1. Nobody should need client-side code just to read some text. 2. #, and mature libraries like # should be operating system packages, not bundled with apps or downloaded on the fly. 3. <script license="https://www.gnu.org/licenses/gpl-3.0.en.html"> 4. Browsers should allow (or default to) swapping out non-free JS libraries with free equivalents. 5. _Then_ you can whitelist depending on how far you want to compromise.