html 4 Oct 2011 16:38:52 -0000 1.28
+++ javascript-trap.html 25 Dec 2011 02:21:00 -0000 1.29
@@ -93,28 +93,49 @@
server issue separately.</p>
<p>In practical terms, how can we deal with the problem of nonfree
-JavaScript programs in web sites? Here's a plan of action.</p>
+JavaScript programs in web sites? The first step is to avoid running
+it.</p>
-<p>First, we need a practical criterion for nontrivial JavaScript
-programs. Since "nontrivial" is a matter of degree, this is
-a matter of designing a simple criterion that gives good results,
-rather than determining the one correct answer.</p>
-
-<p>Our proposal is to consider a JavaScript program nontrivial if it
-makes an AJAX request, and consider it nontrivial if it defines
-methods and either loads an external script or is loaded as one.</p>
-
-<p>At the end of this article we propose a convention by which a
-nontrivial JavaScript program in a web page can state the URL where
-its source code is located, and can state its license too, using
-stylized comments.</p>
-
-<p>Finally, we need to change free browsers to support freedom for
-users of pages with JavaScript. First of all, browsers should be able
-to tell the user about nontrivial nonfree JavaScript programs, rather
-than running them.
-Perhaps <a
href="https://addons.mozilla.org/en-US/firefox/addon/722">NoScript</a>
-could be adapted to do this.</p>
+<p>What do we mean by "nontrivial"? It is a matter of
+degree, so this is a matter of designing a simple criterion that gives
+good results, rather than finding the one correct answer.</p>
+<p>
+Our tentative policy is to consider a JavaScript program nontrivial if:</p>
+
+<p>
+<ul>
+ <li>it makes an AJAX request or is loaded along with scripts that make
+ an AJAX request,</li>
+
+ <li>it loads external scripts dynamically or is loaded along with
+ scripts that do,</li>
+
+ <li>it defines functions or methods and either loads an external script
+ (from html) or is loaded as one,</li>
+
+ <li>it uses dynamic JavaScript constructs that are difficult to analyze
+ without interpreting the program, or is loaded along with scripts
+ that use such constructs. These constructs are:
+ <ul>
+ <li>using the eval function,</li>
+ <li>calling methods with the square bracket notation,</li>
+ <li>using any other construct than a string literal with
+ certain methods (Obj.write, Obj.createElement, ...).</li>
+ </ul>
+ </li>
+</ul>
+</p>
+
+<p>How do we tell whether the Javascript code is free? At the end of
+this article we propose a convention by which a nontrivial JavaScript
+program in a web page can state the URL where its source code is
+located, and can state its license too, using stylized comments.</p>
+
+<p>Finally, we need to change free browsers to detect and block
+nontrivial nonfree JavaScript in web pages. The program
+<a href="http://lduros.net/librejs/"LibreJS</a> detects nonfree,
+nontrivial Javascript in pages you visit, and blocks it. LibreJS is
+an add-on for IceCat and IceWeasel (and Firefox).</p>
<p>Browser users also need a convenient facility to specify JavaScript
code to use <em>instead</em> of the JavaScript in a certain page.
@@ -136,6 +157,20 @@
nonfree packages that are offered for installation in the usual way.
Our campaign for web sites to free their JavaScript can then begin.</p>
+<p>These features will make it possible for a JavaScript program included
+in a web page to be free in a real and practical sense. JavaScript
+will no longer be a particular obstacle to our freedom—no more than
+C and Java are now. We will be able to reject and even replace the
+nonfree nontrivial JavaScript programs, just as we reject and replace
+nonfree packages that are offered for installation in the usual way.
+Our campaign for web sites to free their JavaScript can then begin.</p>
+
+<p>In the mean time, there's one case where it is acceptable to run a
+nonfree Javascript program: to send a complaint to the website
+operators saying they should free or remove the Javascript code in the
+site. Please don't hesitate to enable Javascript temporarily to do
+that — but remember to disable it again afterwards.</p>
+
<p><strong>Thank you to <a href="/people/people.html#mattlee">Matt Lee</a>
and <a href="http://ejohn.org">John Resig</a> for their help in
defining our proposed criterion, and to David Parunakian for
@@ -227,7 +262,7 @@
<p>
Updated:
<!-- timestamp start -->
-$Date: 2011/10/04 16:38:52 $
+$Date: 2011/12/25 02:21:00 $
<!-- timestamp end -->
</p>
</div>
- www/philosophy javascript-trap.html,
Richard M. Stallman <=