On Sat, 16 Oct 2010 12:47:21 +0100, Matthew Toseland wrote: > On Saturday 16 October 2010 11:30:59 David ‘Bombe’ Roden wrote: > > On Saturday 16 October 2010 10:58:30 Dennis Nezic wrote: > > > > > Oh, right, it is also very insecure. I'm not sure what "incognito > > > mode" is, and believe it or not, not everyone uses Firefox or > > > Chrome, but won't JavaScript still leak information like a drunk > > > widow? (Ie. your browser, display resolution, and other > > > potentially de-anonymizing stuff?) Sure, FProxy will try to > > > filter scripts, but having (ugly) gaping holes lying around > > > doesn't comfort me. (Although, even if (the various?) JavaScript > > > implementations were made more anonymous-friendly, and even if > > > they were made to work with less than 100% cpu, it's still just > > > plain ugly / script-unfriendly / etc.) > > > > You obviously have not understood what we are actually talking > > about. We are NOT planning to allow freesites to execute arbitrary > > JavaScript. (And I had thought that would have been clear.) > > > > We are talking about the Freenet web interface being spiced up with > > JavaScript to increase usability. Freesites will keep being denied > > any JavaScript, as usual. > > We have to filter out not only javascript but also e.g. inline images > already. This will not change.
I understand that -- it's just that I don't like the possible security hole to even exist. Just like innocent ol' CSS can leak history information, who knows what future (or present) exploits innocent ol' JavaScript might have. Web pages are not supposed to /do/ anything. _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
