flat assembler
Message board for the users of flat assembler.

Index > Heap > do you disable javascript in your browser ?

Goto page 1, 2  Next

do you disable javascript in your browser ?
Yes, for every website
7%
 7%  [ 1 ]
Yes, but allow javascript for trusted sites
28%
 28%  [ 4 ]
No
64%
 64%  [ 9 ]
Total Votes : 14

Author
Thread Post new topic Reply to topic
wisepenguin



Joined: 30 Mar 2005
Posts: 129
wisepenguin
hello,
just wondering how many people disable javascript in their browser ?

it seems alot of exploits are related to javascript. its also a shame how alot
of web developers resort to javascript for even basic things such as showing
a full picture when clicking on a thumbnail. whatever happened to just linking
to the new page/file.

i still use ie6 on windows xp - and i disable just about everything for every
website except a few trusted ones.
i even disabled styles once so i can have readable size text for me - as lots
of sites use really small font sizes. (i'm aware recent browsers have zoom)

i'm interested to hear what everyone else does. have a good night
Post 29 Aug 2009, 20:15
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
I disable it implicitly with NoScript (addon to Firefox) and enable it to sites I want when I surf.
Post 29 Aug 2009, 20:19
View user's profile Send private message Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
I use the latest version of FireFox, and I do not disable javascript. I don't see a point in disabling it, and I don't care what anyone has to say about it.

_________________
----> * <---- My star, won HERE
Post 29 Aug 2009, 20:23
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I don't disable it neither. I know I'm opening another attack vector by keeping it enabled but the attacks I'm aware of require both a site that allows JS injection (this forum allowed it some time ago), and that the target site don't validate where you come from. In the case of stealing cookies those that are HTTPonly are protected from being robed via JS. Also the site (like this forum) may bind the session ID cookie with the client's IP address so the attack would be effective only if both the attacker and the victim are using the same public IP (proxy, NAT/PAT, etc).
Post 29 Aug 2009, 21:43
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
I disable JS for two reasons.

1. To avoid potential, current and future exploits (virus, malware, session stealing, anything).
2. To be spared those annoying adverts and other nonsense that tries to distract attention, especially those annoying pull down menus and pop up windows.

There are a number of other things I have disabled also:

I disable cookies. Only a few sites get to put cookie into my browser (fasm site is one of them).

I disable Flash. That is another annoying vector for advertising and cookie respawning/tracking. Plus it makes my surfing experience so peaceful and serene without it.

I disable animated GIFs, I rarely have need to see things jumping about.

I disable all text effects like the annoying distracting flashing "Click here" nonsense.

I disable meta tag redirections and refreshes.

I disable the referrer field in HTTP requests.

I disable all IFRAMEs (99.9999% of the time these are just unwanted ads).

I banned doubleclick and other purely advertising sites.

Plus: I use a VPN service to avoid censorship and to mask my real location. You might be surprised at how different the web looks from different locations. Some websites serve different pages to different IPs.
Post 30 Aug 2009, 00:50
View user's profile Send private message Visit poster's website Reply with quote
wisepenguin



Joined: 30 Mar 2005
Posts: 129
wisepenguin
good to hear from you all.

i pretty much do what revolution does. disabling javascript/flash/cookies makes me feel a bit safer,
and it does cut down on all the adverts too.

i disable javascript because the actual javascript code could be trying to
do bad things on its own, or it could be trying to exploit a weakness in the browser javascript engine.

although i don't use VPN as i simply only have one machine and don't have access to a VPN.

doing what revolution does - it also separates the men from the boys
when trying to buy online. very few websites still work - and the ones
that do show that the developers are well worth the money because
it works on much more installations.

too many times application and web developers bring out new versions
which do not make any consideration to the end user. they produce it
whilst running as administrator with all the dev tools and latest software
and require everybody else to do the same.

even things like not asking to put the start menu icon in "all users" instead
of administrator - its such a basic thing. sorry for the rant.

i also disable javascript and the like in PDF readers etc - just in case.
Post 30 Aug 2009, 09:53
View user's profile Send private message Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1288
Location: behind the arc
Picnic
Normally no, i don't disable Javascript in Firefox.
Post 30 Aug 2009, 10:12
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
@revolution: can you watch YouTube videos without flash? Confused

I disable flash as well (NoScript disables all plugins also) but not with sites I need, like YouTube etc... actually I only enable them per-video basis, not per-site (NoScript allows that).

