Bug#919637: RFS: elinks/0.13~20190114-1 [ITA]
On Sat, Jan 19, 2019 at 07:47:51AM +0800, Paul Wise wrote:
> On Fri, Jan 18, 2019 at 11:51 PM Adam Borowski wrote:
>
> > I'm not entirely sure if enabling javascript is such a hot idea in a
> > codebase that hardly sees maintenance these days. But it's up to you...
>
> Personally I think the users of terminal-based web browsers would be
> very surprised and possibly upset that their browser suddenly supports
> JavaScript. At minimum, I would suggest a NEWS.Debian entry about
> this. The most ideal situation would be to leave it off by default but
> have a command-line option to turn it on.
I wouldn't be _this_ negative, but only if the defaults are reasonable (ie,
javascript only from the first-party site, akin to Firefox with uMatrix in
its default configuration). I don't know how good this implementation of
Javascript is in practice -- previous attempt sucked -- but quite a large
part of sites rely on that abomination to display meaningful contents.
Thus, it might work adequately, only testing can show. It's up to Ahmed to
decide -- this kind of decisions are what we have maintainers for (before
users start spamming complaints :p).
My remark was mostly about a project dormant for years -- or, with the fork,
not established enough to be trusted for security matters -- not being able
to provide reasonable support for something that's a notorious attack
surface.
Meow!
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands
⢿⡄⠘⠷⠚⠋⠀ for Privacy.
⠈⠳⣄⠀⠀⠀⠀
Reply to: