On Fri, Dec 20, 2002 at 03:26:13PM +0000, Cruise wrote: > Because of course your average user will tell the difference between > javascript on a Freesite (bad) that appears when they click a link, > from javascript on a download page (good) that appears when they > click a link.
Generally speaking, if someone has found a hole in the FProxy filter, and they plan to compromize someone's security through Javascript, they aren't going to advertise that fact by making a window pop up! What exactly is the user supposed to think on seeing a window appear that is so completely terrible? The worst they can think - "hey, a window can only appear with Javascript and javascript in a freesite is bad, I had better email support at freenetproject.org" is: a) Unlikely b) Harmless > It's not that javascript is bad. It's not that your method is bad. > Far from it. It's just that a lot of people will have trouble telling > the difference between stuff that is and stuff that isn't. Rather > than risk them accepting everything, surely it would be better to > accept nothing, and loose a tiny bit of visual nicety? That doesn't make sense. If someone is maliciously using Javascript in a freesite the user is unlikely to see any physical manifestation of it anyway, so what exactly is being lost here? Ian. -- Ian Clarke ian@[freenetproject.org|locut.us|cematics.com] Latest Project http://cematics.com/kanzi Personal Homepage http://locut.us/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021220/3a808b92/attachment.pgp>
