So, I am one of those old school types who mains with Firefox and Noscript. And also a filthy casual that just goes on lemmy.world. But half the images are broken because I’m expected to allow scripts on like 30+ sites to see most of the posts. I’m literally expected to allow /all/ the scripts from a domain just so I can see a dang picture behind the thumbnail. That’s the entirety of the scripting needed. That seems ridiculous. Is there, I don’t know, a server/way that makes it so I don’t have to blanket allow all these scripts? To put it in meme form (not sure I’m doing it right, never seen the show): “It’s an image of a banana Michael, what should it take, one Raspberry Pi running Docker?”
Yes.
PieFed uses very minimal javascript (it 95% works with JS entirely disabled) and you can access all the same communities and posts.
Try it at https://piefed.social/ or any of these other instances - https://join.piefed.social/try
Piefed is kinda awesome. Switched earlier in the year :)
Just curious, what’s the 5% that doesn’t work with JS disabled?
Voting, lol. Kinda important.
Dropdown menus. They’re not really needed but life sucks without them.
Can’t manually switch between dark and light mode (only automatically based on browser settings).
There’s probably more but I haven’t seriously tried to use PieFed for long without JS. Fundamentally it’s built HTML and CSS first, with sprinkles of JS added on for funsies rather than the modern way of being all about JS.
Voting
You could support this by making vote buttons submit a form if JS isn’t enabled. (That’s what mlmym does.)
Can’t manually switch between dark and light mode
Hmm… There are some pretty nifty things you can do with a hidden checkbox, label, and some clever CSS (e.g.
html:has(#element:checked)+ CSS variables – though FYI:hasis baseline 2023.)Making it persistent would require some more effort – e.g. form + cookies + server side style sheet selection, most likely. mlmym lets users change their theme w/o JS by submiting a form on the setting page. I’d have to think a bit if there’s a good way to make it persistent across multiple requests for logged out users with a CDN caching things in between though…
only automatically based on browser settings
Doesn’t actually work for me in a FF138-based browser w/ JS blocked via NoScript – I always get light mode despite having a dark mode preference set. (Where do you have your
prefers-color-schememedia query?)Also, FYI I had to manually override font restriction – otherwise all your buttons end up as tofu characters. (I think NoScript is being kind of unreasonably strict there by blocking first party fonts.) That’s a papercut kind of issue, but figured I’d point it out in case it might save you some debugging time if you get confused NoScript users in the future.
Yeah I think it’d be worth getting the voting buttons working, those are pretty key functionality.
The icons being stored in a font is kinda problematic (some browsers choke, large font file) but on the other hand it’s so great being able to set the color of them in CSS, which I found difficult when they are a SVG.
Yesterday:
<nav script="dropdown.js" style="dropdown.css"> <button onclick="toggleDropdown()">Menu</button> </nav>Today:
// index.js import React from 'react'; import ReactDOM from 'react-dom'; import './global.css'; import App from './App'; ReactDOM.createRoot(document.getElementById('root')).render(<App />); // App.jsx import Dropdown from './components/Dropdown'; import './App.css'; export default function App() { return ( <main> <Dropdown /> <p>Hello, world!</p> </main> ); } // components/Dropdown.jsx import { useState } from 'react'; import styles from './Dropdown.module.css'; import ArrowIcon from '../assets/icons/ArrowIcon.jsx'; export default function Dropdown() { const [open, setOpen] = useState(false); return ( <div className={styles.dropdown}> <button onClick={() => setOpen(!open)}>Menu <ArrowIcon /></button> {open && ( <ul> <li>Option 1</li> <li>Option 2</li> </ul> )} </div> ); }That way is old and busted, here’s the new hotness (anchor positioning).
Yeah. But in this case the Topics menu can be quite heavy as it lists every community that the current user is subscribed to. Instead of generating that menu (and sending it to the client) on every page load, when it probably won’t even be used, PieFed makes an ajax call (only possible with JS) to retrieve the topics menu when it’s clicked. Same for ‘Feeds’.
This cut the amount of HTML being sent to the browser by around 50% (depends on how many communities you subscribe to but PieFed makes it extremely easy to subscribe to dozens of communities with a single click so many people have hundreds) and eased load on the server too. Some of the more under-powered instances run noticeably faster now.
