On 06/28/2013 12:06 PM, MJ Ray wrote:
On 28/06/13 10:18, Alessandro Rubini wrote:
It is true (modulo my ignorance of javascript), we don't want to tell, because it would be seen as paranoid. The tech world is way beyond this.
"# Keep Flash, Java and JavaScript disabled in your web browser, except for sites that really need it." -- Andrew Ludgate, Sophos (proprietary anti-virus vendor)
I'm sure you can find many more experts offering similar advice.
It's mainly those with some interest in javascript, like browser makers and hipster website developers who, are "way beyond this", not the tech world.
I'd love it if we shared good practice and encourage people to install things like noscript.net.
There is a problem with that, though: Web designers nowadays want to create a user experience based on the desktop-like interactivity provided by Ajax. This requires Javascript, and this means that very many web applications are designed which require JavaScript. To the extent that it's a security problem the solution might be improved sandboxing, because I don't think the demand for that kind of interfaces is going to go away.
br Carsten