[RFE] PER-SITE java[script]/cookie security in status line

Assigned to



Security: CAPS
16 years ago
8 years ago


(Reporter: stig hackvan, Assigned: dveditz)



Firefox Tracking Flags

(Not tracked)




16 years ago
javascript is 90% annoying predatory javascript abuse (pop-up ads) is
epidemic...  but increasingly unavoidable...bugzilla, for instance, requires it.
 ..an in order to use bugzilla, when javascript is a global preference, i get
stuck with a vulnerability to malicious javascript on other sites...  yuck!
SO, what i strongly recommend [hope, wish, pray, beseech] is that javascript
control be at least as fine-grained as cookies and that per-site cookie &
javascript preferences be settable on the toolbar or status line.  

  0. java[script] defaults to OFF
  1. when a page is loaded that contains java[script], an alert icon appears in
the status line and blinks a few times as an attention signal. (but doesn't
blink non-stop)
  2. left-click (button 1) runs the java[script] on that page once and only once
     right-click (button 3) gives a pulldown menu containing:
          - view source (with javascript highlighted)
          - enable javascript for this site (this session only)
          - enable javascript for this site (permanently)

same goes for mail content...per-message javascript...

the same can be done with cookies and all other security-ish things that
normally pop-up dialogs.  All of those dialogs that pop-up when you're a new
user are getting really annoying...what with re-installs and so on...those
should move to the status line, too, i think...

-- stig zax hackvan, lobbying for the DWIM interface...
PS: also, IE has the nice feature of posting a status-line alert icon to
indicate when malfunctioning javascript is present.
To UI design.  spec needed.

note that most of the issues in question are already reported in other bugs.
Assignee: sgehani → mpt
Component: Preferences → User Interface Design
Ever confirmed: true
QA Contact: sairuh → zach


16 years ago
Severity: major → enhancement
Summary: PER-SITE java[script]/cookie security in status line → [RFE] PER-SITE java[script]/cookie security in status line

Comment 2

16 years ago
For cookies, see bug 67580.

Comment 3

15 years ago
uid is being phased out.
Assignee: mpt → mstoltz
Component: User Interface Design → Security: CAPS
QA Contact: zach → bsharma


11 years ago
Assignee: security-bugs → dveditz
QA Contact: bsharma → caps

Comment 4

9 years ago
I'm having a hard time finding other bugs where this issue is reported.  I'm surprised that this one is so quiet.  JS is getting more and more obnoxious and having a way to turn it off on a per-site basis is becoming urgent.

Comment 5

8 years ago
You can use the YesScript extension if you want a blacklist, or NoScript if you want either a blacklist or whitelist.
You need to log in before you can comment on or make changes to this bug.