Security and Javascript

MJ Ray mjr at
Sat Jun 29 14:47:26 UTC 2013

On 28/06/13 12:02, Werner Koch wrote:
> The problem with noscript is that you need to add temporary exceptions
> way to often.  It is a good tool, nevertheless.

I think most of that is thanks to javascript authors who just include
external libraries from many other domains without a thought for the
performance (more DNS lookups, less request pipelining possible) and
security (what if a registrant loses a domain?) implications.

> But better also run your browser under a different account and a second
> X server or with Xephyr.  Coping and pasting lacks quite some comfort
> then but that is the price to be a little bit safer.

I do that for a few very sensititive websites.  Copy-paste lacks
comfort?  Is it even possible?

MJ Ray (slef), member of, a for-more-than-profit co-op supporter, web and library systems developer.
In My Opinion Only: see
Available for hire (including development) at

More information about the Discussion mailing list