So if a site has two flash videos, one with an ad, the other with a video, I only enable the video. Wink
Post 30 Aug 2009, 14:43
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Then you're both practicing a form of leeching. Wink
Post 30 Aug 2009, 14:59
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Borsuc wrote:
@revolution: can you watch YouTube videos without flash? Confused
Nope. Why should I care about youtube?
LocoDelAssembly wrote:
Then you're both practicing a form of leeching. Wink
Why? Because I don't see ads? I still buy stuff at the stores, why do I need to watch the mis-information ads also? Brand names don't interest me anyway, I have nothing to show off to anyone. So even if I do see the ad I still buy what I find practical and available in the store. Am I still leeching? Actually I am saving the ad company from wasting their bandwidth to send me ads that I never take action on Razz
Post 30 Aug 2009, 15:16
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Surely you visit sites that don't sell anything but yet them are financed by the ads. You are saving some money of the people who sell because since the ad is not shown then they don't need to pay for your visit but at the same time the site you are watching makes no money out of the ad because you are not allowing it to be watched.

I'm not thinking you're a criminal because of this of course Wink But this is a real side effect of your pleasant surfing.
Post 30 Aug 2009, 15:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
LocoDelAssembly wrote:
Surely you visit sites that don't sell anything but yet them are financed by the ads. You are saving some money of the people who sell because since the ad is not shown then they don't need to pay for your visit but at the same time the site you are watching makes no money out of the ad because you are not allowing it to be watched.

I'm not thinking you're a criminal because of this of course Wink But this is a real side effect of your pleasant surfing.
Oh, I think you mean the pay-per-view type of advertising. Okay, I had kind of thought this stuff was not used much anymore. Most of the advertisers now seem to prefer pay-per-click. And, BTW, they consider it click fraud if you click too many times and not buy anything.


Last edited by revolution on 30 Aug 2009, 16:13; edited 1 time in total
Post 30 Aug 2009, 15:55
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
revolution wrote:
Borsuc wrote:
@revolution: can you watch YouTube videos without flash? Confused
Nope. Why should I care about youtube?
Dude Confused

I mean, YouTube has like... some nice epic music compilations (normally I later acquire the music I like), funny videos, etc... even some awesome movies (home-made) or trailers, or composers post their stuff there Very Happy (I know a few)

_________________
Previously known as The_Grey_Beast
Post 30 Aug 2009, 15:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
The problem with youtube is sifting through the mountains of crap to find that one tiny gemstone. I'd rather go to the store and buy the nicely polished gemstone.
Post 30 Aug 2009, 16:02
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Not always, it's like Google: do you not use that also? It also has a huge (even more) mountain of crap Laughing

I think it depends on your search skills, but I'm mainly talking about backlinks to videos. Look at the Beautiful Songs thread, for example. Most links are to YouTube, and you don't have to search through a "mountain of crap" to get them.

There are many sites I know and know their focus on (e.g: movies, epic music, whatever else) which link to that -- I rarely search on YouTube myself. Smile

_________________
Previously known as The_Grey_Beast
Post 30 Aug 2009, 17:39
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Borsuc: Fair comment about the searching thing. When youtube starts putting assembly code on their site then I may be interested to visit Razz
Post 30 Aug 2009, 17:48
View user's profile Send private message Visit poster's website Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
As a web developer for several large ecommerce sites, I run with everything wide open, though I do run FlashBlock on Firefox.

The web has always been designed to be scriptable. And the web is moving more and more toward this. All of the sites I create use javascript for functionality and cookies to track your order process. You can't use them for ordering unless you do. And without js turned on, you miss out on a lot of functionality (and you'll be missing out on a lot more).

You guys run anti-virus don't you? Cookies are never executable programs so they can do no harm. Web sites don't store personal info about your orders in cookies (at least proper ones don't). So what's the problem? What kind of sites are you visiting that cause issues, especially ones that your av doesn't catch?

I consider these problems rare and just plain silly almost always.
Post 30 Aug 2009, 18:49
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
disable javascript means i cannot log into my bank account.

and nowadays, almost 90% (i guess) commercial website somehow require the browser with javascript enabled.

oh, if microsoft website, perhaps you need silverlight too. lol
Post 30 Aug 2009, 20:47
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
drhowarddrfine: disabling cookies is not because of malware, it is because of tracking. Didn't you know?

Also there are a number of websites that do not use either cookies or JS and still manage to have ordering/buying work flawlessly, it can be done without JS or cookies.

Thirdly your assertion that "The web has always been designed to be scriptable" means nothing. Even if that is true that doesn't mean that it is what we have to do.
Post 31 Aug 2009, 01:56
View user's profile Send private message Visit poster's website Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
People who disable stuff are like people who live their lives in a bubble. Yes, they get total safety from malicious code in webpages, but they don't get to experience most of the web, they're stuck to their few little "safe" sites, everything else requires javascript or a certain plugin. Yes, people without "bubbles" get hurt/infected sometimes, but that's just how life goes, get used to it.

Do you live your real life in a bubble?

_________________
----> * <---- My star, won HERE
Post 31 Aug 2009, 02:09
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.