Client Side Javascript, etc., to Server Side Scripting, via pfSense, in a Jail?
-
I don't think ANYTHING clogs up, wastes more time, or frustrates my computing experience, MORE than Client-Side Scripting, Javascript being "Public Enemy #1".
While I may not have a super-computer, I am NOT on an old Intel 80286. What I'm using, has a quad-core CPU, with about 3 Gigs of R.A.M.
While much of the code may not be intentionally malicious, it DOES grind some things to a screeching halt. Firefox is most vulnerable. It crashed multiple times, while drafting this post. Fortunately I have an offline BBcode utility. I have a "human script" I have to run, EVERY TIME, including making sure the Firefox, Ghostery add-on is enabled. I think what Ghostery does, pfSense could do. But that's a topic for another fourm thread.
Even if client CPU/system load is no issue, you can NOT discount the prospect of malicious code.
Anyway, I've been using the Firefox plugin, NoScript, for a while. It does help. Firefox is quicker, and it, as well as the desktop, hang less when it blacklists most everything.
Yes, I'm a "DO NOT USE JAVASCRIPT!!!"/"NO JAVASCRIPT!!!" Person!While blocking Javascript does allow my system to actually run, it cripples many a web page. One nice thing that NoScript does, is to augment, or replace some blocked scripts with a replacement "Surrogate Script", or "Script Surrogate". But, these are probably only forged for the most popular sites.
Javascript may be good for the security and load of the web server, but for the client, NOT SO MUCH! Practically everyone online has heard of a "pop-up", but have you heard of a "pop-under"?
So, what I'm talking about, is a way to convert Client Side Scripting, like Javascript, etcetera, into, or make to work like Server Side Scripting, sort of like "MicroShaft's", Active Server Pages (*.asp | *.aspx), and others.
Perhaps there's a way to manage a SSI (Server Side Includes) redirect, where, for example, a client requesting an .html page, would be redirected to an .shtml, .stm, .shtm, etc., generated, "on the fly", by the pfSense box.
This, of course, would by default, be hosted on the pfSense box. Yes, I know it would increase the load and CPU burden. But for a decent re-purposed PC, on a personal/SOHO (Small Office/Home Office) net, it would seem that it should not be too troublesome.
Of course, it should be run in a jail, so the scripts have no way of ever toying with pfSense.
I am NOT suggesting pfSense be turned into something ridiculous, like a "Boom-Box"; and nothing like a file server.
No, what I suggest is certainly in line with the vision of pfSense being an ultimate UTM (Unified Threat Management) Appliance.
Thanks for reading!
A List of Scripts/Languages, Typically "Client Side":
-
ActionScript / Flash
-
VBScript (NOTE: VBScript can also be used as Server-side so that processing is done on the server.)
A List of Scripts/Languages, Typically "Server side":
-
ActiveVFP (*.avfp)
-
ASP (*.asp)
-
ASP.NET (*.aspx)
-
ColdFusion Markup Language (*.cfm)
-
Go (*.go)
-
Groovy Server Pages (*.gsp)
-
Java (*.jsp) via JavaServer Pages
-
Server-Side JavaScript (*.ssjs, *.js) (example: Node.js)
-
Lua (*.lp *.op *.lua)
-
Perl CGI (*.cgi, *.ipl, *.pl)
-
PHP (*.php)
-
Ruby (*.rb, *.rbw) (example: Ruby on Rails)
-
SMX (*.smx)
-
Lasso (*.lasso)
-
Tcl (*.tcl)
-
WebDNA (.dna,.tpl)
-
Progress WebSpeed (.r,.w)
-