nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqmqgquuq4dgy25jlcdk5adh9l5cmw5r4l0zses5zrv7cadsz5tlwsc0ljg7 (nprofile…ljg7) nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe9y9sk5m7gx0hcucfll5m0fqkspjsxvkw3hlkxpn95flnyc2mj2qujytjz (nprofile…ytjz) Alexandre Oliva (nprofile…fpcl) >iFrames are discouraged by most web dev guidelines, as they can embed malicious remote content,
So iframes without JavaScript is bad, but a page full of malicious proprietary JavaScript without iframes is good? Huh.
Have you considered that JavaScript is always the "malicious remote content"?
>allowing criminals to inject malware, steal information, or conduct fraud
Exploitation, information exfiltration etc require JavaScript to pull off - meanwhile you cannot do any of that with just HTML.
>whereas client-side JavaScript is sandboxed within the isolated context of the webpage
Have you considered that there's always a sandbox bypass?
>with same-origin policy restrictions.
Last time I checked those can be applied to iframes just as well.
>Client-side processing grants improved responsiveness, better privacy and faster loadings, also reducing the carbon footprint by avoiding unnecessary web requests.
In reality, I find that cgit is far more responsive and loads faster and has better privacy than JavaScript-based git hosts, which are much slower and really hit the CPU hard - increasing electrical consumption substantially.
If you want to reduce CO₂ emissions, one effective move would be to eliminate JavaScript.
GNU/翠星石 /
npub1x2…jar98
2025-03-06 11:04:53
in reply to nevent1q…j5fp
Author Public Key
npub1x2vc8gu0kj2slcujhkd2y684k32e2zhzn78d2quea4tajn9ql2pqqjar98Published at
2025-03-06 11:04:53Event JSON
{
"id": "cf14728b98f0eab55c5addec1a8fc0c87de5bc3c24aca08d15959ed87bfdb2a1",
"pubkey": "329983a38fb4950fe392bd9aa268f5b455950ae29f8ed50399ed57d94ca0fa82",
"created_at": 1741259093,
"kind": 1,
"tags": [
[
"p",
"d8100e70156a08aa4bf86da9d6dcbfa636ea0ebf78a198504367b1d6c0545fdd",
"wss://relay.mostr.pub"
],
[
"p",
"c948585a9bf20cfbe3984fff4dbd20b403281996746ffb18332d13f9930adc94",
"wss://relay.mostr.pub"
],
[
"p",
"4126d00825e2d4a66c9a07e6a950fc4f3efb4cbf105c7d73509a34d1c6af7a18",
"wss://relay.mostr.pub"
],
[
"p",
"228b32ed09a04572a073f41d6cc9265a09a9c1edde47e92683b1675012f6c15d",
"wss://relay.mostr.pub"
],
[
"p",
"d33d442cb0a7782f3296854cab732333f5b52db6c91058696d5bebbad4242a4b",
"wss://relay.mostr.pub"
],
[
"e",
"a6fb1a779f166cae1319248111ca6538c05d5386d4eb6214d25637402b429e99",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://freesoftwareextremist.com/objects/ba4e2956-99f0-4909-96d8-0ebe6631619e",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqmqgquuq4dgy25jlcdk5adh9l5cmw5r4l0zses5zrv7cadsz5tlwsc0ljg7 nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqe9y9sk5m7gx0hcucfll5m0fqkspjsxvkw3hlkxpn95flnyc2mj2qujytjz nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqgyndqzp9ut22vmy6qln2j58uful0kn9lzpw86u6sng6dr3400gvqg3fpcl \u003eiFrames are discouraged by most web dev guidelines, as they can embed malicious remote content,\nSo iframes without JavaScript is bad, but a page full of malicious proprietary JavaScript without iframes is good? Huh.\n\nHave you considered that JavaScript is always the \"malicious remote content\"?\n\n\u003eallowing criminals to inject malware, steal information, or conduct fraud\nExploitation, information exfiltration etc require JavaScript to pull off - meanwhile you cannot do any of that with just HTML.\n\n\u003ewhereas client-side JavaScript is sandboxed within the isolated context of the webpage\nHave you considered that there's always a sandbox bypass?\n\n\u003ewith same-origin policy restrictions.\nLast time I checked those can be applied to iframes just as well.\n\n\u003eClient-side processing grants improved responsiveness, better privacy and faster loadings, also reducing the carbon footprint by avoiding unnecessary web requests.\nIn reality, I find that cgit is far more responsive and loads faster and has better privacy than JavaScript-based git hosts, which are much slower and really hit the CPU hard - increasing electrical consumption substantially.\n\nIf you want to reduce CO₂ emissions, one effective move would be to eliminate JavaScript.",
"sig": "4eca92b577b06e00da78608cebd85493a099999ff76bdd5b4b72999bedee55ecebda066a18d05611e477cf226320923888168f200c0165e266f76e509caef084"
}