Comment by matheusmoreira
3 years ago
Sounds good to me. Javascript is too powerful and should be limited. I shouldn't have to worry that my browser is executing remotely downloaded code that could exfiltrate an unbounded amount of information about me. They should either they get it right by doing it in a way that doesn't harm us, or they shouldn't get to do it at all.
The web should be fully declarative and permissions/capabilities based. If they can't do something that way, they shouldn't get to do it at all.
In that case, you might like the Gemini protocol? https://gemini.circumlunar.space/
I'm not deeply familiar with it, but it's a similar "extremely minimal is best" approach, also in part for privacy reasons.