You may be running nonfree programs on your computer every day without realizing it—through your web browser.
In the free software community, the idea that nonfree programs mistreat their users is familiar. Some of us refuse entirely to install proprietary software, and many others consider nonfreedom a strike against the program. Many users are aware that this issue applies to the plug-ins that browsers offer to install, since they can be free or nonfree.
Java applets also run in the browser, and raise similar issues. In general, any sort of applet system poses this sort of problem. Having a free execution environment for an applet only brings us far enough to encounter the problem.
Silently loading and running nonfree programs is one among several issues raised by "web applications". The term "web application" was designed to disregard the fundamental distinction between software delivered to users and software running on the server. It can refer to a specialized client program running in a browser; it can refer to specialized server software; it can refer to a specialized client program that works hand in hand with specialized server software. The client and server sides raise different ethical issues, even if they are so closely integrated that they arguably form parts of a single program. This article addresses only the issue of the client-side software. We are addressing the server issue separately.
What do we mean by "nontrivial"? It is a matter of degree, so this is a matter of designing a simple criterion that gives good results, rather than finding the one correct answer.
- it makes an AJAX request or is loaded along with scripts that make an AJAX request,
- it loads external scripts dynamically or is loaded along with scripts that do,
- it defines functions or methods and either loads an external script (from html) or is loaded as one,
without interpreting the program, or is loaded along with scripts
that use such constructs. These constructs are:
- using the eval function,
- calling methods with the square bracket notation,
- using any other construct than a string literal with certain methods (Obj.write, Obj.createElement, ...).
For references to corresponding source code, we recommend
followed by the URL.
Of course, all of this should be contained in a multiline comment.
I thank Jaffar Rumith for bringing this issue to my attention.