I'm pretty sure you're joking, but the client's browser makes the request for a resource. If you're letting your browser request code you don't want to execute, that's on you.
Actually I wasn't joking. But you're right of course. It's on me, just as it's on me whether or not I will execute a proprietary executable on my computer. And if I don't want to, the solution is to just not do it.
It is still my opinion though, that if you let your browser request the resource, you should have complete control of what code should be permitted to be executed or not. Or if you want to, you should be able to mess with it freely. Because it is your computer, and you should be in control what it executes or not executes.
But the law is not with me on that in many places in the world I believe. And therefore I am happy we have free software :-)
> If you're letting your browser request code you don't want to execute, that's on you.
Indeed. We can run blockers to get rid of user hostile javascripts but we can't get rid of the web site's own code since that's likely to break everything. That's why we'll eventually have to replace them with free software.
This is one of the things that the FSF is proposing, with a method of tagging executable code under a free license. In general, you can only check that tag after retrieving the code.
