Sadly this would break a lot of websites and apps, since a lot of scripts are served from the Google (and other) CDNs these days. A whitelist of sorts could help though.

The problem with a whitelist is that tracking and malicious websites would just move their scripts to these CDNs.

It would certainly break compatibility with some websites, but so did removing flash or silverlight support, or introducing popup blockers before that. And with http2, scripts hosted on third party CDN are bound to disappear.

What do you mean by "third party" javascript? Do you mean javascript that isn't hosted on the same domain as the HTML?

Yes. You could still serve ads from third party domains but these ads wouldn't be able to run javascript. This would be a protection in term of security and privacy. With no cookies or javascript I do not see how a tracking company could track users accross websites. And unless I miss something it would be a more constructive alternative to ad blockers.

[edit] in fact an alternative to blocking third party cookies is to restrict third party cookies to the domain-visited/third-party-domain, such that third parties can still use cookies to track you on the domain visited but that cookie can't track you accross websites.

It's not nearly as easy without cookies and javascript, but it's worth mentioning that browser fingerprinting[0] can track users across websites.

[0] https://en.wikipedia.org/wiki/Device_fingerprint

This thing relies heavily on javascript, flash and silverlight. Both flash and silverlight require javascript. So unless I missed something, without scripts the only thing device fingerprinting can harvest is pretty much the user agent, which is pretty much useless for fingerprinting.