undefined | Better HN

0 pointsmiragecraft8mo ago0 comments

Instead of inventing a separate protocol, you can invent your own html meta tag that marks a website to be JavaScript-free.

This will let you create search engines that crawl and index these sites specifically.

0 comments

RiverCrochet8mo ago

With .gmi files or "gemini://" URLs and a compliant Gemini client, I don't need to even need to load the document beforehand to know if it intends to execute code on my device or not. It already won't by design, it won't in the future, and it doesn't require settings management, vendor whitelisting, popups, or caring who makes the browser for me to make it behave that way.

Whereas that .html document with it's noexec meta tag might be updated in the future to suddenly contain code.

miragecraftOP8mo ago

You can create a browser plugin that detect such tag and automatically turns off JavaScript.

You can even configure the plugin to detect if a page contains JavaScript while claiming not to be.

RiverCrochet8mo ago

With a dedicated Gemini client I simply have to trust/verify code provided the client developer.

With your solution now I have to trust/verify code provided by the browser developer(s), the apparatus the browser provides for extensions, and code provided by the extension developers.

If I'm super paranoid I can just look at a .gmi in Notepad or vi and understand it. I can't do that with all but the most basic HTML.

1 more reply

j / k navigate · click thread line to collapse

0 comments

RiverCrochet8mo ago

Whereas that .html document with it's noexec meta tag might be updated in the future to suddenly contain code.

miragecraftOP8mo ago

You can create a browser plugin that detect such tag and automatically turns off JavaScript.

You can even configure the plugin to detect if a page contains JavaScript while claiming not to be.

RiverCrochet8mo ago

With a dedicated Gemini client I simply have to trust/verify code provided the client developer.

With your solution now I have to trust/verify code provided by the browser developer(s), the apparatus the browser provides for extensions, and code provided by the extension developers.

If I'm super paranoid I can just look at a .gmi in Notepad or vi and understand it. I can't do that with all but the most basic HTML.

1 more reply

j / k navigate · click thread line to collapse