www/philosophy javascript-trap.html

[Richard M. Stallman]

CVSROOT:        /webcvs/www
Module name:    www
Changes by:     Richard M. Stallman <rms>       11/12/25 02:21:23

Modified files:
        philosophy     : javascript-trap.html 

Log message:
        Update nontrivial criterion based on LibreJS experience.

CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/philosophy/javascript-trap.html?cvsroot=www&r1=1.28&r2=1.29

Patches:
Index: javascript-trap.html
===================================================================
RCS file: /webcvs/www/www/philosophy/javascript-trap.html,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -b -r1.28 -r1.29
--- javascript-trap.html        4 Oct 2011 16:38:52 -0000       1.28
+++ javascript-trap.html        25 Dec 2011 02:21:00 -0000      1.29
@@ -93,28 +93,49 @@
 server issue separately.</p>
 
 <p>In practical terms, how can we deal with the problem of nonfree
-JavaScript programs in web sites?  Here's a plan of action.</p>
+JavaScript programs in web sites?  The first step is to avoid running
+it.</p>
 
-<p>First, we need a practical criterion for nontrivial JavaScript
-programs.  Since &quot;nontrivial&quot; is a matter of degree, this is
-a matter of designing a simple criterion that gives good results,
-rather than determining the one correct answer.</p>
-
-<p>Our proposal is to consider a JavaScript program nontrivial if it
-makes an AJAX request, and consider it nontrivial if it defines
-methods and either loads an external script or is loaded as one.</p>
-
-<p>At the end of this article we propose a convention by which a
-nontrivial JavaScript program in a web page can state the URL where
-its source code is located, and can state its license too, using
-stylized comments.</p>
-
-<p>Finally, we need to change free browsers to support freedom for
-users of pages with JavaScript.  First of all, browsers should be able
-to tell the user about nontrivial nonfree JavaScript programs, rather
-than running them.
-Perhaps <a 
href="https://addons.mozilla.org/en-US/firefox/addon/722";>NoScript</a>
-could be adapted to do this.</p>
+<p>What do we mean by &quot;nontrivial&quot;?  It is a matter of
+degree, so this is a matter of designing a simple criterion that gives
+good results, rather than finding the one correct answer.</p>
+<p>
+Our tentative policy is to consider a JavaScript program nontrivial if:</p>
+
+<p>
+<ul>
+  <li>it makes an AJAX request or is loaded along with scripts that make
+    an AJAX request,</li>
+
+  <li>it loads external scripts dynamically or is loaded along with
+    scripts that do,</li>
+
+  <li>it defines functions or methods and either loads an external script
+    (from html) or is loaded as one,</li>
+  
+  <li>it uses dynamic JavaScript constructs that are difficult to analyze
+    without interpreting the program, or is loaded along with scripts
+    that use such constructs.  These constructs are:
+    <ul>
+      <li>using the eval function,</li>
+      <li>calling methods with the square bracket notation,</li>
+      <li>using any other construct than a string literal with
+       certain methods (Obj.write, Obj.createElement, ...).</li>
+    </ul>
+  </li>
+</ul>
+</p>
+
+<p>How do we tell whether the Javascript code is free?  At the end of
+this article we propose a convention by which a nontrivial JavaScript
+program in a web page can state the URL where its source code is
+located, and can state its license too, using stylized comments.</p>
+
+<p>Finally, we need to change free browsers to detect and block
+nontrivial nonfree JavaScript in web pages.  The program
+<a href="http://lduros.net/librejs/"LibreJS</a> detects nonfree,
+nontrivial Javascript in pages you visit, and blocks it.  LibreJS is
+an add-on for IceCat and IceWeasel (and Firefox).</p>
 
 <p>Browser users also need a convenient facility to specify JavaScript
 code to use <em>instead</em> of the JavaScript in a certain page.
@@ -136,6 +157,20 @@
 nonfree packages that are offered for installation in the usual way.
 Our campaign for web sites to free their JavaScript can then begin.</p>
 
+<p>These features will make it possible for a JavaScript program included
+in a web page to be free in a real and practical sense.  JavaScript
+will no longer be a particular obstacle to our freedom&mdash;no more than
+C and Java are now.  We will be able to reject and even replace the
+nonfree nontrivial JavaScript programs, just as we reject and replace
+nonfree packages that are offered for installation in the usual way.
+Our campaign for web sites to free their JavaScript can then begin.</p>
+
+<p>In the mean time, there's one case where it is acceptable to run a
+nonfree Javascript program: to send a complaint to the website
+operators saying they should free or remove the Javascript code in the
+site.  Please don't hesitate to enable Javascript temporarily to do
+that &mdash; but remember to disable it again afterwards.</p>
+
 <p><strong>Thank you to <a href="/people/people.html#mattlee">Matt Lee</a>
 and <a href="http://ejohn.org";>John Resig</a> for their help in
 defining our proposed criterion, and to David Parunakian for
@@ -227,7 +262,7 @@
 <p>
 Updated:
 <!-- timestamp start -->
-$Date: 2011/10/04 16:38:52 $
+$Date: 2011/12/25 02:21:00 $
 <!-- timestamp end -->
 </p>
 </div>