Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
Sure. There have been enough of them over the years. Go to Bugtraq and search for
"javascript." I just did it and came up with 459 items. That's more than
several.
What is your real question?
Something to remember about security holes is that once they're fixed,
they're no longer a problem, and *all* large systems have security holes in
them. It takes time for fixes to propagate, because users have to upgrade
or update to get the fixes. But once the bug is fixed, it's fixed.
Are you looking for ammunition for not using JavaScript in a Web
application? If so, what are your alternatives? I can suggest a couple
things. I'm old-fashioned and real fond of straight old HTML with text and
pictures and no frames, myself, but I've seen some very pretty sites that
use Flash, I must admit.
Are you looking for justification for having JavaScript turned off in your
browser? I usually run with JavaScript turned off. Security problems aren't
really the issue -- it's those damned pop-up windows. I hate them, and
turning off JavaScript makes them go away.
Typically, my browser has
JavaScript off, and if I come across some site that really needs it that I actually want to use, (often, my answer to a site saying it needs
JavaScript is to just go do something else) then I turn it on. Usually I
forget to turn it off until the next pop-up window comes up, angering me
again.
This was first published in August 2001