But you can't build a pop-up if you don't have access to create new windows, yet you can still be turing complete. For example, WASM is Turing complete, but it can't create popup windows because it has no access to the DOM.
I think JavaScript should have to request access to use browser APIs, and you should be able to disable access to any of all of them. For example, I should be about to disable:
Yes! All the replies here are missing the point completely. It’s not that JavaScript is somehow uniquely bad among programming languages. It’s that the entire idea of putting a general purpose programming language into the system was a bad idea.
99% of my web browsing shouldn’t need it. Every site I visit uses it, but almost all of them could be built just fine without it.
It is a fully capable platform. How it's used isn't a fault of the platform though. It seems user-agents and adblockers are applying the proper protections, just like how antivirus works on your desktop.
In practice it will be slower and bigger. Everybody will be just compiling entire C++ frameworks to wasm. A web app needs to do something with images? Here is the entire ffmpeg compiled to wasm. Need a single widget from Qt? Here is the entire Qt compiled to wasm. I'm pretty sure nobody is going to carefully refactor existing C++ libs to select only the subset of features needed for web.
I think JavaScript should have to request access to use browser APIs, and you should be able to disable access to any of all of them. For example, I should be about to disable:
- network access (disables adding script tags, XMLHttpRequest, fetch) - 2d canvas access - 3d canvas access - WASM
And so on, just like mobile apps, but perhaps more granular. The app should also be able to put a note as to why it needs each specific feature.