Comment by miragecraft
4 months ago
Instead of inventing a separate protocol, you can invent your own html meta tag that marks a website to be JavaScript-free.
This will let you create search engines that crawl and index these sites specifically.
4 months ago
Instead of inventing a separate protocol, you can invent your own html meta tag that marks a website to be JavaScript-free.
This will let you create search engines that crawl and index these sites specifically.
With .gmi files or "gemini://" URLs and a compliant Gemini client, I don't need to even need to load the document beforehand to know if it intends to execute code on my device or not. It already won't by design, it won't in the future, and it doesn't require settings management, vendor whitelisting, popups, or caring who makes the browser for me to make it behave that way.
Whereas that .html document with it's noexec meta tag might be updated in the future to suddenly contain code.
You can create a browser plugin that detect such tag and automatically turns off JavaScript.
You can even configure the plugin to detect if a page contains JavaScript while claiming not to be.
With a dedicated Gemini client I simply have to trust/verify code provided the client developer.
With your solution now I have to trust/verify code provided by the browser developer(s), the apparatus the browser provides for extensions, and code provided by the extension developers.
If I'm super paranoid I can just look at a .gmi in Notepad or vi and understand it. I can't do that with all but the most basic HTML.
1 reply →