Jump to content

Java Script - Security Risk?


5 replies to this topic

#1 Exilyth

    Member

  • PipPipPipPipPipPipPipPipPip
  • Bridesmaid
  • 2,100 posts
  • LocationTerra

Posted 11 May 2017 - 11:19 AM

The front page tells me to 'get a better browser' which is quite asinine since I'm runing the latest firefox. Adblock plus and noscript extensions are also up to date, so I've got no idea what that's about. Posted Image

I'm rather reluctant to allowing websites to execute Javascript, since that is the most common attack vector (just after malicious files send via email/instant messager). Recent events (like https://arstechnica....-vulnerability/) do not serve to highten my trust in web based scripting languages and you never know what stuff malcontents might try to sneakily infuse into a legitimate web service.

Just my 2C-Bill.

#2 That guy from the other day

    Member

  • Pip
  • Mercenary Rank 2
  • Mercenary Rank 2
  • 15 posts

Posted 11 May 2017 - 11:58 AM

Agreed. And at a time when many browsers are moving away from the plugins that are required to run Java.

Must have been a code problem though. I had this warning too but now its gone.

Edited by That guy from the other day, 11 May 2017 - 12:04 PM.


#3 Goblin System

    Member

  • Pip
  • Ace Of Spades
  • 14 posts

Posted 11 May 2017 - 10:52 PM

ThatGuy: Hes talking about Javascript, not Java. While Java-Browserplugins are indeed heavily
discouraged, Javascript is integral to every Browser.

Exilyth: With NoScript you can allow trusted sites to use Javascript. While its a good idea to block
Javascript as default, you should exempt sites you know and trust. You can't expect websites to run
well without Javascript.

Edited by Goblin System, 11 May 2017 - 10:53 PM.


#4 Exilyth

    Member

  • PipPipPipPipPipPipPipPipPip
  • Bridesmaid
  • 2,100 posts
  • LocationTerra

Posted 12 May 2017 - 11:21 AM

View PostGoblin System, on 11 May 2017 - 10:52 PM, said:

You can't expect websites to run well without Javascript.


Many websites do run well without javascript.
There's even the "noscript" tag defined in html to provide substitute content for browsers without JavaScript support.

Except for fancy effects and dynamic loading of content, there's not much JavaScript can give a website which can't be implemented with pure html5, css and some server side magic in the background.

*scratches head*

Ah, well, some webGL content maybe.

#5 David Sumner

    Member

  • PipPipPipPipPipPip
  • FP Veteran - Beta 1
  • 470 posts
  • LocationAuckland, New Zealand

Posted 04 July 2017 - 01:50 AM

View PostExilyth, on 12 May 2017 - 11:21 AM, said:


Many websites do run well without javascript.
There's even the "noscript" tag defined in html to provide substitute content for browsers without JavaScript support.

Except for fancy effects and dynamic loading of content, there's not much JavaScript can give a website which can't be implemented with pure html5, css and some server side magic in the background.

*scratches head*

Ah, well, some webGL content maybe.


Oh, like this editor that I'm typing in right now?
That requires JavaScript.
I think you'd be hard put to find a forum less than ten years old that doesn't have something like this.

#6 The6thMessenger

    Member

  • PipPipPipPipPipPipPipPipPipPip
  • Nova Captain
  • Nova Captain
  • 8,045 posts
  • LocationFrom a distance in an Urbie with a HAG, delivering righteous fury to heretics.

Posted 04 July 2017 - 02:02 PM

You can always have the Java-script blocked by default, but with exception to sites you trust.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users