Looks nice is my immediate impression (looking at it with all javascript off, including ). Still would like thumbnails that are the entire image just much smaller, maybe via CSS. The cropping is very misleading on a lot of images. Perhaps one could use css-toggle-switch–not going to try to solution it, and I know last time I checked css wasn’t great for it. But the results are notably different from lemmy.world for Active or Top past 12 hours. Not necessarily /bad/, particularly for top posts as they at least have a bit of engagement. But it seems like part of the solution is just don’t incorporate results from servers that require javascript. Is it possible (ethical even) to incorporate them, but be a middle-man that saves the user from their javascript?
In https://piefed.social/user/settings there are two different compact modes to choose from, which shrink the images to varying degrees.
I don’t know of any way to determine how JS-heavy a link is.
I’ll try to play with it next time I’m on desktop. Thanks!
doesn’t require allowing javascript of a million other servers?
half the images are broken because I’m expected to allow scripts on like 30+ sites to see most of the posts
software like noscript is not exactly beginner friendly. you’re expected to understand the impact of your blocking and what you are blocking. the only domain you need to allow JS from on lemmy.world is lemmy.world. standard lemmy-ui does not load any js or css from third party sources, only the domain where lemmy-ui is served. your noscript configuration is blocking the actual images, not javascript that would be required to load images.
edit:
to expand on this, even in tor browser in safest mode, lemmy.world works totally fine when all you do is allow JS from lemmy.world on lemmy.world:
That looks cherry picked or very lucky. Can you show me a screenshot of Firefox with NoScript and allowing only lemmy.world and ANY other image from the first five results of the home page? My result? “The American Dream” discuss.online - BROKEN “We are way overdue for an open source 2d printer” sub.wetshaving.social - BROKEN “We never stood a chance.” ani.social - BROKEN “literally useless” lemmy.blahaj.zone - BROKEN “Anime Recommendations” lemmy.dbzer0.com - Works (the one you show)
nothing about this is cherry-picking. it’s simply how lemmy works. there are no remote js sources. lemmy-ui even sets security headers that prevent loading js from third party domains.
So, why does your image show the ani.social and mine doesn’t? Remember I said Firefox. Sorry, too many years in dealing with these kinds of issues. Please show me a screenshot of the top of the browser so I can see it is Firefox and also expand out the noscript extension like you did before and show me the ani.social image expanded. I know your first image had a window header that did not look like Firefox. In fact you mentioned “tor browser” and I want to make sure we are talking apples to apples.
honestly at this point I don’t consider it worth continuing the discussion here, as it doesn’t seem that you understand enough of what you’re talking about, despite your claims of dealing with it for “years”, yet you keep implying that i’m likely the one being wrong or even lying/misrepresenting things.
the second screenshot is from the same browser as the first, both are in firefox, using the tor browser variant in safest mode, which blocks even more than the average noscript installation in firefox. tor browser is a hardened variant of firefox esr. if it works in tor browser without loading js from third parties it’ll very much do so in any other browser. the screenshot is from macos, which is probably why you’re not used to it, but that’s just what firefox on macos looks like. this is my standard firefox install:
besides, if lemmy was loading and executing javascript from other instances, this would be a massive security issue, which is yet another reason why your claim of loading js from other instances is ludicrous for someone who knows how these things work, at least when you keep insisting on it.
as i mentioned before, noscript is not an extension that is easy to use without some basic understanding of how websites work. if you’ve been having issues for years due to not understanding these things and how to deal with them properly that suggests that it’d probably be better for you to just switch to something like ublock origin with anti-tracking filter lists if you’re not planning to spend some time learning how websites work and what the different types of blocked resources do.
i don’t even see how you would be blocking images with noscript, as there doesn’t even seem to be an option for it. unless of course you’re confusing noscript with something like umatrix, which does allow blocking images by default as well, but it would also clearly show that there is media blocked and not scripts:
anyway, if you’re truly interested in understanding these things and not just rant about them please do some research on the technology being used.
tor browser is a hardened variant of firefox esr.
I’m familiar with ESR. As I understand it, it is the version before (or more precisely a reflection of the version before) Mozilla switched to the newer version, breaking a lot of extensions that I liked in the process. As I remember it, it was a pretty deep departure (and many considered it too Chrome-y, was the same underlying engine on something like that). The newer version was more secure, but also more limited. I’ve played around with some ESR forks, but I do not use them normally/currently. That alone sounds like a pretty different environment.
screenshot is from macos,
Ah, now I see it. I’ve seen that in screenshots before. But yes, yet another case of different environments. And that’s not even getting into other possible extensions.
your claim of loading js from other instances is ludicrous for someone who knows how these things work
I’m sorry if you thought I was “implying that I’m … even lying”. I just want to get environmental discrepancy issues out of the way first. Let’s have best faith assumptions, like I will regarding the above sentence.
