- From: Luke Hutchison <luke.hutch@mit.edu>
- Date: Thu, 22 Jul 2010 16:46:43 -0400
A bookmark is more like a link than a manually-entered URL, and as mentioned in the original email, the browser will have to of course keep working with javascript: links. 99.9999% of people have never manually entered a javascript: URL into a browser addressbar in their life -- unless duped by a social engineering virus. On Thu, Jul 22, 2010 at 4:41 PM, Aryeh Gregor <Simetrical+w3c at gmail.com<Simetrical%2Bw3c at gmail.com> > wrote: > On Thu, Jul 22, 2010 at 4:32 PM, Luke Hutchison <luke.hutch at mit.edu> > wrote: > > There is no legitimate reason that non-developers would need to paste > > "javascript:" URLs into the addressbar, and the ability to do so > > should be disabled by default on all browsers. > > Sure there is: bookmarklets, basically. javascript: URLs can do lots > of fun and useful things. Also fun but not-so-useful things, like: > > > javascript:document.body.style.MozTransform=document.body.style.WebkitTransform=document.body.style.OTransform="rotate(180deg)";void(0); > > (Credit to johnath for that one. Repeat with 0 instead of 180deg to > undo.) You can do all sorts of interesting things to the page by > pasting javascript: URLs into the URL bar. Of course, there are > obviously security problems here too, but "no legitimate reason" is > much too strong. > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100722/da1bad8d/attachment.htm>
Received on Thursday, 22 July 2010 13:46:43 UTC