LibreJS chrashes Abrowser

7 replies [Last post]
quantumgravity
Offline
Joined: 04/22/2013

Hello everyone,

I recently installed the "libreJS" extension of the gnu project for abrowser.
Unfortunately, the browser freezes if this extension is enabled.

It's Trisquel Toutatis and Abrowser 20.

Anyone same experience or solution?
Many thanks

onpon4
Offline
Joined: 05/30/2012

I never had that, but then again, I never used what I think is currently the latest version; I stuck with 4.9.2. Now I use NoScript because it's a lot more powerful and less buggy (I especially can't stand that LibreJS has an annoying tendency to split text entry boxes into more lines) and LibreJS doesn't actually do a good job finding out if scripts are free in practice, so it doesn't really do any better than NoScript. The annoying hassle of having to disable LibreJS any time I wanted to reply to a forum post. The only reason I stuck with LibreJS at all was because of a bug in Firefox 20 and below which caused the video player elements to not show up if Javascript was disabled or blocked by NoScript.

So in short: I really recommend you use NoScript instead of LibreJS (but change the preferences; it whitelists a bunch of sites that have nonfree Javascript by default, such as YouTube, so the first thing I do when I install NoScript is remove them from the whitelist), unless perhaps you watch videos in Abrowser's HTML5 player.

Regarding the freezes, I never experienced that, but I didn't use the latest version of LibreJS very much. Maybe you're just running out of RAM?

quantumgravity
Offline
Joined: 04/22/2013

I don't know much about noscript. Does it disable Javascript completely except on the sites of my whitelist?
I don't know much about LibreJS either, but I thought it has some kind of recognition function for "proprietary javascript" and does not disable all scripts by default, but I may be wrong.

I'm afraid of many essential sites being completely unusable due to the lack of javascript, but I will try out.
Thank you!

onpon4
Offline
Joined: 05/30/2012

LibreJS tries to find out what scripts are nonfree and non-trivial, but it relies on a comment format that in practice is rarely used. The result is that it just tends to block everything that it doesn't consider non-trivial (which is most scripts) unless the website you're visiting is on LibreJS's whitelist.

Yes, by default NoScript disables all Javascript that isn't coming from websites on your whitelist. Also much nicer about NoScript than LibreJS is that its whitelist is based on what website the script comes from rather than what website you're visiting, so it's much easier to control than LibreJS. Also, NoScript allows you to temporarily allow scripts from a domain (or temporarily allow all scripts used on the page you're currently visiting) and then revoke those permissions at any time.

kernelKurtz
Offline
Joined: 03/12/2013

Yes to your first question. By default (after you clean out the whitelist), JS is disabled everywhere.

Then you gradually build your whitelist back up, for your banking sites and other mission-critical browsing ...

Simplest and easiest way to do so is hovering the small NoScript button that installs at the very bottom of the browser.

It's an effort at first, but very well worth it IMHO.

quantumgravity
Offline
Joined: 04/22/2013

I didn't expect the situation being this bad....
I think noscript is not a very good solution, because I only can choose between "I want to use this site because I need it" and "I don't want to use this site because I don't need it".
With this, I never know whether I'm running proprietary javascript or not. I only can decide whether I need the site so badly so it's worth the risk.
So I think noscript improves the situation but doesn't make it acceptable.
Would be good if libreJS improves and becomes usable ...

onpon4
Offline
Joined: 05/30/2012

Part of the problem is technical, part of it is social.

The social part is that a lot of webmasters just don't think about it: they don't give their scripts any license and often don't provide the source code either.

The technical part is there is no easy way to tell automatically if any program is free. This isn't a problem for most programs because a human needs to manage the repo of a GNU/Linux distro or a catalog of free software, but for Javascript, there are just so many scripts, and they are frequently used transparently.

So yeah, NoScript is definitely not the best solution, and LibreJS doesn't really do much better (the only improvement is that it gives is helping you actually look at the Javascript files, but even that is not very useful because LibreJS doesn't let you choose specifically what scripts to execute; your override is either all or nothing).

Actually, come to think of it, why didn't LibreJS just fork NoScript, take away the other security features it has, and add the license and script triviality detection and change the default whitelist? Then it would have all the stuff NoScript has, including not introducing errors into pages, plus extra.

quantumgravity
Offline
Joined: 04/22/2013

This topic seems to be very up to date, since there just appeared this fsf campaign:
http://www.fsf.org/blogs/community/take-action-for-free-javascript