1 Topic by gating-bakery-ride

  • gating-bakery-ride
  • Beginner
  • Offline
  • Registered: 2026-04-21
  • Posts: 1

Topic: Javascript in every browser of Hyperbola Milky Way

I'm confused by the different browsers in Hyperbola 04.4.4. Iceweasel has JS but also has LibreJS, which allows it to run different versions of JS—some acceptable, others not—and there isn't a default LibreJS, if that's even possible.
The “GNULibreJS” add-on is available, so I gather that Iceweasel is compiled with exploitable JS because it isn’t "free". There are also other Basilisk or Hyperbola add-ons that affect JS, and I’m not sure if they conflict with each other.
There’s a post about the Elink browser saying it doesn’t have JS because it was compiled without it.
Surfnet has JS but it can be disabled (though I don’t know if, when enabled, the JS library is exploitable, as everything in mainstream browser JS is).
I intend for Hyperbola to be my shield against JS, but I can’t find any confirmation of this in the operating system.
Unfortunately, Searxes' Third-party Request Blocker isn't in Iceweasel UXP, which eliminates many of the tricks of the modern web, but the original developer and information about the extension are also almost nonexistent, I would like if someone is kind enough any information about that too.

So my question is: can anyone elaborate on this problematic issue?
Probably this is a part of the topic: Hyperbola as secure system for browsing , and another future questions about it.

Thank you very much for your help.

2 Reply by throgh

  • throgh
  • throgh
  • Package Development
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 3,129

Re: Javascript in every browser of Hyperbola Milky Way

GNU LibreJS is not a helpful addon in any way. It is build against and with npm and therefore NodeJS is needed. whereever your assumption comes from that Iceweasel-UXP is compiled with exploitable JavaScript: This is not working that way. In fact the browser does include a JavaScript-interpreter, that is correct. But if you await a webbrowser shielding you from JavaScript than you should not even use a browser-package to include any JavaScript-interpreter. The following suite here:

NetSurf (optional activate JavaScript, but only minor support)
Dillo (no support)
links (no support)
lynx (no support)

So the best shield against JavaScript-execution is no support for any JavaScript. LibreJS as an addon does not shield you from anything and is just an illusion. For the upcoming version 0.4.5 there will be no longer any package / browser-application including webkitgtk, webkit generic and also no longer any UXP-based application.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!