It’s not Firefox sending input. It’s the website having implemented JavaScript code that sends the input.

If you disable JavaScript - or even only the JavaScript functionality that they make use of - you prevent it.

It would indeed be viable for the Browser to guard the javascript functionality behind consent safeguards.

The reason it is not being done is because of history. The standards, practices, and implementations were created before concerns of privacy and consent. Now, changing it to guarded behind consent means many questions regarding standard conformance, backwards-compatibility, and potential website and service breaking many people won’t understand or be able to work around.

As a practical approach of how I see it as viable:

JavaScript functions merely need to be replaced with a consent-verification function guarding it.

For object methods Browser extensions extensions could do that. Given that most JavaScript functions are defined on objects (mostly window and document as root levels, or instance object types like arrays and DOM elements) it seems like that would be viable.

Guarding events - like user input into form fields - is easy in the same way when addEventListener() is called. When on<event> attributes are being used it’s already not so easy anymore. Either way, you have to inject and guarantee your own JavaScript code runs before a website’s code.

User interaction means blocking the call. Website code won’t react well to those. It may become a two- or multi-iterative process of 1. hit 2. consent 3. reload scripts or page. Not all JavaScript code is sourced the same.

A consent-to-all may be easier to implement, but is still problematic. All the open questions and issues make it unviable to implement as a general browser functionality.

These input fields are JS and not HTML forms. I think its more difficult here.