undefined | Better HN

0 pointscoderdude16y ago0 comments

You often can't tell when you're missing out on a feature due to JS being disabled. It isn't always visually obvious. Am I missing something or is there a trust system to this whole VM thing?

Edit: To put it better perhaps, are you worried that they can execute arbitrary code on your CPU as your user on your OS? Or are you just worried that they might paste a link into your clipboard?

0 comments

1 comments · 1 top-level

jerf16y ago

Are you running NoScript? May I assume not? If so, then may I point out that you are hypothesizing what using NoScript is like to a user of NoScript while you have no direct experience? This is a structurally-unsound argumentative position for you to be in.

(No, any experience you may have shutting it off entirely does not count. NoScript is smarter than that and does not work that way.)

I do use it. It is two to three times less common for me to be surprised by secret JavaScript functionality on a site than for me to be surprised going into the comment sections of HN or reddit and seeing people complain about some bad thing that I didn't experience. That is a serious estimate. And the thing I missed out on is rarely important. (The most common exception to that is when you need JS to go to the next page. Frequently I decide I don't care enough anyhow.)

Malicious Javascript can do some weird and nasty things, but mostly I run it because it makes the web less annoying. That it tends to prevent exploits from working is just gravy. (Exploits often fail against a 64 bit gentoo-based Firefox anyhow, but still, careful is good.)

j / k navigate · click thread line to collapse