Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
tampermonkey
Tampermonkey is the most popular userscript manager, with over 10 million users. It's available for Chrome, Microsoft Edge, Safari, Opera Next, and Firefox.
it just seems so trivial to me too build a small interpreted system that circumvents the "no dynamic JavaScript" rule. so so so trivial. so the only people hurt are the regular humans.
there was a simpler example on hm within the last week or two, but for example, json-rules-engine demonstrates how json might be a dynamic program, without ever needing to call eval or Function dynamic code: https://github.com/CacheControl/json-rules-engine
this would need to be extended with some html constructs. which is certainly possible.
or take evaljs and preload in some html functions!
> You might be working in a JavaScript environment where eval() isn't allowed (and you have a genuinely good reason why you want to use it). Maybe this'll slip under the radar.
https://github.com/marten-de-vries/evaljs
surely the people pitching these so called security measures grok just how many dump trucks of nonsense these so called protections they offer us are.
I believe they want to do something good too. but they are ineffectual & doing amazing amounts of damage in their grasp to go us this pretend fake security.
it just seems so trivial to me too build a small interpreted system that circumvents the "no dynamic JavaScript" rule. so so so trivial. so the only people hurt are the regular humans.
there was a simpler example on hm within the last week or two, but for example, json-rules-engine demonstrates how json might be a dynamic program, without ever needing to call eval or Function dynamic code: https://github.com/CacheControl/json-rules-engine
this would need to be extended with some html constructs. which is certainly possible.
or take evaljs and preload in some html functions!
> You might be working in a JavaScript environment where eval() isn't allowed (and you have a genuinely good reason why you want to use it). Maybe this'll slip under the radar.
https://github.com/marten-de-vries/evaljs
surely the people pitching these so called security measures grok just how many dump trucks of nonsense these so called protections they offer us are.
I believe they want to do something good too. but they are ineffectual & doing amazing amounts of damage in their grasp to go us this pretend fake security.
Hmmm. You're invited to vet it yourself here: https://github.com/gorhill/uBlock
I have suggested using Wizer's spidermonkey wasm to the Tampermonkey "v3" issue[1].
[1] https://github.com/Tampermonkey/tampermonkey/issues/644#issu...
Related posts
- Apr 24th is JavaScript Naked Day – Browse the web without JavaScript
- Some notes on Firefox's media autoplay settings in practice as of Firefox 124
- X.org Server Clears Out Remnants for Supporting Old Compilers
- Brave Leo now uses Mixtral 8x7B as default
- Mozilla thinks Apple, Google, Microsoft should play fair