Javascript

because 90% of Sup Forums and programmers are prostitutes that sell their soul for any company

>javascript was a mistake
maybe a bit out of my depth buy why exactly?

I am not trying to bait or troll just generally interested

>go on website
>minescripts.io has one script

i dunno...

it's like windows. On windows a single webpage click can get you malware
JS is coded in the same way. If you don't get malware you get a broken page. It's worse than flash and it should be abolished

Watch this: destroyallsoftware.com/talks/the-birth-and-death-of-javascript

It's slow, insecure, and webdevs use it to implement annoyances.

i remember like 4 years ago my mother received an email and thought it was safe (it was phishing) and with a single click dozens of pop ups showed up and we had to format the drive and re-install windows. At the time I installed avira but it wasn't capable of doing anything because it didn't scan http
Everytime I see javascript I remember about that incident
Javascript is like systemd: they should have never been allowed to exist

> emulate js without running it

What do you mean by that? Mock the io?

It's simple.
Don't visit those websites.

It used to be a lot faster. Google is just being fuckwits

removing js from browsers and allowing an extension to run it without any permission to write

>a single webpage click can get you malware
I made up a lie to make javascript look bad

also broken pages are more to do with how the javascript was written rather than javascript itself

I'll give it a watch

again, depends how the program was written. Sure there are some page implementations and built in functions that perform slowly when done inline, in async or in a large loop, but can be avoided with more efficient code or using a better js api
>insecure
I'd like to know more about this aspect as I have never seen or heard of evidence that it is insecure on modern operating systems and browsers

Javascript is inherently insecure, any code can by run on your machine and any number of exploits can be used to elevate privileges and install spyware, malware , etc.

(This is how the NSA,FBI,CIA honeypot tor websites)

>also broken pages are more to do with how the javascript was written rather than javascript itself
Just because you are a js prostitute making money with it doesn't mean you have to lie like that

name one way in which js is inherently broken other than development functions?

When you see a website without a piece of javascript code

It's a hacked together piece of shit, with layers and layers of quick-fixes and an endless number of useless derivatives

I would like, but i can say goodbye to 70% of websites.

Look up "javascript keystroke timing attack" for a recent one.

>any number of exploits can be used to elevate privileges
can you name one of these exploits or give an example?

I see Sup Forums has a hive mind bias against things that have mass appeal and gives ease of use - I will agree javascript has some pretty lowsy features and can be used to access information and send it to js backend servers - but afaik it can only receive information about javascript cookies, browser page height width information, and see if tabbed or currently being displayed (as well as legacy stuff like cursor placement and browser software and OS information)

If you don't already know I'm not gonna waste my time explaining (one has already been posted)

Write to what? Cookies? Local storage? Why does it need to be removed from the browser?

Browse something like: 'javascript exploit firefox'

>depends how the program was written

In that case it's too easy to write slow JS.

install decentraleyes and enable ajax.googleapis.com

the whitesheets were useless and gave no specific information other than theory. I only found this youtube.com/watch?v=XZrLrrzr-1g talk and is hard to follow

I thin the problem is that you require a fair amount of practice to create anything considered usable in most other programming languages (one's that require desktop nice looking desktop applications atleast) so anything you run on your PC will almost be guaranteed to look nice, whereas websites are so easy to make and execute that you could become an overnight web dev - not a good one though, but still a web dev nonetheless. You could say > it's too easy to be bad at writing js

Thanks, but I would like to avoid Google's javascript...

More like it's too hard to write secure JS

Somebody needs to destroy Google. I don't give a shit about Google furries or omnigays or otherkin or any other group of weirdos that work at Google. What I absolutely hate is Google Analytics and all the Google services that are sucking all of our information. I would not mind if YouTube fucking died. Please just fucking die, Google.

Just whitelist 4chink onii-chan

I agree with you user, but it's going to be complicated. Google has thousands of services: google translation (the best if you want to translate a sentence), google analytics (the best if you want to log all the clients that visit your website), google (the best for browsing the Internet), google map, android, .... It's too big.

it can destroy a web page, collect your data and access your personal system files

>Why does it need to be removed from the browser?
because that's the only way to make internet good again

No, I prefer to use qtchan

you're replying to a person who doesn't know what the fuck he's talking about

How so?

I ALWAYS skip the "until nothing left" ones.

first, simply analyze the javascript code and determine whether it will ever halt

You should try to use module 'libreJS'

sonniesedge.co.uk/posts/a-day-without-javascript

we need an updated version of lynx so we can download pages and convert to html on the fly
That way we don't have to execute javascript. A guy here a few months ago released a experimental browser for Sup Forums that was working without javascript.
If more people were interested it could be possible to have a browser with javascript removed.

why would you whitelist Sup Forums's explicit malware when you can use the site without doing so

That's exactly why you install Decentraleyes before enabling ajax.googleapis.com

you shouldn't block bootstrap it's used for a lot of styling i imagine not using it will straight up break the website

>old image from Internet pop out
>laughters

I don't need it to browse on the website.

Weird, when you block it in umatrix and ubo it doesnt display properly. Is this why bothe extensions are needed?

It depends of the website, for example on signal.org, block bootstrap's javascript will not break your page.

Web devs are lazy and just want to use javascript for every thing.

Might be something like XHR which uBO lets through.

By the way I'm still getting this shit after months even with Sup Forums block fix and anti cancer in tampermonkey, all the domains in hosts file and everything blocked in umatrix and ublock. Is there any newer method to completely get rid of this? Still breaks Sup Forums for me more often than it doesn't and I don't know why it won't go away.
Oddly those don't show up on my laptop, only on my desktop.

forgot pic

Are you using 4chanx? This is all I see in firefox.

...

be careful with this. If you have google analytics etc blocked with ublock decentraleyes will helpfully load its cached version for you meaning you still get spied on.

Yeah using 4chanx. I'm at wits' end here.

It doesn't though? You can see which resources it injects.

The anti cancer script isn't necessary if you have this filter in your uBO.

Sup Forums.org##script:inject(abort-current-inline-script.js, String.fromCharCode, /\/\*[0-9a-f]{40}\*\//)

It should come with the "uBlock Filters" list.

Yeah I have that too, I've tried everything and none of it works for some reason.

if you get one of those, click one square (to check if it's a slow captcha) and reload 2 times to get a normal one

If the sites don't use cdn's then you would be making a thread about how slow XYZ website is.

However, if it was up to Sup Forums we'd be browsing plain text websites in 2018.

Sounds like an good idea.
We just need some kind of environment where the scripts would be emulated in and an interface that would translate it's emulated behavior to the actual page.
There should be some kind of organization that defines standard for that interface so anyone developing browsers could implement it.

it will say "Click verify once there are none left." when you get a slow captcha so you dont really need to select even one to see it if you get it.

>However, if it was up to Sup Forums we'd be browsing plain text websites in 2018.
That would be lovely.

>>timing attack
JavaScript

There is not a single known proof of concept.
Not even in lab conditions.
It's literally in the second paragraph that you have to disable any security to eventually get this to work. Even then it's more like guessing what's been typed.