Why do you use noscript to block JS? I've never understood.

The inconvenience of dysfunctional sites surely outweighs the one in a million chance you will have your login to HackerNews stolen, or something else that's more of a nuisance than an actual danger.

1.) Speeds up websites

2.) Removes clutter

3.) Additional privacy

4.) Additional security

Not all sites are dysfunctional. And for the ones that are, you enable javascript from the relevant domains the first time you visit. You can choose to remember those preferences for the rest of the session, or permanently.

The small amount of additional work is worth it.

I'm not a security guy. I don't know what reasons other people might have. I actually started it as an experiment, and grew fond of it for no specific laid-out reason.

Actually seeing what trackers and other such spyware are embedded in most pages these days is interesting, but I could live without the granular control. I think what I'm most interested in is just really seeing how different pages will break (or degrade gracefully) confronted with the missing functionality of javascript.

If you haven't yet, I suggest you give these add-ons a ride for, say, a week, if anything for the sake of learning.

i think you may be better suited with an add-on like ghostery which specifically blocks tracking scripts, rather than cutting off javascript completely.

| Why do you use noscript to block JS? I've never understood.

Because when you hit an infected web site, the script loading from xyz.ru will not get loaded and you will be safe. NOSCRIPT FF & NOTSCRIPT Chrome FTW!

so you voluntarily have a shitty web experience on practically every website just to prevent that one possibly hacked website that you might visit by accident some day?

how many of these vulnerabilities would noscript fail to protect against?

https://www.mozilla.org/security/known-vulnerabilities/firef...

http://chromekb.com/vulnerabilities/

I've found NoScript tends to improve the UX on most sites I visit. No popups, much reduced spinning click me ads, just generally more pleasant. Some stuff doesn't work, but I whitelist clean sites like HN and I'm usually happier without the JS on a lot of sites.

Just whitelist clean scripts from sites you want to visit. It would be cool if noscript could whitelist by SHA hash. Sometimes technical people like having control of their browsing/operating system/whatever experience, even if that control results in having to do more work or accept a less-than-ideal user experience (from the mainstream perspective).

I guess it's a control thing.

you're referencing a (completely static) webpage that was last updated 9 years ago. i think "graceful degradation" by today's standards would be using fallback fonts, avoiding cutting-edge html 5 stuff, and maybe some ie6 css hacks if you really want to support that extra single-digit percent of users. html, css, javascript, and browsers have evolved enough that if you want to remain in that tiny fraction of a percentage of users that want to use noscript, you're going to wear out your fingers complaining.

A valid criticism, and I apologize, as I'm very interested in progressive enhancement. It was an omission, and I believe you will find that the page is readable in its default state without JavaScript now. (Mind you, I threw this thing together in the middle of the night last night on a creative whim, and wasn't exactly expecting to end up on ycombinator.)

I was actually complimenting you for setting the spotlight to the centre of the page by default, not criticising you. :-) What did you change now? I revisited the page and it looks the same to me.

shit... I should have read your whole comment.

Well, it was broken earlier. I guess you saw it after I fixed it. =)