Indeed, XSS is a very real security worry.
the article states? I don't /think/ so! Rather, it's been the default
here for a good eight years or more. Scripting (and back on MSWormOS,
ActiveHex, and on Linux, plugins) and cookies are always off by default,
only turned on after I find I need them and ask myself what trust level I
have for the site, and whether my need for what the site offers justifies
the necessary hassle. I can state for a fact that a site's poor choices
have not only redirected my viewing, but thousands of dollars worth of
purchases, over the years. If they aren't security conscious enough to
realize that some users visiting their site won't have certain things
enabled by default, and have the site designed so at least information
about a product can be gathered without /too/ much jumping thru hoops to
turn stuff back on, then they obviously aren't concerned enough about
security to be worth my purchasing consideration, whether it's a site I'm
shopping right then with card in hand, or a manufacturer's site I'm
looking at for product info. There are other sites out there plenty
willing to let me be their customer, without the hassle.
FWIW, tho, not FireFox here, but Konqueror, with its per-site scripting
and cookie permissions, and privoxy, filtering the worst stuff and setting
all cookies to session-only by default, before Konqueror even sees it.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds