fj12ryder wrote:
From jscripters.com:
"Like most good things however, there is a catch. Javascript has been responsible for several security vulnerabilities over the years. While the language is widespread and has been continually tweaked and undergone several revisions it is still insecure. One prime example is FredsCars.net, a popular car auction site that was turned into a small static html page simply because they couldn't control the site's behavior due to the JavaScript vulnerabilities..."
From stackoverflow.com in answer to the question "What are the risks of using Javascript and how to avoid them?":
"One of the most common errors is HTML injection, allowing third parties to inject JavaScript into your security context. That allows an attacker to control what a user does on your site, completely breaking account security."
From veracode.com:
"Since its release, there have been several JavaScript security issues that have gained widespread attention. For one, the way JavaScript interacts with the DOM poses a risk for end users by enabling malicious actors to deliver scripts over the web and run them on client computers. There are two measures that can be taken to contain this JavaScript security risk. First is sandboxing, or running scripts separately so that they can only access certain resources and perform specific tasks. The second measure is implementing the same origin policy, which prevents scripts from one site from accessing data that is used by scripts from other sites. Many JavaScript security vulnerabilities are the result of browser authors failing to take these measures to contain DOM-based JavaScript security risks."
These were just a couple of literally thousands of pages on the risks of JavaScript. But you do whatever you feel is best.
I don't care how much a "seasoned" IT person is, I have PERSONALLY watched not once but twice my PC getting malware via 3rd party inline text ads which USE Javascripts.
Javascripts are able to take complete control at administrative level easily bypassing security INSPITE of what the level the user is set to including rights passed on by the IT department and the Domain Controller..
I learned the hard way that inspite of having a fully up to date fully patched PC the BEST security is to stop it at the browser level..
Now days I use FireFox with AdBlockPlus and NOSCRIPT..
NoScript PUTS you back in control of your PC by only allowing the Javascripts that are needed for the website to work..
Yes, it can be a pain but it is worth it..
For the OP, I don't think AdBlockPlus would fix that, perhaps NoScript just might do it though.. Just be aware that NoScript will stop other needed scripts from running.. You may need to re-enable some to make the website functional..
