On Fri, 3 Oct 2014 13:26:11 -0400 (EDT) david...@ling.ohio-state.edu wrote:
> > > > Keeping Javascript disabled is like disabling programmability from > > shell. What is the idea? > > You're making a joke, maybe? > > *I* choose what programs my shell executes. But when I visit a > webpage on the internet with javascript enabled, someone *else* > chooses what programs are executed. > > So I don't enable javascript unless there's a good reason. And, for > my purposes, there almost never is a good reason. True and you wouldn't allow visitors to inject shell into your webserver and navigation of a site should not require javascript as per w3c guidelines. However considering OpenBSD users are security savvy and should understand the potential risks of random sites running javascript and it may be that the cheapest or current pay system available required javascript then it is probably more useful to ask paypal why on earth they reduced the potential security of their users for a slightly nicer look or investigate and suggest an alternative. OTOH I am told but correct me if I am wrong that in Germany they use bank transfers rather than credit cards and the banks I use no longer require javascript so perhaps that would be a better and more secure system all round, assuming they have a good method to verify the account numbers.
