• Waffle@infosec.pub
        link
        fedilink
        arrow-up
        0
        ·
        4 days ago

        More secure to disable sites from running js. There may also be performance considerations if sites are running js client side

        • PhilipTheBucket@ponder.catOP
          link
          fedilink
          arrow-up
          0
          ·
          4 days ago

          I don’t think this is true. Or… I guess it is true, but I think the security benefit from not running JS is overhyped. Most vulnerabilities in the browser don’t involve the JS interpreter, since its security gets a lot of attention and there are a lot of other components which are equally capable of compromising everything as well. You could use Tor to keep your identity private, use an ad blocker to remove tracking which doesn’t need to involve JS, keep up-to-date on security which is critical to do anyway, and then disable JS on top of that but at that point I think you would be getting around a 10% improvement in security or something, when the other factors are a lot more significant.

          Maybe I shouldn’t say it’s always a bad idea, but disabling it and then going around complaining about sites that don’t work sounds a lot like a self-created problem to me. A lot of sites don’t work without JS.