Thank you Michał, interesting and useful documentation project. Thanks also for reporting NoScript with ClearClick as "the only product offering protection" against clickjacking (er... partial?! why?) BTW, as you probably noticed, initial inspiration for ClearClick came from a post of yours on the whatwg mailing list. However I'm quite surprised that Section 3 doesn't mention NoScript's "core business" (JavaScript and active content whitelisting), which might be seen as the simplified and user-friendly evolution of MSIE's Zones, and NoScript's Anti-XSS Injection Checker, the venerable ancestor of IE8's anti-XSS filter :)
well it might look in the shortrun as impossible but did anyone think of gradually eliminating JS support? the internet can live fine without JS these days and still look good, eliminating JS support and other browser side languages might elimitate alot of the harder to manage issues such as csrf and xss and other evil code such as "black widow", and alot of the ads and so on... people are using less and less JS, and more sites are beggining to support none JS browsers (links, no-script firefox ...)
9 comments :
Thank you Michał, interesting and useful documentation project.
Thanks also for reporting NoScript with ClearClick as "the only product offering protection" against clickjacking (er... partial?! why?)
BTW, as you probably noticed, initial inspiration for ClearClick came from a post of yours on the whatwg mailing list.
However I'm quite surprised that Section 3 doesn't mention NoScript's "core business" (JavaScript and active content whitelisting), which might be seen as the simplified and user-friendly evolution of MSIE's Zones, and NoScript's Anti-XSS Injection Checker, the venerable ancestor of IE8's anti-XSS filter :)
Where should feedback on kinks be sent?
i want to register by email to this blog :) so.. take action ;)
While it is a nice browser, it just is not that customizable or interesting to use as the versatile FireFox.
Still waiting for a Linux version of Chrome.
There's also a webcast about browser security on http://www.microsoft.com/events/series/security360.mspx.
Since we are on the topic of security, it seems that someone is causing bother :( at least google uk searches are all filtered :(
This morning, no matter what I search on, every link comes up with a warning:
Warning - visiting this web site may harm your computer!
well it might look in the shortrun as impossible but did anyone think of gradually eliminating JS support? the internet can live fine without JS these days and still look good, eliminating JS support and other browser side languages might elimitate alot of the harder to manage issues such as csrf and xss and other evil code such as "black widow", and alot of the ads and so on...
people are using less and less JS, and more sites are beggining to support none JS browsers (links, no-script firefox ...)
Post a Comment