Security and Javascript

Carsten Agger agger at
Fri Jun 28 10:36:57 UTC 2013

On 06/28/2013 12:06 PM, MJ Ray wrote:
> On 28/06/13 10:18, Alessandro Rubini wrote:
>> It is true (modulo my ignorance of javascript), we don't want to tell,
>> because it would be seen as paranoid.  The tech world is way beyond
>> this.
> "# Keep Flash, Java and JavaScript disabled in your web browser, except
> for sites that really need it." -- Andrew Ludgate, Sophos (proprietary
> anti-virus vendor)
> I'm sure you can find many more experts offering similar advice.
> It's mainly those with some interest in javascript, like browser makers
> and hipster website developers who, are "way beyond this", not the tech
> world.
> I'd love it if we shared good practice and encourage people to install
> things like
There is a problem with that, though: Web designers nowadays want to 
create a user experience based on the desktop-like interactivity 
provided by Ajax. This requires Javascript, and this means that very 
many web applications are designed which require JavaScript. To the 
extent that it's a security problem the solution might be improved 
sandboxing, because I don't think the demand for that kind of interfaces 
is going to go away.


More information about the Discussion mailing list