Hi Saygılarımızla,
If you are able to, add a Content Security Policy (CSP) header to the
HTTP headers. That would disallow non-approved scripts from running,
even if included in the page body.
If you set it to:
Content-Security-Policy: script-src 'self';
then it will only host scripts hosted on your own domain. If you set it
to 'none', then no JS will be loaded at all.
If you are not able to edit the HTTP header, then it is also possible to
add CSP rules in a <meta>tag.
Hope that helps.
P
On 15/07/2019 13.38, The FLOSS Information wrote:
> Since I am using a content management system, it will be difficult to
> remove some non-free JavaScript files. I agree with you about Disqus.
>
> 15.07.2019, 15:08, "Dmitry Alexandrov" <[email protected]>:
>
> The FLOSS Information <[email protected]
> <mailto:[email protected]>> wrote:
>
> I think there are non-free JavaScript files on my blog. It
> seems to be a bit difficult for me to throw them out because
> Disqus and Google Custom Search are offered on my content
> management system. What can I do?
>
> https://theflossinformation.gitlab.io/
>
>
> You can stop using Google Custom Search and Disqus, of course. As
> for Google, the freedom-friendly replacement is rather
> straightforward, as Google _does_ allow you to embed their normal
> search (which, as you know, works well with no any client-side
> programs), if you know the magic option. MWE:
>
>
> ,
>
>
> As for Disqus, I am not aware of any direct replacement. The
> approach itself, that is placing the initial post of the thread on
> your own website, while outsourcing replies to it to some
> third-party network, actually, looks dubious to me.
>
>
>
> --
> Saygılarımızla,
> The FLOSS Information
> https://theflossinformation.gitlab.io/
>
