Unlimited paging (as NodeBB has)

Hi, I'm a new Python fan. As such, I recently found Misago and was wondering if its approach could be extended by optional NodeBB/Discourse features, like "pageless" threads when Javascript is enabled. (Of course, making Javascript mandatory would be a step into the wrong direction. I was just wondering.)

Up to now, I like Misago. And it's shaping up to be much better than the other Python board system I saw. :)
Thanks to the developer, I hope I'll find the time to contribute some code one day.

@rafalp

Now this is something I'm not sure about. Does that mean Misago can't be used with Javascript disabled anymore? (Huge security risk.)

Most computer malware today spreads through holes in browser JavaScript sandboxes. NoScript is one of the most widely used Firefox extensions, I don't allow websites to use JavaScript for no technical reason either.

NoScript is the best anti-virus software in 2015.

I urge you to allow sending the Post form without JS too. :-/

Yes, I am sure I don't mix them up. Most malware today - like drive-by downloads - spreads through JS holes in browsers. Java can be easily disabled, I don't use it either.

Server-side JS would be OK, but mandatory frontend JS would cause severe issues.

I really do think you're mistaken there. NoScript is sort of just blocking the advancement of nice webpages, and really a pretty unnecessary "security" measure.

I think you're wrong.

I don't think they can, because such reports do not exist. <3

Why do we have JavaScript fanboys here? - Well, technically JavaScript is (nearly) the only technique that actually allows XSS and Clickjacking exploits. Snowden approves that.

Or you could just use software that doesn't have these exploits to begin with.

IMNSHO people who clain I'm wrong without bringing their own evidences are not to be taken any more seriously than I am.

In last case I actually made clear that avoiding JavaScripts also avoids common pitfalls in web development. But fine, here's some more evidence, all examples taken in 2015 (I might bring older evidence if required):

1. JavaScript has built-in undeletable cookies.
2. Rowhammer.js, a JavaScript-based DRAM attack.
3. Enabling JavaScript made you attackable through the SoundCloud widgets found on some legit websites.
4. Enabling JavaScript made you attackable if you were using eBay at the wrong time.

Oh, and don't forget that there were, are and will be malicious ad banners which will most likely infect your system - unless you use NoScript which safely blocks them.

TL;DR: Enabling JavaScript as a whitelist is a very, very bad idea. No one should do that.

TL;DR: Every sensible browser has JavaScript on by default, which should be good enough.

@USA

Fun fact: XSS exploits are on websites, not in your software. Only a few months ago, WordPress got a security update which basically fixed an issue that enabled any visitor to embed malicious JavaScript code directly into the comments. Have fun avoiding all WordPress sites...

... which is why there are so many botnets. It should be off by default!

Okay, I'll have a blast.

You are kidding, yes?