A bookmark is more like a link than a manually-entered URL, and as mentioned in the original email, the browser will have to of course keep working with javascript: links.
99.9999% of people have never manually entered a javascript: URL into a browser addressbar in their life -- unless duped by a social engineering virus. On Thu, Jul 22, 2010 at 4:41 PM, Aryeh Gregor <[email protected]<simetrical%[email protected]> > wrote: > On Thu, Jul 22, 2010 at 4:32 PM, Luke Hutchison <[email protected]> > wrote: > > There is no legitimate reason that non-developers would need to paste > > "javascript:" URLs into the addressbar, and the ability to do so > > should be disabled by default on all browsers. > > Sure there is: bookmarklets, basically. javascript: URLs can do lots > of fun and useful things. Also fun but not-so-useful things, like: > > > javascript:document.body.style.MozTransform=document.body.style.WebkitTransform=document.body.style.OTransform="rotate(180deg)";void(0); > > (Credit to johnath for that one. Repeat with 0 instead of 180deg to > undo.) You can do all sorts of interesting things to the page by > pasting javascript: URLs into the URL bar. Of course, there are > obviously security problems here too, but "no legitimate reason" is > much too strong. >
