Keep in mind also that JavaScript security risks are more in the area of "annoyances" -- e.g. opening a bunch of popup windows -- JS will not allow a web site to write to your hard drive, for example.
I generally surf with Mozilla (under Linux) and leave all JavaScript features enabled, putting up with the garbage to make sure I don't miss anything. Hopefully some browsers will eventually let you disable JavaScript on a site- specific basis, as they currently do with cookies. -- Rod http://www.sunsetsystems.com/ On Thursday 29 August 2002 12:58 am, John Summerfield wrote: > On Thu, 29 Aug 2002 15:26, Toni Mueller wrote: > > Hello, > > > > On Thu, Aug 29, 2002 at 12:54:18PM +0800, John Summerfield wrote: > > > On Wed, 28 Aug 2002 20:25, Sergio A. Kessler wrote: > > > > the perl is _not_ on your machine, it's only in the server, > > > > and you can't change it unless you are the administrator. > > > > > > I control the server and the server _produces_ the js. If you trust the > > > perl code, why do you not trust the js it produces? > > > > in general, allowing JS is a per-client setting that you don't > > control from the server. So if the client has to use different > > sites and need to trust only your server, he has to go to his > > preference settings and turn JS on and off all the time, depending > > on the next link he's going to visit (knowingly?). Net result: > > JS is only near feasible in an Intranet where you control the > > client platforms and the JS injected into the network from > > A-Z, and that's probably not the most common situation to begin > > with. > > I was querying the assertion there is a security problem. You're talking > about convenience, another matter. > > Nothing I said suggests that js should be _required_, only that it should > be _available_ for anyone who wants to use it, and that it should be a > capability not tied to any browser. I also pointed out that some with > js-capable browsers will choose to turn it off, and that browsers that now > can't handle js may do so in the future. > > I have no problem with the notion that js from some sources may be > hazardous, but I don't see how js sourced from SL could be thought to be > unsafe. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
