General :
K-Meleon Web Browser Forum
Does exist the possibility, to disable java-script generally, but enable it at some domains?
Robert
http://www.radsoft.net/security/si.html
http://www.radsoft.net/security/check.html
BTW how useful is JS? According to the above it should used ONLY when needed at "safe" sites. Java shouldn't be used at all... I've never had the need to use Java in the 8 months I've been using K-M, and haven't installed the JVM.
Javascript is not a threat. Threat is flawed browser with buggy/unsecure implementation. I don't remember when was last Javascript related security hole in Gecko since it was prompty fixed but there are loads of those out in the wild for IE.
When you turn off Javascript you may not miss much on your neighbours site but more and more newer sites are using it to handle DOM for build dynamic pages. For such sites Javascript is very powerful tool to build really nice, friendly and dynamic solutions. OTOH - Javascript may be used to send some information about your browser or system back to site owner but then again - same can be done with flash also. So if you start denying things you might as well turn off cookies, flash, shockwave and some other plugins because they all may communicate with server.
There are limited things Javascript can read and none of them is IMHO serious threat to your privacy (in KM that is, in IE you can effectively read users clipboard and execute arbitrary code on client machine). Just be sure you accept only cookies that get sent back to originating server. That breaks some moronic syndicate sites that share user information across domains via cookies but you don't want to care about those anyway.
It's pretty much safe to leave Javascript on in KM, it should even be safer than in Mozilla because at least 0.6 beta doesn't even support elevated Javascript rights such as universal read and write. 0.65 does support, I think, but then you're always asked for confirmation when script tries to get elevated rights in order to read/write cross-domain, for example.
Andrew,
That is what I want. Thank you.
Robert
polo wrote:
> ...According to the above it should used
> ONLY when needed at "safe" sites. Java shouldn't
> be used at all...
This is the reason for my question.
Robert
Sven thanks. But JS is "interpretated" and thus slows down access to a site?
Not really.
Typically Javascript is used for lightweight and once-executed things like image rollovers, reading-writing cookies or setting CSS rules. You wouldn't notice it even on slowest machine (ok, on 368 you might). Javascript has been around since the end of 1995 and Netscape Navigator 2.0 was already supporting it. So we're dealing here with pretty mature scripting language which is quite powerful and often underrated (it's not exactly OOP but it's almost entirely object-based; heck - you can make string an object and even extend default string prototype with your own methods and properties). There have been several security issues with Javascript implementation in different browsers and there still are some in IE, both major (clipboard reading-writing, anyone?) and minor (event.keyCode is settable, duh!). Proabably there are less-know quirks in KM Javascript implementation too, but as of today I'm not aware of any serious security flaws in it.
So there's no reason to fear Javascript and certainly no reason to be paranoid. Besides, Javascript is practically the only way to do client-side DOM manipulations which, when done intelligently result in vastly better and faster (no whole page reloading to change menus or change stylesheet, as simple example) browsing experience for user and reduced load for server.
Some sites with JS on you get pop-up ads, but without you don't. Anyway is Java useful at all?
This gives different output, more information with JS on. Are there other sites with this sort of test?
http://www.privacy.net/
http://www.privacy.net/analyze/
> http://www.radsoft.net/security/si.html
> http://www.radsoft.net/security/check.html
>
> BTW how useful is JS? According to the above it should used ONLY when needed at "safe" sites. Java shouldn't be used at all... I've never had the need to use Java in the 8 months I've been using K-M, and haven't installed the JVM.
Javascript is not Java
Alexander
Neither is Visual Basic VBScript!
For pop-ups use filtering proxy or any of hundreds adbuster type thingies out there. My personal favourite is Proxomitron. Pop-ups have given Javascript bad name but that should not be the reason to deny Javascript unconditionally.
I use JS on my personal site, and find it extremely useful. I use a Java menu to categorize and link to all the different parts of my page. It allows me to fit all the links in one bar on the screen, you do not need to scroll through the links.
General discussion about K-Meleon
Java-script
Posted by:
Robert
Date: July 24, 2002 03:41PM
Does exist the possibility, to disable java-script generally, but enable it at some domains?
Robert
Re: Java-script
Posted by:
Andrew
Date: July 24, 2002 03:44PM
Re: Java-script
Posted by:
polo
Date: July 24, 2002 04:20PM
http://www.radsoft.net/security/si.html
http://www.radsoft.net/security/check.html
BTW how useful is JS? According to the above it should used ONLY when needed at "safe" sites. Java shouldn't be used at all... I've never had the need to use Java in the 8 months I've been using K-M, and haven't installed the JVM.
