[whatwg] Please disallow "javascript:" URLs in browser address bars
Boris Zbarsky
bzbarsky at MIT.EDU
Thu Jul 22 13:51:31 PDT 2010
On 7/22/10 4:46 PM, Luke Hutchison wrote:
> A bookmark is more like a link than a manually-entered URL
What would prevent the viruses in question from saying "drag this link
to your bookmarks bar and then click the bookmark"?
Note that this is something that sites actually do... not necessarily
commonly, but often enough. http://www.google.com/reader/settings the
"Goodies" tab is an example.
Or http://lab.arc90.com/experiments/readability/ for that matter.
> 99.9999% of people have never manually entered a javascript: URL into a
> browser addressbar in their life -- unless duped by a social engineering
> virus.
I agree, but the duping for bookmarks seems just as simple....
-Boris
More information about the whatwg
mailing list