Designing a site with no JavaScript limits its capabilities. If one wants to be protected from JavaScript, the solution is to run with it disabled in the browser.
Instead of eliminating JS completely from websites, the expectation should be that they degrade gracefully for those who have chosen to disable it. If the server gets hacked malicious JS could still be added to the site regardless of whether the site uses it legitimately or not. While it is code from a remote source, it is mostly sandboxed and without other unpatched exploits there isn't that much that JS can do to you all by itself. K. > On Dec 19, 2013, at 4:28 PM, Kevin O'Brien <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> On 12/19/2013 04:57 PM, Keith Murray wrote: >> Maybe you covered this already, but why are we eliminating >> JavaScript? > > It is a security nightmare. You are allowing a remote web site to run > code on your machine. > > Regards, > > > - -- > Kevin B. O'Brien > [email protected] > http://google.me/+kevinobrien > There's a difference between tempting fate and giving it a lap dance. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (GNU/Linux) > > iQEcBAEBAgAGBQJSs48cAAoJEM6rrjCMwv1Z/awH/ROprzdDxeHi2IuKSXmkz+IJ > k6oD5s6DJf0uVb/12H3zoAIC45zZsXporxB9HhdyVeCTivFUbzTn8vKx6Ls315Zx > lJPMK6+/w5CP6IuSvVzdlNB/tPAx6DVso/KosP7onpC8aZn5S3nfty5hmw/xjg/Q > qECHW2sp8DNRW4srREUjErCa9prTNrj4wiLBwHmr3alOLFJgWZEIMvLJw7vjfJfb > XT+5FyjCabBiPyXqPgWfcB0O/AM+JeEwaRPsZ7TGZpVDesAQiCDQg+qV5KFj292V > LJm7DJJ62ruukfOTOLk0LXhHkVz/N25EdPmfJsd1Mnhzc2Zp5Or4B2Iqgnz4LUA= > =vWMA > -----END PGP SIGNATURE----- > > _______________________________________________ > Hpr mailing list > [email protected] > http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org _______________________________________________ Hpr mailing list [email protected] http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org
