So, I am one of those old school types who mains with Firefox and Noscript. And also a filthy casual that just goes on lemmy.world. But half the images are broken because I’m expected to allow scripts on like 30+ sites to see most of the posts. I’m literally expected to allow /all/ the scripts from a domain just so I can see a dang picture behind the thumbnail. That’s the entirety of the scripting needed. That seems ridiculous. Is there, I don’t know, a server/way that makes it so I don’t have to blanket allow all these scripts? To put it in meme form (not sure I’m doing it right, never seen the show): “It’s an image of a banana Michael, what should it take, one Raspberry Pi running Docker?”
software like noscript is not exactly beginner friendly. you’re expected to understand the impact of your blocking and what you are blocking. the only domain you need to allow JS from on lemmy.world is lemmy.world. standard lemmy-ui does not load any js or css from third party sources, only the domain where lemmy-ui is served. your noscript configuration is blocking the actual images, not javascript that would be required to load images.
edit:
to expand on this, even in tor browser in safest mode, lemmy.world works totally fine when all you do is allow JS from lemmy.world on lemmy.world:
That looks cherry picked or very lucky. Can you show me a screenshot of Firefox with NoScript and allowing only lemmy.world and ANY other image from the first five results of the home page? My result? “The American Dream” discuss.online - BROKEN “We are way overdue for an open source 2d printer” sub.wetshaving.social - BROKEN “We never stood a chance.” ani.social - BROKEN “literally useless” lemmy.blahaj.zone - BROKEN “Anime Recommendations” lemmy.dbzer0.com - Works (the one you show)
nothing about this is cherry-picking. it’s simply how lemmy works. there are no remote js sources. lemmy-ui even sets security headers that prevent loading js from third party domains.
So, why does your image show the ani.social and mine doesn’t? Remember I said Firefox. Sorry, too many years in dealing with these kinds of issues. Please show me a screenshot of the top of the browser so I can see it is Firefox and also expand out the noscript extension like you did before and show me the ani.social image expanded. I know your first image had a window header that did not look like Firefox. In fact you mentioned “tor browser” and I want to make sure we are talking apples to apples.
honestly at this point I don’t consider it worth continuing the discussion here, as it doesn’t seem that you understand enough of what you’re talking about, despite your claims of dealing with it for “years”, yet you keep implying that i’m likely the one being wrong or even lying/misrepresenting things.
the second screenshot is from the same browser as the first, both are in firefox, using the tor browser variant in safest mode, which blocks even more than the average noscript installation in firefox. tor browser is a hardened variant of firefox esr. if it works in tor browser without loading js from third parties it’ll very much do so in any other browser. the screenshot is from macos, which is probably why you’re not used to it, but that’s just what firefox on macos looks like. this is my standard firefox install:
besides, if lemmy was loading and executing javascript from other instances, this would be a massive security issue, which is yet another reason why your claim of loading js from other instances is ludicrous for someone who knows how these things work, at least when you keep insisting on it.
as i mentioned before, noscript is not an extension that is easy to use without some basic understanding of how websites work. if you’ve been having issues for years due to not understanding these things and how to deal with them properly that suggests that it’d probably be better for you to just switch to something like ublock origin with anti-tracking filter lists if you’re not planning to spend some time learning how websites work and what the different types of blocked resources do.
i don’t even see how you would be blocking images with noscript, as there doesn’t even seem to be an option for it. unless of course you’re confusing noscript with something like umatrix, which does allow blocking images by default as well, but it would also clearly show that there is media blocked and not scripts:
anyway, if you’re truly interested in understanding these things and not just rant about them please do some research on the technology being used.
I admire your patience.
I’m familiar with ESR. As I understand it, it is the version before (or more precisely a reflection of the version before) Mozilla switched to the newer version, breaking a lot of extensions that I liked in the process. As I remember it, it was a pretty deep departure (and many considered it too Chrome-y, was the same underlying engine on something like that). The newer version was more secure, but also more limited. I’ve played around with some ESR forks, but I do not use them normally/currently. That alone sounds like a pretty different environment.
Ah, now I see it. I’ve seen that in screenshots before. But yes, yet another case of different environments. And that’s not even getting into other possible extensions.
I’m sorry if you thought I was “implying that I’m … even lying”. I just want to get environmental discrepancy issues out of the way first. Let’s have best faith assumptions, like I will regarding the above sentence.
As for loading js, I took a screenshot, but I don’t want to upload screenshots if not necessary. It was from a few days ago and does show many instances attempting to run scripts. Notably, after my post, I noticed that images were loading without needing to enable any javascript from other servers (didn’t bother to check if they were still trying to, but I didn’t permanently allow them, and images were loading). I can upload my screenshot, but only if you really want them. That is if it is something you need. My best faith understanding of our communication is neither of us want this to devolve into something unpleasant, and I worry about it getting there.
I have the former, tried the latter, but ultimately have stuck to a mix of ublock origin and noscript. Theoretically, one doesn’t even need noscript, ublock origin can do it. But I am used to this mix. I can see by how many times you’ve mentioned it, that I need not remind you for how long.
If this feels like ranting, then perhaps we do not engage further. However, if /you/ feel you would benefit, I am more than happy to. I do appreciate the time you put into your responses and what you have added to the conversation.