W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2010

[whatwg] Please disallow "javascript:" URLs in browser address bars

From: Nikita Popov <privat@ni-po.com>
Date: Sat, 24 Jul 2010 13:26:22 +0200
Message-ID: <4C4ACDDE.6050300@ni-po.com>
On 24.07.2010 02:33, Bjartur Thorlacius wrote:
>
> Wrong.  Plain wrong. Kids who like to test stuff do things like this. I
> do agree though that the urlbar isn't the right place, there should be
> a different prompt for this kind of stuff.  Probably disabled at compile
> time by default and accessible by recompile (or addon).
>    
Not everybody who executes JavaScript Code using the address bar is a 
Linux freak who knows how to compile a browser. This mustn't be a 
hard-accessible configuration option.

I really don't like the idea of disallowing it totally. It should 
suffice to prompt the user whether he is sure he want's to execute the 
script.
Received on Saturday, 24 July 2010 04:26:22 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:25 UTC