On 07/13/2015 10:08 AM, Sam Hartman wrote:
My concern about this advice is that no one will implement it because it
will break portals. Modern web pages use scripts for a lot of things.
If I were writing such a portal, I'd almost certainly use scripts for
some things and probably if I were writing it as a new app use a
client-side framework like angular where the entire thing was one
script.
So, it's great security advice, but entirely impractical.
I don't think it's that impractical to write your web page so that it
works with or without javascript, and this is a clear case where it
makes a lot of sense to do so. So giving the advice makes sense.
Whether anybody will follow it I don know. One of these days I'm sure
we'll start to see web browser vendors disabling Flash by default...