As for loading js, I took a screenshot, but I don’t want to upload screenshots if not necessary. It was from a few days ago and does show many instances attempting to run scripts. Notably, after my post, I noticed that images were loading without needing to enable any javascript from other servers (didn’t bother to check if they were still trying to, but I didn’t permanently allow them, and images were loading). I can upload my screenshot, but only if you really want them. That is if it is something you need. My best faith understanding of our communication is neither of us want this to devolve into something unpleasant, and I worry about it getting there.
ublock origin … umatrix
I have the former, tried the latter, but ultimately have stuck to a mix of ublock origin and noscript. Theoretically, one doesn’t even need noscript, ublock origin can do it. But I am used to this mix. I can see by how many times you’ve mentioned it, that I need not remind you for how long.
not just rant
If this feels like ranting, then perhaps we do not engage further. However, if /you/ feel you would benefit, I am more than happy to. I do appreciate the time you put into your responses and what you have added to the conversation.
I admire your patience.
Mentioned elsewhere, and a decent workaround. Doesn’t do well with thumbnails, unfortunately.
[edit: someone below suggested removing the thumbnail sampling (I’ll probably try via uBlock Origins). Honestly with that and a bit of zoom, might work fine. Will be testing it.]
I think the old Lemmy alternative frontend supports no JS. But I’m not sure whether the dev is still actively maintaining it: https://github.com/rystaf/mlmym
This is available as old.lemmy.world
Unfortunately with Lemmy 1.0 MLMYM (the software used to provide this UI) will have to be shutdown, unless the MLMYM dev re-appears or someone forks and maintains it.
someone forks and maintains it.
MrKaplan already forked it and is keeping it on life support for lemmy.world. I’ve been trying to make enough sense of it to fix several issues that have been bugging me for a while, and will contribute my fixes there if I can figure them out.
I’ve only got a few hours each weekend where I have good concentration + enough free time to work on it, and don’t know the relevant languages (Go, Rust, TypeScript), so my progress is pretty slow… but I’m still poking at it.
Thank you and @mrkaplan@lemmy.world for your work!
Wow thanks for the info and the work. I don’t use it much since 99% of my Lemmy use is on mobile and I prefer stock Lemmy for admin stuff, but I know at least a few of my users use it.
I’m going to see if that fork is something I can just drop in the docker compose file. That’ll be awesome if so.
Do they intend to make it 1.0 compatible or is this beyond the scope right now?
I don’t know what anyone else intends to do, but if I can fix the issues I’m currently looking at – and no one else has stepped up in the interim – I’ll at least take a look at the 1.0 stuff. (I use mlmym and would like it to keep working…)
tbh it’s probably not going to be too complicated to switch to 1.0. the current api is generated from lemmy-js-client, but 1.0 api has an official openapi file. if there is a decently usable openapi generator for go that would probably not be too complicated to swap in instead and adjust the api calls in mlmym code.
Hopefully someone will volunteer to make compatible with Lemmy 1.0
Which is basically the same as old.reddit.com . Which is great as far as functionality. Squint and you can imagine it would be perfect. Zoom in and it’s decent, except the thumbnails now are even more clearly 4-pixel potatoes. Okay, so where’s my FOSS firefox extension that works like RES (Reddit Enhancement Suite)? Or, I actually don’t need that, just a FOSS firefox extension that takes any old.lemmy and makes the layout look like the new layout, with toggles to turn off anything in the new layout you don’t want (e.g. right side bar)? Or, maybe some custom javascript I can save in greasemonkey to make everything zoom 150% and replaces thumbnails with better compressed versions of their expanded versions (make my own thumbnails)?
the thumbnails now are even more clearly 4-pixel potatoes
pictrs’s thumbnail parameter uses dumb raw pixel sampling – which leaves something to be desired… It has other sampling options implemented (with
resize, according to the docs), but they don’t seem to accessible on my instance. You can removethumbnail=96if you want to get the image without that thumbnail sampling, at least.make everything zoom 150%
I do this with my browser’s UI (ctrl-plus keyboard shortcut in FF-based browsers works for me).
