Yes, I think the risks you mention are generally known or at least very unsurprising.
Unsurprising to developers. But the world is large, there are many sensibilities, cultures, issues... trust me: for many many people, these are actual threats.
And if an attacker is targeting a specific person, then the reasons are probably localized to that situation.
Sure. Still there are many "localized attacks" that most companies would like to avoid.
These are edge cases, not pandemic problems which are worth breaking the web until a rewrite can happen.
In many place around the world, all people who make Free Speech something useful are "edge cases".
Asking users to enable Javascript on a site by site basis will not really solve any problem. Just like EULAs or EU cookie law notices, people will just click it without thought and be annoyed they had to do so.
Many users would execute every JavaScript they can reach anyway.
But trust me, banks' systems will have strong policy about what you can or what you cannot execute.
Also, do not forget that it's not just matter of making JS opt-in.
It would not be enough. It also need to be safer.
I think it is clear that we are not going to agree.
We do not need to. History will judge, with time... ;-)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Unsurprising to developers. But the world is large, there are many sensibilities, cultures, issues... trust me: for many many people, these are actual threats.
Sure. Still there are many "localized attacks" that most companies would like to avoid.
In many place around the world, all people who make Free Speech something useful are "edge cases".
Many users would execute every JavaScript they can reach anyway.
But trust me, banks' systems will have strong policy about what you can or what you cannot execute.
Also, do not forget that it's not just matter of making JS opt-in.
It would not be enough. It also need to be safer.
We do not need to. History will judge, with time... ;-)