Because JS might be used to leverage technology that can give clues on your browser and connection, it's in general one less open hole to think about when trying to stay as anonymous as possible
Not only that, but JavaScript can get you owned, and any code loaded over a non-https connection could be rewritten in transfer. Remember: all Tor exit IPs are publicly known. Tor users are easy to target.
If you use .onion services for anything... interesting, you should also be aware that the first step an advanced attacker might do with a compromised site is to try and completely own all browsers visiting.
Interesting point. Thanks. I have a related question. I'm assuming Tor browsers don't include any javascript engine then? And also likely include some self-contained resolver library? Are there other things that differences between a standard browser and a Tor browser worth mentioning?
The Tor Browser enables JavaScript by default -- it would be impossible to use for most web browsing otherwise. In fact there is an argument to be made that you should not disable JavaScript because it makes your fingerprint more unique to the sites you visit (you're a Tor user with JavaScript disabled). It depends on whether you value your anonymity more than the risk of potentially being attacked by bad JavaScript.
Tor Browser is based on Firefox, and has a bunch of anti-fingerprinting measures built in to it which have been slowly upstreamed to Firefox (as well as ensuring the Firefox doesn't send anything without going through Tor -- something which historically has been hard to do as a Firefox user).
Could you say why this is recommended?