RedditFavorites
Products Services VPNs Android apps Subreddits

What is Reddit's opinion of GNU LibreJS?
From 3.5 billion Reddit comments

➔ GNU LibreJS website

By popularity on Reddit, this Service is:

22 reviews of this app found across Reddit:

loozerr · /r/linux
15 points
·
16th May 2019

You mean the LibreJS addon?

https://www.gnu.org/software/librejs/

It can block scripts, but the interface is pretty strange and being a modern FSF program it cares more about licenses than security.

Platoxia · /r/linux
7 points
·
21st Jul 2016

Next step, eliminate browser support for all non-free JavaScript. Until then, IceCat under Linux is the only truly secure GUI based option.

Edit: Actually, while not a permanent solution, you can add the LibreJS plugin to any Mozilla browser that supports plugins (i.e. Firefox). In Firefox, just search for LibreJS under Add-ons.

northrupthebandgeek · /r/linux_gaming
4 points
·
26th Oct 2016

It often is. LibreJS' method of detecting FOSS Javascript code involves either 1) checking a predefined list of Javascript libraries or 2) checking for some license-related metadata in the page (either as HTML or as Javascript). If neither of these are true for Mediawiki (Wikipedia's wiki server implementation), then it very likely won't be detected as "free" by LibreJS.

ddanchev · /r/StallmanWasRight
3 points
·
23rd Jan 2021

Do you let strangers enter your house and do whatever they want in your living room? If, no why would you support websites running whatever code they wish on your computer? At minimum everybody should use NoScript or Librejs and whenever possible completely disable javascript.

xkero · /r/linux
3 points
·
17th Sep 2016

> While true, that one kinda always bothers me The premise is, you should be able to choose what instructions do and do not get executed on your machine, but in absence of freedomly licensed code, shouldn't a sandbox provide that feature?

I feel the same way, otherwise you'd need to use something like LibreJS or turn JavaScript off completely.

> I might need to do more reading or emailing about to get an answer to that though

If you haven't already read https://www.gnu.org/philosophy/javascript-trap.html then that is probably a good place to start.

sasmithjr · /r/linux
3 points
·
7th Sep 2016

There's specifically the Affero GPL for server side if you require FOSS. The problem I always come back to, though, is how do you verify what's actually deployed vs. what they're providing with the license.

With regards to the JS blobs, see LibreJS. I don't think generated HTML is considered an issue since it's just markup and not a programming language.

If FOSS doesn't have moral implications for you, it probably matters a lot less, and there's nothing wrong with that. I don't personally mind nor care, but there are people that do.

csolisr · /r/blog
3 points
·
26th Feb 2015

I'm sure that there are very good free-as-in-freedom frameworks to make a responsive site (trust me, I use them at work all the time), the only detail that deters the FSF from using it is the fact that many free software advocates disable JavaScript in their browsers. Why? Because said scripts are more often than not non-free software, or else are not correctly labeled - their project to detect properly labeled free-as-in-freedom JavaScript is used by very few sites, most of them from the FSF itself.

batllista101 · /r/privacytoolsIO
2 points
·
6th Aug 2020

I don't trust sites when they use third party javascript code from corps such as Facebook, google, etc.

If the site is loading javascript from the same domain I generally run it.

For real trust javascript should be not obfuscated and published as Free Software. A nice thing to do is to make your code LibreJS friendly.

cathalgarvey · /r/crypto
2 points
·
27th Oct 2015

LibreJS might be a good place to start, as it's already a framework for attempting to analyse JS for integrity. Adding hash-checking to this and maintaining a trustworthy third-party whitelist would go a long way to preventing malicious JS injection.

m6t3 · /r/linux
2 points
·
21st Jun 2015

I think you could find this useful https://www.gnu.org/software/librejs/ although I've never used myself. I like that in umatrix you allow scripts only for a specific domain (noscript rules are global instead) so I have to allow google domains only if a site doesn't work at all without them and if I often use that site the extension remember my preference without interfering with other domains, also you could block cookies or spoof the referrer string from the http request (noscript however has more features so you should use both with noscript in blacklist mode). I really like your idea of caching the scripts or using a safe mirror for them, if the hosted code is opensource this should be feasible

jacobR570 · /r/privacy
1 point
·
27th Nov 2021

LibreJS, It's better than something like noscript because it allows trivial javascript code, making some sites work better than blocking all javascript, while still respecting your privacy.

