On Sat, Aug 10, 2013 at 12:57:15AM -0500, Bruno Wolff III wrote: > They really downplay the extra security risk of enabling javascript. > And they really are placing the blame in the wrong place, very few > web sites really need to require javascript. It would have been > nicer to see Mozilla push back against sites requiring javascript to > function rather than to make it harder for people to reduce their > risk of getting owned. This ship has sailed. In fact, it has sailed out of the harbor, across the ocean, to the remote isles, and brought back a collection of valuable trade goods. The web today depends on Javascript, and client-side scripting brings so much of what makes it actually useful that the idea of going back to entirely server-based scripting is a non-starter. The security answer here isn't going back to the web of the 90s. It's using modern container and security policy systems to contain the risk. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
