Loading Profile...
Allow JavaScript from friends only
In the light of recetn incidents [1], I suppose you will may disallow or greatly restrict the use of JavaScript on Soup. That is sad, though probably inevitable on the long run -- being able to freely inject javascript is an invitation to cookie theft and other nasty things.
So, how about allowing javascript only from people I trust -- i.e. my "friends"? Would that work? Would it be woth the effort?
[1] http://lakim.soup.io/post/2567828/Vor...
So, how about allowing javascript only from people I trust -- i.e. my "friends"? Would that work? Would it be woth the effort?
[1] http://lakim.soup.io/post/2567828/Vor...
I’m peeved
1
person likes this idea
I like this idea!
Tell me when this idea gets some attention.
The more people who like this idea, the more it gets noticed.
The more people who like this idea, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?The current policy is that JavaScript is filtered everywhere where posts from different authors are mixed: The front page, your friends view, reaction bubbles, etc. – but not on your own blog.
That ratatuy was able to inject JavaScript anyway must have been a bug in the filtering – we're still investigating that.
I'm not sure allowing JS from your "friends" is a good idea, since that term is used very loosly on Soup: You're really just subscribing to someone's posts, there is not a huge level of trust implied. -
Inappropriate?It was indeed a bug in filtering... and, most critically, caching of the non-filtered posts. We've plugged that hole now, and I'm confident that the front page and your friends list is safe now.
I’m feeling reasonably safe again
EMPLOYEE
