Improvement requests :  K-Meleon Forum
Use this forum to talk about a feature you're missing.  
Javascript security
Posted by: Tim
Date: December 08, 2008 06:06AM

Make a javascript security option similar to cookie security. Allowing only 1st party javascript would be a good default. E.g. when you go directly to somebenignsite.com, javascript is allowed for that site but the random banner which may be from exploits-r-us.com can't execute javascript because it is 3rd party.

I know about noscript but it sucks and it can't do this.

Options: ReplyQuote
Re: Javascript security
Posted by: disrupted(unlogged)
Date: December 09, 2008 02:55AM

i agree with you about noscript..it's very tiring with kmeleon and seems like half-crippled. your idea is very good.. may i add my voice to yours in requesting such feature.. even better an option for a whitelist to disable javascript for certain websites/domains..

Options: ReplyQuote
Re: Javascript security
Posted by: JamesD
Date: December 09, 2008 03:18AM

There might be a way to blacklist if I could find the documentation on the privacy DLL. This is not yet in the wiki.

Options: ReplyQuote
Re: Javascript security
Posted by: Sam
Date: December 22, 2008 10:46AM

Quote
Tim
Make a javascript security option similar to cookie security. Allowing only 1st party javascript would be a good default. E.g. when you go directly to somebenignsite.com, javascript is allowed for that site but the random banner which may be from exploits-r-us.com can't execute javascript because it is 3rd party.

I know about noscript but it sucks and it can't do this.

Of course it can. You put all of the benignsites.com in your whitelist, and even more importantly, every time you see a script from ads-r-us.com or exploits-r-us.com, you mark it as "untrusted". Don't just disallow it, mark as untrusted. NoScript will never again ask you about ads-r-us or whatever, unless you tell it to. It will block it by default.

If you mean a single setting that automatically allows all first-party JS, I'm not sure that's a good idea. I don't allow any 1st-party js either unless (a) I trust the site AND (b) I need that script for the function I want to perform. No reason to give blanket permission for all first-party sites. Not all sites are trustworthy in the first party.

I'm referring to the behavior of NS in FX. I'm considering trying KM, so if it changes NS to a manner different from the above, please tell me. Thank you!

Options: ReplyQuote
Re: Javascript security
Posted by: Christopher Poole
Date: January 11, 2009 11:06AM

Problem is if javascript is disabled then flashblock doesn't work and flash can cause lots of problems, too.

Options: ReplyQuote


K-Meleon forum is powered by Phorum.