A bookmark is more like a link than a manually-entered URL, and as mentioned in the original email, the browser will have to of course keep working with javascript: links.<div><br></div><div>99.9999% of people have never manually entered a javascript: URL into a browser addressbar in their life -- unless duped by a social engineering virus.</div>
<div><br><br><div class="gmail_quote">On Thu, Jul 22, 2010 at 4:41 PM, Aryeh Gregor <span dir="ltr"><<a href="mailto:Simetrical%2Bw3c@gmail.com">Simetrical+w3c@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Thu, Jul 22, 2010 at 4:32 PM, Luke Hutchison <<a href="mailto:luke.hutch@mit.edu">luke.hutch@mit.edu</a>> wrote:<br>
</div><div class="im">> There is no legitimate reason that non-developers would need to paste<br>
> "javascript:" URLs into the addressbar, and the ability to do so<br>
> should be disabled by default on all browsers.<br>
<br>
</div>Sure there is: bookmarklets, basically. javascript: URLs can do lots<br>
of fun and useful things. Also fun but not-so-useful things, like:<br>
<br>
javascript:document.body.style.MozTransform=document.body.style.WebkitTransform=document.body.style.OTransform="rotate(180deg)";void(0);<br>
<br>
(Credit to johnath for that one. Repeat with 0 instead of 180deg to<br>
undo.) You can do all sorts of interesting things to the page by<br>
pasting javascript: URLs into the URL bar. Of course, there are<br>
obviously security problems here too, but "no legitimate reason" is<br>
much too strong.<br>
</blockquote></div><br></div>