silverwizardOct 21, 2024

One of the things that is destroying the web is WASM and JavaScript.

This isn't really even a joke - it's literal.

By having all these tools to make a web browser have unfettered access to the system, it becomes unsafe to allow users to generate arbitrary code. We can't have another MySpace or NeoPets User Lookup because we can't allow users to write their own HTML, because that's *dangerous*.

Show threadFrost, wolf of winter πŸΊπŸŽ„
@silverwizard I wonder if there's a way to say "do not run scripts in this frame, no matter how they come to be there". And then strip out script tags and things, of course, but also then if they find a way to embed a script that you didn't think of, it wouldn't get run.
Oct 21, 2024 at 8:16pmWeb
Show threadsilverwizardOct 21, 2024
@IceWolf I mean - I'd love to make tools to allow noscript sites. Sites that say "run not JS from me". It'd be so good as a header!
Show threadFrost, wolf of winter πŸΊπŸŽ„Oct 21, 2024
@silverwizard And there's evidently ways to do it safely, because JSFiddle and the like exists, but it apparently requires a whole separate domain like "githubusercontent.com" and that's probably too much complexity for, say, a forum/social media site where every post gets full HTML or whatever.
Show threadsilverwizardOct 21, 2024
@IceWolf I don't know what JSFiddle is doing - but I assume it's some sort of minimal level libraries and APIs? I dunno