Blocking "nontrivial JavaScript"?! You have got to be kidding me. Let's block Linux kernel for "nontrivial C" while we at it. It sure as hell looks far more nontrivial than an average js script.
I see what they did now. They're not blocking any nontrivial JavaScript altogether. They're blocking nontrivial JavaScript insofar as it's unlicensed, or not licensed with a free license.
So your trivial, unlicensed javascript can be allowed to run, but once you cross the heuristic threshold of non-triviality they've applied, you need to have a license so the user is sure they're not using some complex, non-free thing.
At first I thought it was blocking all "non-trivial" JavaScript, like you. That would be boneheaded of them.
If you were working at the EFF (on the Linux kernel), or on a Free Software project, I'm sure you wouldn't want to find out that you depend on some non-free binary-only modules that you've been running without knowing about it this whole time. The Linux kernel has a whole framework of "taint" for doing the exact same thing as this LibreJS. You are meant to know when you are running non-free kernel modules, if you are paying attention to the signals the kernel is sending.
Ok, let's assume for a moment that we want to stick to the idea that programs ought to be readable/comprehensible by the user, thus "trivial" in a sense. But who decides on "nontriviality"? How did they come up with those heuristics? I can hardly find any nontrivial js code with my years of experience in it (except some jsfuck perhaps), yet at the same time I see every other day someone coming from .NET/Java land crying about all the wtf's of js. So how do we decide what is trivial and what's not?
Our tentative policy is to consider a JavaScript program nontrivial if:
* it makes an AJAX request or is loaded along with scripts that make an AJAX request,
* it loads external scripts dynamically or is loaded along with scripts that do,
* it defines functions or methods and either loads an external script (from html) or is loaded as one,
* it uses dynamic JavaScript constructs that are difficult to analyze without interpreting the program, or is loaded along with scripts that use such constructs. These constructs are:
- using the eval function,
- calling methods with the square bracket notation,
- using any other construct than a string literal with certain methods (Obj.write, Obj.createElement, ...).
How do we tell whether the JavaScript code is free? At the end of this article we propose a convention by which a nontrivial JavaScript program in a web page can state the URL where its source code is located, and can state its license too, using stylized comments.
