[Cryptography] Crippling Javascript for safer browsing

Jerry Leichter leichter at lrw.com
Fri Jun 6 10:46:55 EDT 2014 

On Jun 6, 2014, at 10:15 AM, Theodore Ts'o <tytso at mit.edu> wrote:
> The important thing to keep in mind is that most users are, in
> practice, not willing to trade the prospect of a potential avoidance
> of future pain due to a security exposure, with the imminent decrease
> in functionality.  The reason why Noscript has adoption is that you
> can whitelist sites you *want* to use that happen to require
> Javascript.
> 
> The assumption that because Noscript has some amount of usage (but
> mostly by more technical people who tend to care more about security)
> that therefore people would be willing to deal with a wholesale
> removeable of Javascript functionality, no matter that it might things
> that sites that they *want* to use is not, I suspect, one that will
> turn out to be a well-founded one.
> 
> If you at the same time can propose some addition a *functional*
> extensions to substitute for desirable functionality that would
> otherwise be curtailed by castrating some "dangerous" Javascript
> feature, and those extensions would allow some highly desirable
> functionality to be achievable, then maybe people would be more likely
> to embrace it.  Otherwise, it will have as much mass adoption as, say,
> OpenPGP....
What I proposed was removing or modifying Javascript functions that are dangerous but just annoying in such a way that the server wouldn't, in general, know.  For example, any window created by Javascript might have some distinguishable chrome around it.  The Javascript code would not be able to tell.  The Javascript code might try to position an invisible window over existing controls and clickjack; the window would simply not be created.  Actions on window close would ever go off.  Pop-unders would never get created. And so on.

With judicious selection of what you disable or modify and how, the vast majority of sites will just work - perhaps not "unmodified" from the point of view of the server-side developer who's trying to get some particular nasty effect through, but still "working" from the point of view of the browser user. And you always have the option of allowing things on a site-by-site basis where appropriate.  (That's a bad solution for anyone other than hackers, but if you can make most people very unlikely to encounter the need, it's acceptable.)

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140606/77136124/attachment.bin>

More information about the cryptography mailing list