[egeozcan]

IMHO, even when sand-boxed, allowing a fully Turing-complete language with such a vast selection of available APIs to run on page load per default is what kills privacy.

People should be trained to allow script execution only when they trust the site, and there should be levels: Zero, Fully Isolated, Trusted.

OK now time to wait for someone to tell me this will be too much to ask from users. It wouldn't be an invalid point either, we can't even train people to have some common sense when in control of tons of steel going fast loaded with highly flammable liquids... So, there's that.

I don't know.

[HWR_14]

It's not even per page. I don't care if I trust that page, I don't want any FB scripts to run. There are so many external libraries included (loaded from a CDN they do not control) that I don't trust any developer to know with 100% certainty what their app includes.