I started religiously running NoScript in Firefox after a colleague of mine figured out how to write a port scanner in Javascript. So if you went to his page with Javascript enabled he would able to have you run a scan of your internal network, as your user, with your permissions, regardless of firewall settings. So my answer would be that even if Javascript has gotten safer it doesn't mean that people haven't figured out clever things to do with it that you wouldn't want to happen.
On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <[EMAIL PROTECTED]> wrote: > I am moderately paranoid about allowing web sites run javascript > in my browser. (I use NoScript in Firefox.) Basically I only > enable it if I know the owner of the site or trust them because > of who they are. Examples: personal friends or banks. > > Am I being unnecessarily paranoid? Has Javascript gotten good > enough that I can let my guard down? How do you all handle this? > -- > Allen Brown abrown at peak.org http://brown.armoredpenguin.com/~abrown/ > Criticism may not be agreeable, but it is necessary. It fulfils > the same function as pain in the human body. It calls attention > to an unhealthy state of things. --- Sir Winston Churchill > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
