"Enable JavaScript" preference checkbox has been removed in Firefox
Bruno Wolff III
bruno at wolff.to
Sat Aug 10 16:53:11 UTC 2013
On Sat, Aug 10, 2013 at 09:43:03 -0400,
Matthew Miller <mattdm at fedoraproject.org> wrote:
>
>This ship has sailed. In fact, it has sailed out of the harbor, across the
>ocean, to the remote isles, and brought back a collection of valuable trade
>goods. The web today depends on Javascript, and client-side scripting brings
>so much of what makes it actually useful that the idea of going back to
>entirely server-based scripting is a non-starter.
>
>The security answer here isn't going back to the web of the 90s. It's using
>modern container and security policy systems to contain the risk.
It is a very hard problem to get right, particularly if you want to share
some, but not all, data between remote applications. So far this approach
hasn't worked all that well. JS has way too much access. Even java, which
was designed as a sandbox from the start, has had a lot of bugs letting
hostile code reach out of the sandbox.
My feeling is the reason JS is popular is precisely because it is so easy
to violate users' privacy and commercial sites have a lot of incentive
to abuse that ability. So most likely things won't go back.
A better for the users solution, would be to have complex applications like
games run in a sandbox (such as java) and web sites just providing or
collecting information just use html and css. And it should be made obvious
when web sites are delivering an application so that people can decide whether
or not they want to risk that.
Just because a lot of people are doing something one feels is wrong, doesn't
mean you have to silently accept it. (Though you do need to decide which
battles are worth fighting.)
More information about the users
mailing list