All right.
*goes over the CNN homepage.*
Ads, ads, ads, ads, ads, poll loading thingy, ads, ads, weather loading thingy, some browser detection and browser functions detection (to make sure things actually work), some useless stuff that only seems to be there to make the code look nicer, a JSON parser, things to make developing easier, stuff to detect what a page is about and display a link to that subcategory, city lookup for the weather (seems to be fairly limited, I get London's weather), something to do with sports (dates and scores it would seem), something to detect Flash and user preferences...
Nothing to scary, it all contributes to making the site do just that little bit more.
If you're worried they're tracking you, disabling scripts isn't going to stop them. The best you can do is disable cookies so they have to store everything on their side.
You don't even have to visit a site for it to track you. Embedding little images with unique identifiers (0000001.jpg is on Google's homepage, for example) on various sites (those sites have to help, of course) and having your server track resource usage isn't that hard.
Most browsers can't even get filepaths from your computer, believe me I've tried (for something run locally, mind). Cross Page Scripting is not possible in pure JS, having your server fetch pages and loading those is possible, but unless you have some open ports (and they know which ones, etc, etc) those files can't come from your computer.
Basically the worst they can do is track your position and create annoying pages. (Something like the screen flashing red and blue...)
Oh and stalling a browser with a script is of course also possible. Using taskmanager to kill the browser solves that, though
