I use both, but sometimes it's a bit a pain in the ass with capchas and and embedded iframes etc. A lot of trial and error which scripts are needed. But it's great to know most of the crap, including cookie/consent banners are blocked.
The first time I log into a website I often need to do a few rounds of "allow this script; refresh; allow this script; refresh" to get captcha/cdns working. But then I save for that site and don't think about it again. It can be a bit of a pain sometimes, but I find it interesting having to acknowledge where different sites pull resources from.
The Stylus extension is great for that. Firefox's style editor lets you test CSS edits in real time. Then copy those CSS rules into Stylus and the browser will remember them. I use it to turn off all CSS animation too.
If you block all JS and CSS with umatrix, you can still read articles by pressing the "reader view" button in Firefox.
If you want something a little simpler try scriptsafe[0]. Still lets you whitelist JS you want to trust, enable temporarily or for a set time. I find it rather clearer than uMatrix.
In fairness to gorhill it's a couple of years since I last looked at uMatrix so it may be much improved.
Yes, we do a lot of inlining at the end of a view. In every case when the javascript is only usable for that view we find this very clean, every developer can immediately see what javascript is running on that particular view.
We have our own small library for the more common operations, for small things like more effecient navigating of the DOM three or more complex "components" that for example convert a select element to a nicer selectbox with built in full text search. That library is included for every view. This library weight around 50kb gzipped.
Some companies go for that 'disciplined javascript' style. It's a nice paradigm to follow, but every time you'd want to make it slightly more advanced (as the app grows) you'd have to implement tooling on your own.
I usually seed dev and test databases with fake data. Emails are usually a sequence like userN@example.com
Sending mail to that is usually not a problem, unless the content of the mail is somewhat sensitive. Again, fake data helps. When I work with Ruby I use the faker gem.
If you have to import production data then, yes, that would be annoying. Anonimizing data sometimes is not easy.