PrinceMachiavelli · /r/ProtonMail
1 point
·
1st Feb 2021

https://www.gnu.org/software/librejs/manual/librejs.html#How-to-Use

OK, I guess it's not a implementation but it's kind of doing the same thing. It is blocking loading JS from external scripts or via AJAX, etc. which is going to basically break everything. The name makes it sound like a Javascript engine since LibreSSL is an SSL implementation.

jedzoka · /r/ProtonMail
1 point
·
24th Nov 2020

I didn't know that, I loved gmail's pure html experience, will have to suffer, but being LibreJS compliant means doesn't mean not using JS at all, but using JS scripts that are released under free software license. https://www.gnu.org/software/librejs/free-your-javascript.html

Reashu · /r/vuejs
1 point
·
31st Oct 2020

Seriously. There's a bunch of reading available, but all they do is describe a "solution". Luckily, for everyone except Stallman, there is no problem.

Architector4 · /r/iiiiiiitttttttttttt
1 point
·
12th Apr 2020

Mozilla's JavaScript engine "SpiderMonkey" is under MPL2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey

MPL2 is a GPL compatible free software license according to GNU: https://www.gnu.org/licenses/license-list.en.html#MPL-2.0

Some Javascript isn't free, but some is considered too trivial to even be labeled as free/nonfree, and some is actually free: https://www.gnu.org/software/librejs/free-your-javascript.html

Architector4 · /r/linux_gaming
1 point
·
5th Mar 2020

That's like saying that all machine code is open source because you can decompile it back to C++. Obfuscated Javascript, written with no comments, indentation, newlines or readable variable names is not open source, even with "Prettify" feature of modern web browsers. There's a reason browser addons like LibreJS exist.

excycle · /r/linux
1 point
·
25th Jan 2020

It's not quite what you're asking for, but you might want to look at GNU LibreJS, an extension that whitelists scripts based on if the javascript is FOSS-licensed or not. Reddit is unfortunately not FOSS anymore so it does indeed get its javascript disabled by default. Though the old frontend at old.reddit.com mostly works fine without javascript.

iaxfadwarn69 · /r/linux
1 point
·
27th Sep 2019

i know its a long shot with the way the current web is but is it possible to use a survey site which either does not use javascript or uses only free javascript? the former option being my ideal, the latter probably being more practical. im not sure if there are even any out there but if there are i would assume more than just me would be appreciative of it being used.

im not sure why this website needs javascript at all, at least for the input and results pages - everything that i can see that it does can be done just fine with pure serverside code and html/css - but either way it imports a bunch of javascript which is nonlicensed or obfuscated and thus gets blocked by the gnu librejs extension

this isnt a huge deal and im not a freesoftware purist or anything (i game, am using reddit which uses nonfree js, and i enabled js to do your survey) but the web is always better with less javascript and im sure there are people here which are more strict about this stuff than i am and would appreciate a site which uses free js, or even better no js at all. just a polite request/something to think about

tl;dr: war on javascript

mtaon · /r/javascript
1 point
·
7th Feb 2019

To understand the issue, it's important to understand the free software ideology and how it's related to more widely known open source. The main idea is that the user will only run JavaScript that's licensed under a free software license. This includes many widely used open source libraries. To accomplish this, the source code should include a machine readable license.

So the issue is not about accessing source code but allowing the user to decide what code to run on their computer.

crushdudes · /r/DarkNetMarkets
1 point
·
16th Feb 2017

All of the scripts are relative links, served from, the same site. You can also use LibreJS: https://www.gnu.org/software/librejs/

Enigmail is a plugin for thunderbird/firefox. You should always do your own encryption.

martianmaid · /r/privacy
1 point
·
10th Feb 2016

I really like Privacy Badger! FREE as in freedom AND gratis. In addition to this extention ~~FOSS~~ FSF also made LibreJS what does about the same as NoScript but it allows the free and common js. This enables you to still being able to enjoy the web.

FOSS for the Win!
https://www.gnu.org/software/librejs/

fantastic_comment · /r/privacy
1 point
·
25th Nov 2015

Read the The JavaScript Trap and follow the project librejs

Also check the GNU Affero General Public License