Random javascript can definitely be annoying, but as a web app programmer, I can tell you that it isn't much of a threat these days since it runs in a fairly restrictive sandbox that, for example, doesn't allow access to the file system without making a special request to the user for additional permissions. From a development perspective, it's kind of a pain, but from a security perspective it is absolutely nessisary.
The only real javascript threat that I am aware of is cross site scripting where some malicious javascript tries to post to a different site then the one you are using. Modern browsers tend to handle this by only allowing javascript to communicate with the server it came from. There are ways to request permissions to get around that, but again, it will prompt the user directly for them. All of what I said ONLY applies to javascript on web sites. Running a javascript program locally or even as part of a Firefox plugin will inherit the permissions of the user most of the time. So only install trusted plugins and run trusted scripts locally. Online you are basically fine as long as you use an up to date browser like Firefox. Jimmy On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <[EMAIL PROTECTED]> wrote: > I am moderately paranoid about allowing web sites run javascript > in my browser. (I use NoScript in Firefox.) Basically I only > enable it if I know the owner of the site or trust them because > of who they are. Examples: personal friends or banks. > > Am I being unnecessarily paranoid? Has Javascript gotten good > enough that I can let my guard down? How do you all handle this? > -- > Allen Brown abrown at peak.org > http://brown.armoredpenguin.com/~abrown/<http://brown.armoredpenguin.com/%7Eabrown/> > Criticism may not be agreeable, but it is necessary. It fulfils > the same function as pain in the human body. It calls attention > to an unhealthy state of things. --- Sir Winston Churchill > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug >
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
