is it just a matter of not being able to trust Random User's JavaScript code vs. code that would go through the vetting process of proper development for Dreamwidth? Or is it really that all JavaScript code is inherently pretty insecure and easy to exploit?
The former, I think. This has been discussed somewhere already, I don't know if it was on Buzilla or in Suggestions, and my brain isn't working tonight. But the idea of pre-approving some scripts, possibly as sidebar modules, has definitely been discussed.
A part of me wants to allow off site scripts because I'll use some weird unusual ones--I don't want to make dev time to approve my Lib Dem Sidebar widgets, but I'd like to be able to put those widgets up (the alternative, of getting them to do a non script option, is one I'm also working on, but major staff layoffs lost me the dev that agreed with me).
no subject
The former, I think. This has been discussed somewhere already, I don't know if it was on Buzilla or in Suggestions, and my brain isn't working tonight. But the idea of pre-approving some scripts, possibly as sidebar modules, has definitely been discussed.
A part of me wants to allow off site scripts because I'll use some weird unusual ones--I don't want to make dev time to approve my Lib Dem Sidebar widgets, but I'd like to be able to put those widgets up (the alternative, of getting them to do a non script option, is one I'm also working on, but major staff layoffs lost me the dev that agreed with me).
So yeah, lots of ideas, nothing concrete yet.