anything loaded from a third party domain shouldn't be allowed to run scripts.
That restriction would both be trivial to circumvent by malicious advertisers and annoying for many legitimate web concepts.
facebook.com does this as a first party site, shit sites trying to squeeze eyeball time from visitors should be put on Google's malware sites list, but apparently those are the best sites nowadays... :/
Maybe it's not quite your meaning - but there are browser plugins which allow per-domain blocking of js. I use one, with the default set to deny js.
That restriction would both be trivial to circumvent by malicious advertisers and annoying for many legitimate web concepts.
facebook.com does this as a first party site, shit sites trying to squeeze eyeball time from visitors should be put on Google's malware sites list, but apparently those are the best sites nowadays... :/
Maybe it's not quite your meaning - but there are browser plugins which allow per-domain blocking of js. I use one, with the default set to deny js.