Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I really like the comparison with right click deactivation.

Anyway, people who use social engineering will still win; you can put JS code in the browser bar with the good old javascript: "protocol" if you want somebody to execute something.



Netflix isn't concerned with securing their users' browsers; they're concerned with protecting their DRM.


I don't think Netflix's DRM is implemented in the browser.


I think that executing JS in the URL bar is disabled in all browsers now.


Disabled in Safari and Firefox, still works in Chrome Canary.


However, you can't paste a string starting with "javascript:" in the address bar


If you try it in Safari with developer mode enabled it does tell you how to enable it


Running Chromium 31.0.1650.63. Javascript still works from the URL bar.


Wow, that really sucks. Bookmarklets can be really useful.


Bookmarklets still work fine (at least in Firefox and Chrome). It's just copy/pasting something with "javascript:" into the URL box that won't work.


Still works on Chrome 32/Win as of a minute ago.


Abled in chrome 33.


If you (are tricked to) paste "javascript:..." it won't work.

You have to manually type "javascript:" for it to work.


Actually, you can just type the "j" and then paste the rest.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: