- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Thu, 22 Jul 2010 16:41:52 -0400
On Thu, Jul 22, 2010 at 4:32 PM, Luke Hutchison <luke.hutch at mit.edu> wrote: > There is no legitimate reason that non-developers would need to paste > "javascript:" URLs into the addressbar, and the ability to do so > should be disabled by default on all browsers. Sure there is: bookmarklets, basically. javascript: URLs can do lots of fun and useful things. Also fun but not-so-useful things, like: javascript:document.body.style.MozTransform=document.body.style.WebkitTransform=document.body.style.OTransform="rotate(180deg)";void(0); (Credit to johnath for that one. Repeat with 0 instead of 180deg to undo.) You can do all sorts of interesting things to the page by pasting javascript: URLs into the URL bar. Of course, there are obviously security problems here too, but "no legitimate reason" is much too strong.
Received on Thursday, 22 July 2010 13:41:52 UTC