tool already capable of doing it is socat. ex: socat -v -x - tcp:google.com:80 add >/dev/null if you want do discard plain text output. also works over ssl: $ socat -v -x - openssl:google.com:443,verify=0

disabling javascript is the most effective method against XSS, so it's really bad choice to not be able to do it simply. not that firefox would be that security-minded in other areas regarding to javascript (XSS + form autofill without SecureLogin addon = fun & profit for hackers)

Looks like the reason behind the move is that preferences UI has become incomprehensible ... which actually doesn't have anything to do with javascript. Perhaps a move towards Eclipse-like preferences would be a wiser choice?