Re: Java-script
Posted by:
sven
Date: July 25, 2002 06:11AM
Javascript is not a threat. Threat is flawed browser with buggy/unsecure implementation. I don't remember when was last Javascript related security hole in Gecko since it was prompty fixed but there are loads of those out in the wild for IE.
When you turn off Javascript you may not miss much on your neighbours site but more and more newer sites are using it to handle DOM for build dynamic pages. For such sites Javascript is very powerful tool to build really nice, friendly and dynamic solutions. OTOH - Javascript may be used to send some information about your browser or system back to site owner but then again - same can be done with flash also. So if you start denying things you might as well turn off cookies, flash, shockwave and some other plugins because they all may communicate with server.
There are limited things Javascript can read and none of them is IMHO serious threat to your privacy (in KM that is, in IE you can effectively read users clipboard and execute arbitrary code on client machine). Just be sure you accept only cookies that get sent back to originating server. That breaks some moronic syndicate sites that share user information across domains via cookies but you don't want to care about those anyway.
It's pretty much safe to leave Javascript on in KM, it should even be safer than in Mozilla because at least 0.6 beta doesn't even support elevated Javascript rights such as universal read and write. 0.65 does support, I think, but then you're always asked for confirmation when script tries to get elevated rights in order to read/write cross-domain, for example.
Re: Java-script
Posted by:
Robert
Date: July 25, 2002 08:02AM
Andrew,
That is what I want. Thank you.
Robert
Re: Java-script
Posted by:
Robert
Date: July 25, 2002 08:09AM
polo wrote:
> ...According to the above it should used
> ONLY when needed at "safe" sites. Java shouldn't
> be used at all...
This is the reason for my question.
Robert
Re: Java-script
Posted by:
polo
Date: July 25, 2002 01:23PM
Sven thanks. But JS is "interpretated" and thus slows down access to a site?
Re: Java-script
Posted by:
sven
Date: July 26, 2002 09:00AM
Not really.
Typically Javascript is used for lightweight and once-executed things like image rollovers, reading-writing cookies or setting CSS rules. You wouldn't notice it even on slowest machine (ok, on 368 you might). Javascript has been around since the end of 1995 and Netscape Navigator 2.0 was already supporting it. So we're dealing here with pretty mature scripting language which is quite powerful and often underrated (it's not exactly OOP but it's almost entirely object-based; heck - you can make string an object and even extend default string prototype with your own methods and properties). There have been several security issues with Javascript implementation in different browsers and there still are some in IE, both major (clipboard reading-writing, anyone?) and minor (event.keyCode is settable, duh!). Proabably there are less-know quirks in KM Javascript implementation too, but as of today I'm not aware of any serious security flaws in it.
So there's no reason to fear Javascript and certainly no reason to be paranoid. Besides, Javascript is practically the only way to do client-side DOM manipulations which, when done intelligently result in vastly better and faster (no whole page reloading to change menus or change stylesheet, as simple example) browsing experience for user and reduced load for server.
Re: Java-script
Posted by:
polo
Date: July 26, 2002 11:08AM
Some sites with JS on you get pop-up ads, but without you don't. Anyway is Java useful at all?
Re: Java-script
Posted by:
polo
Date: July 26, 2002 03:10PM
This gives different output, more information with JS on. Are there other sites with this sort of test?
http://www.privacy.net/
http://www.privacy.net/analyze/
Re: Java-script
Posted by:
Alexander
Date: July 27, 2002 12:45PM
> http://www.radsoft.net/security/si.html
> http://www.radsoft.net/security/check.html
>
> BTW how useful is JS? According to the above it should used ONLY when needed at "safe" sites. Java shouldn't be used at all... I've never had the need to use Java in the 8 months I've been using K-M, and haven't installed the JVM.
Javascript is not Java
Alexander
Re: Java-script
Posted by:
polo
Date: July 27, 2002 01:27PM
Neither is Visual Basic VBScript!
Re: Java-script
Posted by:
sven
Date: July 28, 2002 10:57AM
For pop-ups use filtering proxy or any of hundreds adbuster type thingies out there. My personal favourite is Proxomitron. Pop-ups have given Javascript bad name but that should not be the reason to deny Javascript unconditionally.
Re: Java-script
Posted by:
Jacob
Date: August 01, 2002 03:49AM
I use JS on my personal site, and find it extremely useful. I use a Java menu to categorize and link to all the different parts of my page. It allows me to fit all the links in one bar on the screen, you do not need to scroll through the links.
English