turning off Javascript

Given what I've been reading about Javascript, I suspect it's worthwhile
to keep it turned off most of the time. Is there a particular add-on in
Firefox that works well? I found JustDisableStuff but wondered if that's
the best approach. And what about in Internet Explorer? I mostly don't
use that browser; but when I can't print part of a webpage in Firefox
(which has very poor printing capability), I print from IE.

--
Thank you,
Jo-Anne

Jo-Anne formulated the question :
Given what I've been reading about Javascript, I suspect it's worthwhile to
keep it turned off most of the time. Is there a particular add-on in Firefox
that works well? I found JustDisableStuff but wondered if that's the best
approach. And what about in Internet Explorer? I mostly don't use that
browser; but when I can't print part of a webpage in Firefox (which has very
poor printing capability), I print from IE.

NoScript is the way to go.

https://noscript.net/

On Sun, 13 Sep 2015 11:14:05 -0500
Jo-Anne wrote:

Given what I've been reading about Javascript, I suspect it's
worthwhile to keep it turned off most of the time. Is there a
particular add-on in Firefox that works well? I found
JustDisableStuff but wondered if that's the best approach. And what
about in Internet Explorer? I mostly don't use that browser; but when
I can't print part of a webpage in Firefox (which has very poor
printing capability), I print from IE.


Try NoScript.

On 9/13/2015 11:14 AM, Jo-Anne wrote:
Given what I've been reading about Javascript, I suspect it's worthwhile
to keep it turned off most of the time. Is there a particular add-on in
Firefox that works well? I found JustDisableStuff but wondered if that's
the best approach. And what about in Internet Explorer? I mostly don't
use that browser; but when I can't print part of a webpage in Firefox
(which has very poor printing capability), I print from IE.


Thank you, everyone! I installed NoScript in Firefox. Any suggestions
for dealing with Javascript in IE?

--
Jo-Anne

On 9/13/2015 11:22 AM, Ken1943 wrote:
On Sun, 13 Sep 2015 11:14:05 -0500, Jo-Anne
wrote:

Given what I've been reading about Javascript, I suspect it's worthwhile
to keep it turned off most of the time. Is there a particular add-on in
Firefox that works well? I found JustDisableStuff but wondered if that's
the best approach. And what about in Internet Explorer? I mostly don't
use that browser; but when I can't print part of a webpage in Firefox
(which has very poor printing capability), I print from IE.

Nothing wrong with Javascript. Many sites use it. It has no
relationship to Java.


Ken1943


Thank you, Ken. Others (e.g., Mayayana) have said that Javascript has
security vulnerabilites too. Hence my desire to at least manage it as
best I can.

--
Jo-Anne

I also vote for NoScript, though I haven't tried
others. NoScript can be set to block all script. Then
if a site doesn't work you can enable selectively.
For instance, you might go to acme.com and need
script. Then you click on NoScript and it lists 5
domains that want to load script. In most cases
you'll only need to enable acme.com, so you'll be
safer while also avoiding a lot of tracking. (The
current crop of ransomware attacks are mostly
working through iframes that run script from another
domain than the one you're visiting.)
The nice thing is that you don't have to keep
opening your browser settings. It's easy to enable
script selectively, which then auto-reloads the page.
It's a very well designed extension.

I take it a step further. I use 2 browsers, Firefox
and Pale Moon (which is like Firefox). In PM I disable
cookies, referrers, script, frames, 3rd-party images...
I disable anything that's a security or privacy risk.
(Iframes are a common attack venue.)
I then use PM most of the time. When I need to use
a site that won't work, I switch to FF. In that I have
frames and session cookies enabled, as well as script.
NoScript will then block all script unless I enable
something specific. I find that combo gives me
maximum protection with minimum risk. And having
the 2 browsers means I never need to adjust settings.

If you can avoid Flash and Adobe Acrobat Reader
plugins that's also a good idea. Flash is probably the
#1 risk right now, after script. I came across an
interesting report yeaterday from Cisco, about current
threats:

http://www.cisco.com/web/offers/pdfs/cisco-msr-2015.pdf

IE is difficult because the settings are so complex
and convoluted. I'm not aware of any simple add-on
for that, and adjusting script in Internet Options is
just not realistic. There are too many settings to
adjust.

I've been noticing more trouble than usual lately.
It's not so much that sites need script. Rather, people
who start small businesses are going to "websites
for dummies" companies like wix.com and squarespace.com.
They then end up with websites that don't actually
*need* any script, but the landing page is nothing but
script, which then dynamically loads the site. The
people using these hosts don't understand the problem
and are happy that they paid little, if anything, for
a decent site that they could design online via
drag-drop.
I don't know what the thinking is on the part of
the squarespace and wix people -- why they're
making such a mess of their code -- but it may be
a problem if that kind of hosting becomes popular.

Another problem that's recent is forbes.com. The
main page works for me, but if I click on an article I
see a blank page with a small, black frown on it.
Looking at the source code I found that Forbes is
loading pseudo-JSON with javascript, and the entire
webpage -- HTML and all -- is a string embedded
in the javascript! It's an abomination. The only thing
I can guess is that they're trying to shut out script
blockers because they have ads/tracking that
depends on it.

....Probably more than you want to know, but it
provides some sense of the pros and cons with script.
Most sites don't need it, but more sites are crippled
without it than ever before.

On 9/13/2015 9:14 AM, Jo-Anne wrote:
Given what I've been reading about Javascript, I suspect it's worthwhile
to keep it turned off most of the time. Is there a particular add-on in
Firefox that works well? I found JustDisableStuff but wondered if that's
the best approach. And what about in Internet Explorer? I mostly don't
use that browser; but when I can't print part of a webpage in Firefox
(which has very poor printing capability), I print from IE.


