Comment #17 on issue 1748 by [email protected]: feature request: noscript-like javascript filtering desired http://code.google.com/p/chromium/issues/detail?id=1748
We are all understand (at least I hope so), that selective scripting disable is not absolute cure for web security weaknesses. Webmasters, even from honest sites, could easily force users to enable scripting support (something like "no scripts - no content"). And that days are not in so distant future. Also, Chrome's concept of multiprocess browser makes things much safer, than before... It seems by plain logic we don't need something like NoScript or so. Current CSS-based blocking scheme, which are used by existing extension, magically is not blocking <script> tag. No need to say that after such "exclusion" the rest could not be really blocked, it'll be just an illusion. Also... we could remember that story with clickjacking, when NoScript closed the breach. Not because Firefox developers was too lazy to do it themself. We need that second guard because web today already is not such safe place as it was ten tears ago. There is no too much caution in this case, as there is no too much paranoia in security. It's about control. And there is an only control point possible - user controls browser or developer. By the way, how this situation is planned to be controlled, when, since Chromium is open, modding and forking are possible? -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
