On Thu, Jul 22, 2010 at 4:32 PM, Luke Hutchison <[email protected]> wrote: > There is no legitimate reason that non-developers would need to paste > "javascript:" URLs into the addressbar, and the ability to do so > should be disabled by default on all browsers.
Sure there is: bookmarklets, basically. javascript: URLs can do lots of fun and useful things. Also fun but not-so-useful things, like: javascript:document.body.style.MozTransform=document.body.style.WebkitTransform=document.body.style.OTransform="rotate(180deg)";void(0); (Credit to johnath for that one. Repeat with 0 instead of 180deg to undo.) You can do all sorts of interesting things to the page by pasting javascript: URLs into the URL bar. Of course, there are obviously security problems here too, but "no legitimate reason" is much too strong.
