On Wed, Apr 8, 2015 at 9:07 PM, Steven D'Aprano steve@pearwood.info wrote:
On Wed, Apr 08, 2015 at 09:29:23AM -0400, Jim Popovitch wrote:
So, you do want to see the HTML content before it is interpreted by your computer? :-)
As HTML is not executable code, "interpreted" is a misleading word to use. But taking it in the loosest possible way, no, of course not. I have no desire to see raw HTML content, I want my browser to render it, I never said differently.
HTML can load swf and jar files (which themselves are bytecode that you can't easily interpret with the naked eye.)
Look, your JS vs HTML argument is cloudy at best. :-)
I'm sorry that neither I, nor the existence of Javascript malware, have not been able to convince you that there is a large difference between rendering a HTML document and executing code.
Javascript malware pales in comparison to swf, jre, wmf, and ocx (oh my!) payloads (all delivered via rich HTML...) but I'm not here to convince you about the bigger security picture.
I am happy for you to continue allowing Javascript to run in your browser, and you should be happy to allow me to disable it by default even if you think I'm being silly.
You are misinterpreting my remarks if you think I allow carte blanche javascript, the truth is that I don't. All I've done is point out that your obsession with .js apparently has no throttle for anything rendered via pure HTML (or at least that's what you've indicated in this thread ... "I want my browser to render it,", etc.)
All I asked for is that Mailman's web UI should degrade gracefully when Javascript is turned off. Is that so wrong?
I agree 100% with that, but if there is some Mailman admin-side javascript functionality that needs to run I'd be happy to whitelist it in my browser. That said, I'm working on a simple FTS Mailman+MongoDB search patch that absolutely requires Javascript for query results (i.e. "Found 123 results matching 'query xzy'") as well as continuous pagination (i.e. while(obj&&obj.firstChild){obj2.appendChild(obj.firstChild)}) and search suggestions... so I'm a bit more familiar with working with and using javascript appropriately.
-Jim P.