[pdkl95]

sigh

At least judging by www.meteor.com, they are still insisting their users accept the risks[1] of javascript and sending an empty body tag.

[1] If you think these risks don't exist, you haven't been paying attention. I don't care if you want to run exploit code from an ad or be used as ammunition by the Great Cannon; just don't insist that others must accept that risk if they want to read your page (slower loads or reduced functionality with the javascript is perfectly fine).

edit:

So you all value convenience over safety. really, it's probably because you're so used to spying on people that the idea of losing that ability is a thought you cannot abide. After all, why would the idea of losing javascript be attacked so strongly? This gets downvotes faster than anything else. What a lot of website developers don't seem to understand is that recording hover times, click paths, reading times and the like may be "metrics" or "important business data" to you, to normal people that is "creepy peeping-tom" behavior.

I know, you're thinking that this is off topic, or that it's just a tool. No, you're making a political/sociological decision by forcing people to take the risk of javascirpt - and business recording information about people is risk #1.

The non-technical people I know, after slowly learning about how the tech industry really works, have been doing a lot to reduce their internet use. A few have turned luddite. Others are trying to reduce their dependence on network services. That is the end game of people finding out the real price of using some webapp - you're driving people away from the entire concept.

Of course, I'm wasting my breath - clearly the features of some tool are more important than the reality of the future you're creating.

Either that, or djb is right. ( http://cr.yp.to/talks/2015.05.08/slides-djb-20150508-a4.pdf )

[akhatri_aus]

Most sites use javascript anyway. How is this different? If people want to use Meteor to solve their business problem (even internally) how does the negligibly low chance of a great canon infecting a site make this different.

There's also a couple of libraries that implement server-side rendering if the blank page is something that disturbs you.

Ps the loads are faster due to caching & are highly CDNable as they don't change at all. Mostly static.

For the great canon issue: it's not difficult to check against a hash on the script either right? Besides not exlusively being a Meteor problem.