> Programs are downloaded to my computer and executed without me being able to review them first—or rely on audits by people I trust.
JavaScript and WebAssembly programs are always executed in a sandboxed VM, without read access to the host OS files (unless, of course, you grant it).
Enabling scripting was a necessary step for interactive websites. Without it, a full page load would be required every time you upvote a Hacker News comment. In my opinion, the real problem is that browsers allow too many connections to third-party domains, which are mostly ads and trackers. Those should require user-approved permissions instead of being the default.
The Triptych Proposals [1] cover a lot of common use cases for submitting information to a server and updating part of a page. Something like that should have been possible to implement early in web history (I perceive some similarity to frames).
Modern CSS (and some newer HTML features) also reduces the need for scripting.
I very much doubt that "Enabling scripting was a necessary step for interactive websites." (emphasis added). It may well have been the most convenient and fastest way to get the functionality to the most users. With Javascript each website could provide functionality without waiting for such to be implemented by all browsers.
However distribution of power also leads to more complex trust relationships (even if one is confident that sandboxing is effective). Independent implementation also leads to more complexity overall.
In the world we have now, limiting XMLHttpRequest and Fetch to the same host as the current page would be great. But if that had always been the limitation, I fear that the adware peddlers would have just gotten proficient at shipping PHP packages/extensions that you could run on the same server as your site, and we'd be in largely the same situation, except that blocking the stuff would be harder than it is for us today.
JavaScript and WebAssembly programs are always executed in a sandboxed VM, without read access to the host OS files (unless, of course, you grant it).
Enabling scripting was a necessary step for interactive websites. Without it, a full page load would be required every time you upvote a Hacker News comment. In my opinion, the real problem is that browsers allow too many connections to third-party domains, which are mostly ads and trackers. Those should require user-approved permissions instead of being the default.