e.g. right side bar
[...document.querySelectorAll(".side")].forEach(sidebar => sidebar.remove())You could also just adblock the element with class
side.remove thumbnail=96
Hey, that sounds like a great idea, I bet I could add that to ublock origins. And, yeah, zoom via ctrl plus is what I do (I’m not sure if it is remembered between sessions). As for the side bar, it does not bother me, it was just as an example of what an extension theoretically could do. Honestly, another extension should not be needed. Instead a lemmy /c/ or other repository for user hacks would be nice that you could put into ublock origins or other DOM manipulator. That removing thumbnail sampling looks awesome, will try it out next time I’m on desktop.
Noscript user here; we don’t generally have that problem on fedia/mbin. It’s mostly just mastodon “quote posts” and imgur that don’t show up unless you allow their servers.
This tbh.
I don’t understand why is this not he standard for Lemmy and the Fediverse. We got here, among other things, to get away from the kind of crap enabled by JS-first web.
Use a native app like a mobile client or Blorp if you’re on Mac?
I’m on lemmy.ml, it uses JS but it doesn’t appear to load any from other domains. It serves images through a local proxy.
Look for a desktop app.
I don’t think any exist
There is Interstellar!
Blorp has a desktop app.
Is it electron? I can’t seem to find it outside of Mac, iOS and a test for Android
Unfortunately no. Lemmy is a web application. JavaScript is the only thing giving interactivity. Without it we’d load a whole new html page each time. Try middle clicking on image links to view them, should open a new tab. “It works on my machine” of course, but good luck though.
I use the https://vger.app/ app / front end on mobile AND desktop and as far as I can tell it tunnels the images through their servers, so this is as minimal as you can get in regards to extra requests.
Some instances host this themselves too.
I respect your choices, but I am afraid modern web is mostly JavaScript. Can you actually browse anything with noscript today?
Absolutely. The vast majority of my sites do just fine when whitelisting only the primary domain. I consider it an essential add-on myself.
Lemmy is one of the few that needs a little babysitting, and it’s only for the purpose OP stated.
Good to know… Is it a pleasant experience?
Yes, you can.
Yes, I did
So, I agree with everything the other responders are saying. Whitelist the primary domain (and maybe a cdn domain that is hopefully nicely labeled) and a decent site should play decently. But it is also that I (generally) know when to pick my battles–or I at least keep my pointless battles to a small scope and fairly sporatic.
I’m asking for a solution to this from the lemmy community, not reddit or a big corposite. They would want a single domain or a few domains for opposite reasons than making the user happy: they would want to control the user experience and ensh**tify via dark patterns. I do not think we should need to blanket allow scripts from dozens of sites just to see images, that’s the scope of this mini-battle I do not plan to fight beyond this post. I mention ensh**tification because I just happened to see this https://thetyee.ca/Culture/2025/05/26/Internet-Sucks-Cory-Doctorow/ on this https://old.lemmy.world/?sort=Hot&listingType=All&page=3 (thanks, above suggester for reminding me of old.lemmy).
So open technology like the web is replete with disenshi**ifying add-ons. Ad blockers are running in more than half of all web browsers in the world. It’s the most successful consumer boycott in human history, but there are zero ad blockers running in apps, because you have to reverse engineer the app first, and that’s illegal under use of Bill C-11 and under the U.S. Digital Millennium Copyright Act, and Article 6, the copyright directive.
[Note, I censored those letters. I’ve been told you can swear on the internet, though.] One of my “old man yells at cloud” moments of late is when I have to deal with a very small company forcing an app down my throat when a website will do and the using of that company/service (and thus app) is being forced upon me by outside forces. If it’s a small enough company, I will go through too many emails back and forth with their “CTO” telling them why it’s a problem and why they should just have an app (a site that, yes, almost certainly would need javascript). Because that’s the small act of protest some of us should be doing in my mind. That way the next time someone thinks, hmm, we could just do an app and only offer it, they’ll then think, naw, there’s going to be that one annoying customer, not worth it. Same with this issue, for me at least. I don’t see why we /have/ to run javascript on secondary sites just to have a thumbnail and a resulting image. And I’m posing this, again, on lemmy not reddit. So, consider this my allowing myself a brief moment to yell at a cloud.
[EDIT: Escaped my asterisks. I worried there would be automatic markdown, but I didn’t see the Preview button.]
