| |||||||||||||
|
| |||||||||||||
Web security vulnerabilities and JavascriptWeb security vulnerabilities and JavascriptPosted Jan 24, 2008 19:04 UTC (Thu) by rfunk (subscriber, #4054)Parent article: Web security vulnerabilities and Javascript
"It is difficult problem, as website owners need to be able to call out to advertisers' Javascript," Why? Just because the advertisers demand it? It certainly doesn't seem to me to be a necessary aspect of web advertising. "but users typically do not expect to run code from a site they did not directly access." Exactly. By now pretty much every browser has an option to disable images from third-party sites, but unfortunately I don't know of any browser options to disable third-party javascript. And third-party javascript is a lot more dangerous than third-party images.
(Log in to post comments)
Web security vulnerabilities and Javascript Posted Jan 24, 2008 19:13 UTC (Thu) by jake (editor, #205) [Link] Your quote of the article pointed out a typo, thanks! > "It is difficult problem, as website owners need to be able to call out to > advertisers' Javascript," > > Why? Just because the advertisers demand it? It certainly doesn't seem > to me to be a necessary aspect of web advertising. s/difficult/a difficult/ Anything that needs to play with the DOM to get their ad content into the site (Google ads for example) needs to use Javascript. Site owners don't want to synchronously retrieve that content (network problems could cause their site to load slowly or not at all). Because of the same-site restriction for Javascript, the site owner can't host the Javascript either. jake
|
|
||||||||||||