Why do some people disable JavaScript in their browser?
25th August 2010
My answer to Why do some people disable JavaScript in their browser? on Quora
For security reasons.
Many (most?) web applications have security vulnerabilities due to JavaScript. The most common are XSS, where malicious JavaScript can be injected in to a page, stealing cookies and forcing users to perform actions that they did not intend, and CSRF, where unprotected forms can be abused to again perform unintended actions.
It’s amazing how many developers are unaware of CSRF—and quite a lot still don’t fully understand the consequences of XSS.
Disabling JavaScript in your browser makes the above attacks much harder to pull off. Once you understand how serious and widespread these problems are, it becomes very tempting to disable JavaScript for unknown sites and only enable it for sites you think have extremely skilled development teams.
That said, I don’t personally disable JS in my browsers—but that’s only because I haven’t been bitten badly yet.
More recent articles
- Weeknotes: datasette-enrichments, datasette-comments, sqlite-chronicle - 8th December 2023
- Datasette Enrichments: a new plugin framework for augmenting your data - 1st December 2023
- llamafile is the new best way to run a LLM on your own computer - 29th November 2023
- Prompt injection explained, November 2023 edition - 27th November 2023
- I'm on the Newsroom Robots podcast, with thoughts on the OpenAI board - 25th November 2023
- Weeknotes: DevDay, GitHub Universe, OpenAI chaos - 22nd November 2023
- Deciphering clues in a news article to understand how it was reported - 22nd November 2023
- Exploring GPTs: ChatGPT in a trench coat? - 15th November 2023
- Financial sustainability for open source projects at GitHub Universe - 10th November 2023
- ospeak: a CLI tool for speaking text in the terminal via OpenAI - 7th November 2023