The Proxomitron (local filtering proxy) + HOSTS file + Javascript whitelisting is all I need.
Turning off JS instantly removes a ton of annoyances, effectively removes a huge attack area for browser exploits (I've accidentally infected others by sending them links to sites that had no effect on me...), and while there are certainly sites that require it (often not even of the "application" type, but just to do something that could've been done without), the majority of the ones I come across in e.g. searching for info don't need it. If a site I find when searching refuses to show anything, then I'll just go back and continue with the next search result or use Google's text-only cache which often does have the content I'm looking for in a more readable format. The whitelist is reserved for sites that are both highly trusted and absolutely necessary to enable JS on.
Turning off JS instantly removes a ton of annoyances, effectively removes a huge attack area for browser exploits (I've accidentally infected others by sending them links to sites that had no effect on me...), and while there are certainly sites that require it (often not even of the "application" type, but just to do something that could've been done without), the majority of the ones I come across in e.g. searching for info don't need it. If a site I find when searching refuses to show anything, then I'll just go back and continue with the next search result or use Google's text-only cache which often does have the content I'm looking for in a more readable format. The whitelist is reserved for sites that are both highly trusted and absolutely necessary to enable JS on.