# New JavaScript requirement for the site



## cherry blossom (Jan 29, 2018)

I assumed from sometime last week that the site had problems because I always received an error message on attempting to visit (shown below).






Yesterday, I realised that the Google cache had updated after I started to have problems and decided to check if there was a browser incompatibility. I found that I had to allow JavaScript and then go to the main page. Note that simply allowing JavaScript does not cause the error message to go away.

I personally think that requiring JavaScript is a bad idea. JavaScript was not required before last week, so it clearly does not give much advantage. Not giving a message about JavaScript if it is not enabled is a worse idea as it will cause careful surfers to conclude that the site is broken.

The point about blocking JavaScript is that a malicious website can run effectively arbitrary code in a browser that allows JavaScript. This caused part of the Meltdown panic within the last month when it was revealed that it was possible to use features of Intel chips to read out passwords and certificates from the kernel. Most browsers have now been patched to prevent the method found by Google and at the University of Graz from working by lowering the timer resolution Lowering JavaScript Timer Resolution Thwarts Meltdown and Spectre. However, any new zero day is also likely to be delivered via JavaScript.

I have allowed JavaScript for this site (obviously as I am posting) and I hope that I am fairly safe here running Firefox 58 in a Firejail sandbox Firejail with just ublock Origin to block adverts. However, Noscript does make me feel safer.

Reactions: Like Like:
1 | Like List reactions


----------



## horseUSA (Jan 29, 2018)

It should be fixed now.


----------



## cherry blossom (Jan 29, 2018)

horseUSA said:


> It should be fixed now.


Thanks!! That was quick.


----------



## Marcel (Jan 29, 2018)

Which pages do you think doesn't require JavaScript? It's alI HTML5 standard now, so very soon there a be any website without JavaScript anymore. The site needed JavaScript before last week as well.

Btw, running in firejail is a very good solution!


----------



## cherry blossom (Jan 29, 2018)

Marcel said:


> Which pages do you think doesn't require JavaScript? It's alI HTML5 standard now, so very soon there a be any website without JavaScript anymore. The site needed JavaScript before last week as well.
> 
> Btw, running in firejail is a very good solution!



The problem with firejail occurs when I want to upload a file and cannot find it.

I can now read the site with javaScript off. In the screenshot below note that Noscript 10 says that 15 scripts were disallowed. However, I have to allow javaScript to upload files and preview posts. I also checked that the site works with NS 5 in Palemoon.


----------



## horseUSA (Jan 29, 2018)

cherry blossom said:


> Thanks!! That was quick.



Yea when I looked at the url in your browser...I said why the hell is it quoting the full url within it.
Probably a wrong bookmark, link, or redirect. I checked logs 

```
[29/Jan/2018:09:32:39 -0500] "GET /forum/'https://ww2aircraft.net/forum/?PageSpeed=noscript%27 HTTP/2.0" 404 9597 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0"
```
Ok PageSpeed issue maybe.
When a browser has javascript disabled pagespeed redirects w/ the added querystring PageSpeed=noscript. Looks like Firefox isn't handling the redirect proper. So I added switch in pagespeed config to disable check thus redirect.

The site does require javascript to run properly. It will work without javascript but some functions may be broken. Unfortunately it is hard to get away without javascript these days.


----------

