I decided to see if I could insert benign Javascript into this blog. I saved the Javascript into this post. I visited this post and the benign Javascript was executed on my laptop.
I experimented inserting the same Javascript as a comment in my blog. Blogger disallowed the Javascript from being submitted.
What's the implication of this? Malicious parties are prevented from inserting malicious Javascript as a comment into blogs. However, they do not disallow bloggers from inserting malicious code into their blogs so you have to be careful when visiting someone else's blog as it may contain malicious code that will execute on your machine.
How do you block Javascript? There are two methods of blocking Javascript. You can disable Javascript from your browser. The problem with blocking Javascript in your browser is that websites that use Javascript for added functionality will stop working.
Alternatively, you can install NoScript. NoScript is a Firefox add-on that by default blocks all scripts on websites. You can manually choose to permanently or temporarily allows scripts to run on specific sites depending on how much you trust them. This won't eliminate all risks but minimizes your exposure to malicious content.
No comments:
Post a Comment