"Invasive" Javascript is getting to be a serious problem on the web. I've
tried just disabling JS completely, but there are too many sites that use
it for reasonable purposes, and it's not easy to enable it, reload the page,
and disable it again. (IE makes this easier -- you can have it prompt you
whenever a page wants to run JS, but it turns out to be a pain; I've sometimes
had to make a choice several times for a single page.)
I just saw the Configurable Security Policies page, and it looks like a
promising tool. I'll definitely use the "disable popup" setting. However,
I'd also like to disable other things. I've read a bit about JS being used
to "spy" on browser users, and that's an obvious hole (or set of holes) to
close.
What I'd like to achieve, if possible, is a sort of "80% solution" -- not
necessarily bulletproofing the browser, but at least giving me a comfortable
enough feeling to leave JS enabled.
So, does anyone have good suggestions for objects to be restricted, and/or
information about vulnerabilities that this mechanism won't help with?
--
Don Dwiggins "The truth will make you free,
[EMAIL PROTECTED] but first it will make you miserable"
-- Tom DeMarco