The problem with JavaScript is that some Web pages have really bad
scripts, not hostile but broken. The pages can consume all memory and
overload your processor, often causing the browser to freeze. I also
find that some Web site have JavaScript that is merely annoying.

I use the PrefBar extension in SeaMonkey. The same version of PrefBar
can also be used in Firefox.

Once PrefBar is installed with the option to enable its own tool bar,
you will find a checkbox to disable JavaScript. Check the box to
enable, and uncheck it to disable JavaScript. This checkbox applies
simultaneously to all instances -- windows and tabs -- of your browser.
You can also customize PrefBar to remove that checkbox and then replace
it with a checkbox that applies only to the current instance.

--
David E. Ross

Why do we tolerate political leaders who
spend more time belittling hungry children
than they do trying to fix the problem of
hunger? http://mazon.org/

Jo-Anne wrote:
Given what I've been reading about Javascript, I suspect it's worthwhile to keep it turned
off most of the time. Is there a particular add-on in Firefox that works well? I found
JustDisableStuff but wondered if that's the best approach. And what about in Internet
Explorer? I mostly don't use that browser; but when I can't print part of a webpage in
Firefox (which has very poor printing capability), I print from IE.

I set my FF's and SM's to let JS change browser images only.
All other JS stays off.

On 9/13/2015 9:57 AM, Mayayana wrote [in part]:
I also vote for NoScript, though I haven't tried
others. NoScript can be set to block all script. Then
if a site doesn't work you can enable selectively.
For instance, you might go to acme.com and need
script. Then you click on NoScript and it lists 5
domains that want to load script. In most cases
you'll only need to enable acme.com, so you'll be
safer while also avoiding a lot of tracking. (The
current crop of ransomware attacks are mostly
working through iframes that run script from another
domain than the one you're visiting.)
The nice thing is that you don't have to keep
opening your browser settings. It's easy to enable
script selectively, which then auto-reloads the page.
It's a very well designed extension.

I get the same capability merely by having multiple profiles.

My usual profile has the cookies.sqlite file marked read-only so that
sites think they are setting cookies but they are definitely not. I
have popups blocked and allow images only from the domain of the Web
site I am visiting. I have the FlashBlock, AdBlock Plus, and Secret
Agent extensions enabled. I purge the cache on termination, which
includes switching profiles. In this profile, I do not have any
passwords to financial institutions saved.

Another profile is used only for transactions at financial institutions.
To meet the requirements of their Web sites, I accept all cookies and
images. I did not install the AdBlock Plus and Secret Agent extensions.
I did install the FlashBlock extension, but it is generally disabled.
Not only do I purge my cache on termination, but I also purge my
browsing history. In this profile, I only have passwords to financial
institutions saved. Periodically, I check the saved cookies and remove
those set when I forgot that I had this profile running when visiting a
Web site that is not for a financial institution; I usually mark the
cookie permissions to block such cookies in the future.

I have a third profile for use by guests. This has far fewer
restrictions but also fewer extensions than my primary profile.

--
David E. Ross

Why do we tolerate political leaders who
spend more time belittling hungry children
than they do trying to fix the problem of
hunger? http://mazon.org/

On Sun, 13 Sep 2015 09:18:14 -0700, none wrote:

NoScript is the way to go.

https://noscript.net/

I second that, but it can be confusing sometimes. When it "breaks" a
site, what do you allow and what not?

--
s|b

Jo-Anne wrote:
Any suggestions for dealing with Javascript in IE?

Don't use it/IE. Mostly.

If you are interesting in having good control of your browser, it is
better to not use IE except for some very specific worthwhile site which
requires IE and then only use it for that site and not as your general
browser.

For example, if you need to use Java for something in IE, IE should be
the only browser capable of Java and not used for anything else.

If you are only using Ffx and Chrome generally, you can eliminate their
use of Java. If you stop all javascript, you are going to be
'inconvenienced', perhaps unnecessarily, but it can be done selectively.

--
Mike Easter

s|b explained :
On Sun, 13 Sep 2015 09:18:14 -0700, none wrote:

NoScript is the way to go.

https://noscript.net/

I second that, but it can be confusing sometimes. When it "breaks" a
site, what do you allow and what not?

I agree but I haven't found anything better, have you?

Mike Easter wrote:
Jo-Anne wrote:
Any suggestions for dealing with Javascript in IE?

Don't use it/IE. Mostly.

If you are interesting in having good control of your browser, it is better to not use IE
except for some very specific worthwhile site which requires IE and then only use it for
that site and not as your general browser.

For example, if you need to use Java for something in IE, IE should be the only browser
capable of Java and not used for anything else.

If you are only using Ffx and Chrome generally, you can eliminate their use of Java. If
you stop all javascript, you are going to be 'inconvenienced', perhaps unnecessarily, but
it can be done selectively.

I agree completely.
VPN to my employer requires IE and Java.
Otherwise I never use either.

On Sun, 13 Sep 2015 11:55:00 -0700, none wrote:

I second that, but it can be confusing sometimes. When it "breaks" a
site, what do you allow and what not?

I agree but I haven't found anything better, have you?

I'm still using it, but sometimes it's frustrating if you want to watch
a video for instance, and you click on a link, but the video isn't
playing and NoScript is showing like 20 sites.

--
s|b

On Sun, 13 Sep 2015 22:12:22 +0200, FredW wrote:

I second that, but it can be confusing sometimes. When it "breaks" a
site, what do you allow and what not?

Trial and error (one by one).
Over time you get used to it and can select fairly easily what to allow
and what not.
(I never allow googgle, facebook,etc.)

That's what I've learnt as well, but it can be frustrating at times.

--
s|b