[Owasp-leaders] Sites that won't work without Javascript

Dennis Groves dennis.groves at owasp.org
Thu Dec 20 19:23:09 UTC 2012


I agree with the message. I am not sure that OWASP has the 'clout' to 
cause the change. However, certainly running unsigned, untrusted code in 
your browser is as much of a bad idea as one could have from a security 
standpoint. It can not hurt us to promote secure computing.

Dennis

-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 
software](http://www.fsf.org/campaigns/secure-boot/statement).

On 20 Dec 2012, at 15:20, Antonio Fontes wrote:

> Hi Vicente,
>
> Agreed, websites should offer a reduced mode that maintains access to
> the content even without JS running.
>
> However, on the question about OWASP encouraging the community to 
> build
> websites that work without JS, I am not sure I can identify the exact
> link with OWASP. This appears to be more motivated by typical
> usability/accessibility good practice than by security concerns. A
> website that requires JS to run is not inherently more insecure 
> (either
> for the company or the client) than one, which does not. We could 
> argue
> that the attack surface gets increased but...that would basically mean
> encouraging website designers to build plain text websites.
>
> When organisations keep forcing their users/customers into enabling JS
> in their browser, well then, basically they lose customers/users.
> Including me, and all those around me that I was able to convince with
> an alternative :)
>
> Antonio
>
>
>
> --
> OWASP Switzerland, board member
> OWASP Geneva, chapter leader
> skype: antonio.fontes
>
> On 12/20/2012 12:25 PM, Vicente Aguilera wrote:
>> Hello leaderes,
>>
>> Richard Stallman sent me the following message which I reproduce it 
>> for
>> your consideration:
>>
>> ===
>> I run into quite a few sites nowadays that won't work without
>> Javascript.  Often WiFi portals do this.
>>
>> Can OWASP help encourage Web designers to make their sites
>> work with Javascript disabled?
>>
>> Also, can it help encourage Web designers to make their sites
>> pass the LibreJS test?
>> ===
>>
>> What's your opinion?
>>
>> Best regards,
>> --
>> _________________________________
>> Vicente Aguilera Diaz
>> OWASP Spain chapter leader
>> CISA, CISSP, CSSLP, ITIL, PCI ASV
>> CEH Instructor, ECSP Instructor, OPSA, OPST
>> vicente.aguilera at owasp.org <mailto:vicente.aguilera at owasp.org>
>> Homepage: http://www.owasp.org/index.php/Spain
>> Mailing list: http://lists.owasp.org/mailman/listinfo/owasp-spain
>> Twitter: @vaguileradiaz
>> Personal website: http://www.vicenteaguileradiaz.com
>> PGP: 0xD21C1EF8 - D1F0 E0B5 2ACC B4B5 57CD  C427 58B7 CF0D D21C 1EF8
>> _________________________________
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20121220/c8e196a9/attachment.html>


More information about the OWASP-Leaders mailing list