javascript setting in 2019.12 Classic very concerning

[linuxgirl22]

Hello :-) I normally use the add-on Javascript Control, which is really important in choosing which sites can use that. I've tried turning the new control for Javascript on and off, and trying the add-on, and the new control overrides. Not at all happy with this, as, in order to access some sites, I need to leave all sites open to javascript, which is a much bigger security risk. Will this be reverted? I'll unfortunately need to look into using another browser, as safe surfing isn't possible with this new control ... any page clicked on will run javascript, when I always avoid that to the maximum. Just not workable.

[hawkeye116477]

Will this be reverted? That was only added to preferences, previously it was already available in about:config and permissions dialog. Anyway, now you can also disable JavaScript from preferences and set exceptions for allowing JavaScript only for specific sites. You can also enable for all and set sites on which JS should be blocked.

[laniakea64]

Or you could just leave that setting enabled and keep using Javascript Control, exactly as you had before. Having the built-in setting set to allowed doesn't prevent addons from being able to block Javascript.

Test page - https://enable-javascript.com/

[linuxgirl22]

@hawkeye and @laniakea64 As I explained, I tried using the Javascript Control add-on, and, with JS turned to always on in settings, the add-on doesn't work. I've reverted to the previous version's appimage for now (I'm on Linux, Zen arch, Mate). I can see in this previous version's about:config that javascript is set to on, but the add-on to toggle JS is working in this version.

It's impossible to set exceptions for hundreds and hundreds of bookmarks, and not practical for general surfing ... I avoid google/tumblr/pinterest/anything that could take data, so, with this new setting and JS always on (and add-on not working) that would mean data taken, then needing to whitelist every link, so the option to keep data private would be gone. If surfing for art references, or finding links for brush downloads, particularly the first of which I do a lot, I can't be giving out data then whitelisting every single link (I may go to 40-50+ links for references, in one sitting). I have a redirector add-on for youtube (to invidious), and even posting here, I avoid as much as possible.

It's very well known that JS can let in malware, so shifting to JS being structurally on the whole time, without a working add-on to toggle it, is far less secure, as well as not good for data privacy. I often avoid sites that don't run without JS, so this 'always on' and no working add-on is going to expose my system to sites I would not choose to run. Even email providers always make sure that e.g. images cannot run, for security reasons ... toggling them on has to be done by manually choosing that.

[linuxgirl22]

Just to add, while looking around about browsers/javascript etc, I found this site: https://www.deviceinfo.me/ ... toggling JS on/off showed something I didn't know about; keylogging. The amount of data seen via JS on is shocking. Impossible to run the latest Waterfox without a working JS add-on.

[hawkeye116477]

It's very well known that JS can let in malware, so shifting to JS being structurally on the whole time, without a working add-on to toggle it, is far less secure, as well as not good for data privacy

I think that better is uBO with some malware, privacy and cryptojacking filterlists in that case. So it should block only that bad scripts and keep good.

As I explained, I tried using the Javascript Control add-on, and, with JS turned to always on in settings, the add-on doesn't work. I checked on https://www.whatismybrowser.com/detect/is-javascript-enabled and https://enable-javascript.com/, even on Google (YT links grayed out) and in my case Javascript Control extension works fine, so must be rather something wrong on your side.

[linuxgirl22]

Thanks for responding, and for testing the addon. Really appreciate. I wouldn't know where to begin with the filterlists, but appreciate the suggestion and will make a note. I'll try again, and test with the links ... thanks for those.

[linuxgirl22]

Well, that's quite something ... I don't know whether it was a glitch while installing or something with the add-on, or what, but it's fine! Sorry for the panic, and thank you for patience and advice. :-)

[hawkeye116477]

I wouldn't know where to begin with the filterlists In case of filterlists, you have some to choose from uBO or Nano Adblocker Dashboard, cryptojacking is only one default, but you can choose more from https://filterlists.com, for example NoCoin and CoinBlocker, in case of malware filterlists, then from uBO dashboard you only have 1 good named Spam404, other aren't developed any more, but you can find another on filterlists site => https://filterlists.com/lists/urlhaus-filter, for privacy you can choose all four from uBO dashboard.

Anyway, if problem is solved, then you can close issue :smile:

[linuxgirl22]

Thank you for explaining ... will definitely note that down and look into it. :-)