Open Bug 123248 Opened 23 years ago Updated 2 years ago

[RFE] PER-SITE java[script]/cookie security in status line

Categories

(Core :: Security: CAPS, enhancement)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Linux
Type:
enhancement

Tracking

()

People

(Reporter: stig-moz, Assigned: dveditz)

Details

javascript is 90% annoying predatory javascript abuse (pop-up ads) is epidemic... but increasingly unavoidable...bugzilla, for instance, requires it. ..an in order to use bugzilla, when javascript is a global preference, i get stuck with a vulnerability to malicious javascript on other sites... yuck! SO, what i strongly recommend [hope, wish, pray, beseech] is that javascript control be at least as fine-grained as cookies and that per-site cookie & javascript preferences be settable on the toolbar or status line. REQUESTED UI-FLOW: 0. java[script] defaults to OFF 1. when a page is loaded that contains java[script], an alert icon appears in the status line and blinks a few times as an attention signal. (but doesn't blink non-stop) 2. left-click (button 1) runs the java[script] on that page once and only once right-click (button 3) gives a pulldown menu containing: - view source (with javascript highlighted) - enable javascript for this site (this session only) - enable javascript for this site (permanently) same goes for mail content...per-message javascript... the same can be done with cookies and all other security-ish things that normally pop-up dialogs. All of those dialogs that pop-up when you're a new user are getting really annoying...what with re-installs and so on...those should move to the status line, too, i think... -- stig zax hackvan, lobbying for the DWIM interface... PS: also, IE has the nice feature of posting a status-line alert icon to indicate when malfunctioning javascript is present.
To UI design. spec needed. note that most of the issues in question are already reported in other bugs.
Assignee: sgehani → mpt
Status: UNCONFIRMED → NEW
Component: Preferences → User Interface Design
Ever confirmed: true
QA Contact: sairuh → zach
Severity: major → enhancement
Summary: PER-SITE java[script]/cookie security in status line → [RFE] PER-SITE java[script]/cookie security in status line
For cookies, see bug 67580.
uid is being phased out.
Assignee: mpt → mstoltz
Component: User Interface Design → Security: CAPS
QA Contact: zach → bsharma
Assignee: security-bugs → dveditz
QA Contact: bsharma → caps
I'm having a hard time finding other bugs where this issue is reported. I'm surprised that this one is so quiet. JS is getting more and more obnoxious and having a way to turn it off on a per-site basis is becoming urgent.
You can use the YesScript extension if you want a blacklist, or NoScript if you want either a blacklist or whitelist.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.