Unfortunately there are still probably sites/pages out there that "need" JavaScript enabled to work. JavaScript really should go the way of the dodo. Like Java browser plugin has done and soon, hopefully, flash plugin will follow. Correct me if Im wrong but simple animations, dropdown menus, and fade-in-out effects have been possible long time with CSS. Simple form handling does not really need JavaScript, php will work just fine. So what is left that really needs client side scripting?
In "Privacy and Security Settings", set "Security Level" to "High". This is yet another reason to avoid running Tor browser together with other browsers in the same system.
It's yet another reason for avoiding the presumption that you can achieve very high levels of anonymity in an interactive user-interface application. I don't think it can be done. If I wanted that, I'd be doing programmatic web gets from the site, with no javascript, no browser rendering, and randomised response times. Of course, this would lose important functionality, and make the experience fairly poor, but would avoid a whole host of extremely hard-to-avoid attacks. Better yet, would be transacting on a messaging basis with medium latency, but I think this would only work for certain messaging applications, or structured marketplace applications.