Open
Bug 123248
Opened 23 years ago
Updated 2 years ago
[RFE] PER-SITE java[script]/cookie security in status line
Categories
(Core :: Security: CAPS, enhancement)
Tracking
()
NEW
People
(Reporter: stig-moz, Assigned: dveditz)
Details
javascript is 90% annoying predatory javascript abuse (pop-up ads) is
epidemic... but increasingly unavoidable...bugzilla, for instance, requires it.
..an in order to use bugzilla, when javascript is a global preference, i get
stuck with a vulnerability to malicious javascript on other sites... yuck!
SO, what i strongly recommend [hope, wish, pray, beseech] is that javascript
control be at least as fine-grained as cookies and that per-site cookie &
javascript preferences be settable on the toolbar or status line.
REQUESTED UI-FLOW:
0. java[script] defaults to OFF
1. when a page is loaded that contains java[script], an alert icon appears in
the status line and blinks a few times as an attention signal. (but doesn't
blink non-stop)
2. left-click (button 1) runs the java[script] on that page once and only once
right-click (button 3) gives a pulldown menu containing:
- view source (with javascript highlighted)
- enable javascript for this site (this session only)
- enable javascript for this site (permanently)
same goes for mail content...per-message javascript...
the same can be done with cookies and all other security-ish things that
normally pop-up dialogs. All of those dialogs that pop-up when you're a new
user are getting really annoying...what with re-installs and so on...those
should move to the status line, too, i think...
-- stig zax hackvan, lobbying for the DWIM interface...
PS: also, IE has the nice feature of posting a status-line alert icon to
indicate when malfunctioning javascript is present.
|
||
Comment 1•23 years ago
|
||
To UI design. spec needed. note that most of the issues in question are already reported in other bugs.
Assignee: sgehani → mpt
Status: UNCONFIRMED → NEW
Component: Preferences → User Interface Design
Ever confirmed: true
QA Contact: sairuh → zach
|
||
Updated•23 years ago
|
Severity: major → enhancement
Summary: PER-SITE java[script]/cookie security in status line → [RFE] PER-SITE java[script]/cookie security in status line
uid is being phased out.
Assignee: mpt → mstoltz
Component: User Interface Design → Security: CAPS
QA Contact: zach → bsharma
|
Assignee | |
Updated•18 years ago
|
Assignee: security-bugs → dveditz
QA Contact: bsharma → caps
|
||
Comment 4•16 years ago
|
||
I'm having a hard time finding other bugs where this issue is reported. I'm surprised that this one is so quiet. JS is getting more and more obnoxious and having a way to turn it off on a per-site basis is becoming urgent.
|
||
Comment 5•15 years ago
|
||
You can use the YesScript extension if you want a blacklist, or NoScript if you want either a blacklist or whitelist.
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•