There may be genuine use cases to run a script, or whatever the attacker used. The problem is the browsers will auto-run stuff, the user isn’t aware and there’s no way to stop it.
All unlock does is provide the missing security layer called “don’t auto run shit from the web”.
The NoScript extension will properly do this. The extension blocks domains from running scripts except those you’ve whitelisted. There’s a drop down that displays a list of domains from which the page wishes to run scripts. It makes much of the web a pain to use, though. I sometimes have to go through a loop of whitelisting a subset of domains which want to run followed by a page refresh until the page works. Javascript is often not optional. If you had to live like Richard Stallman professes you should, you’d probably have to join the Amish.
If a tool is demonstrably indispensable to disable some browsers’ functionality, is it wise for browsers to have that functionality?
I like it being extensible instead, as some adblocks might be opinionated or unresponsive. It’s easier to swap adblocks then browsers.
There may be genuine use cases to run a script, or whatever the attacker used. The problem is the browsers will auto-run stuff, the user isn’t aware and there’s no way to stop it. All unlock does is provide the missing security layer called “don’t auto run shit from the web”.
it won’t provide that, everything will still autoorun, but known bad things won’t get to run
The NoScript extension will properly do this. The extension blocks domains from running scripts except those you’ve whitelisted. There’s a drop down that displays a list of domains from which the page wishes to run scripts. It makes much of the web a pain to use, though. I sometimes have to go through a loop of whitelisting a subset of domains which want to run followed by a page refresh until the page works. Javascript is often not optional. If you had to live like Richard Stallman professes you should, you’d probably have to join the Amish.