I think I understand you, javascript means a calculable risk, because it has shown to be the main vector of bringing malcode into a browser, and there are devious ways found by malcreants to exploit it. Especially with Web 2 browsers the script threat gained momentum over recent years. Therefore I like to use two extensions to minimize these threats, NoScript, a scriptblocker webcop, that makes you can temporally allow/disallow script, and RequestPolicy to temperally allow request only from those domains that deliver services you need at that moment in time, and when there is a malicious request or an ad-related request you do not allow that permission by default. I have the extensions for years now inside the Fx and flock browser and it has been a good line of defense for me, next to that the avast shields are a second line of defense, and these shields are getting better and better and more fine-tuned
and all we do here in the virus and worms is only helping avast towards that goal,