That's a biased thing to say, since you're never going to notice the times when the history api is being used appropriately. Just as often I find myself raging when a webpage doesn't rewrite history at times when it should. Good taste is hard to come by.

This type of thinking is what doomed uBlock Origin. I strongly disagree.

The difference is that uBlock Origin is an extension you intentionally trust and install, while the JS API we talk about are something any websites (untrusted) can use.

To be fair, uBlock Origin has always been a special case. It's so good and so important and so trusted that it should have access to browser internals that normal extensions can't access.

Honestly, uBlock Origin shouldn't be an extension to begin with, it should be a literally built in feature of all browsers. Only reason it's not is we can't trust ad companies to maintain an ad blocker.

Perhaps the users should be given an option to opt out (enabled by default) for such APIs on a per-site basis. That way, users can intervene when they're abused, while their fair use will remain transparent.

This seems like a good compromise. Similar to requesting location information, and/or denying popups after a few have been spawned

How is uBlock Origin "doomed" ?

An advertising company controls the user agent everyone uses to access the internet, and wants to shove more ads into your eyeballs. uBlock exists as long as they allow it. Anyone who disagrees with this, works for them or own shares in the company.

So UBO isn't doomed, just UBO on Chrome. While that's significant given Chrome's market share, I and everyone else on the planet have the option to use something else, and will continue to do so.

Ditto for unprompted redirects.

Redirects are used for stuff like POST->GET or canonicalizing URLs (adding slashes on directories), would you get rid of that too?

That's done with HTTP headers though, right? Not JavaScript.

Ah, I see what you mean. The canonicalization is, whereas redirects after processing forms could be done in JavaScript from and on click or on submit handler.

But wouldn't you be able to replicate the same issue by using a redirect?

Ditto for rewriting anchor destinations onclick, allowing sites to show one destination for hover but send you somewhere else.

I mean, without `history.pushState()` and `window.onpopstate` things wouldn't be as nice. Ok, I guess one could do about everything with `location.hash = ...` and `window.onhashchange`, like in the before times. But the server will not get the hash part of the URL so a link to such an page can't be server side rendered and has to fetch the actual page content in JavaScript, evaluating the hash. When I browse things like image search it is really handy that you can use the browsers back button to close an opened image without loosing any dynamic state of the page and that the x button on the page will close the image and remove the history entry just the same way, so a later back won't re-open that image.

For me the back button wasn't hijacked.

But I am for disallowing the use of `history.go()` or any kind of navigation inside of `onpopstate`, `onhashchange`, `onbeforeunload` or similar or from a timer started from one of those.

Like I said: I recognize there are legitimate uses. But unfortunately, they are majorly outnumbered by people doing things like overwriting my history so that when I hit "back", it stays on the site instead of going back to my search engine. I would love to live in the world where malicious dark patterns didn't exist, and we could have nice things. But we don't, and so I would rather not have the functionality at all.

How about we just navigate to new pages by .. navigating to new pages? Browsers have perfectly functional history without javascript shenanigans

same for clipboard events.