fsebugoutzone.org:9999

       Post APpGsWftlKWC9WUC3c by meena@cathode.church
 (DIR) More posts by meena@cathode.church
 (DIR) Post #APpCQFzpmNiGV54kWu by strypey@mastodon.nzoss.nz
       2022-11-21T09:54:42Z
       
       1 likes, 0 repeats
       
       It seems wise for a freshly installed web browser to only accept JavaScript from webservers over HTTPS connections, not HTTP. The risks of malicious pages being substituted by a attacker are much higher when they include JS, rather than just vanilla HTML/CSS. If people have some reason to change the default behaviour of the browser they&#39;re using, that&#39;s on them.#HTTPS #JavaScript
       
 (DIR) Post #APpGsWftlKWC9WUC3c by meena@cathode.church
       2022-11-21T10:44:34Z
       
       0 likes, 0 repeats
       
       @strypey given the stuff you can do with CSS and SVG, i would include these, tooand given the billions of bugs that Windows&#39; font libraries had, throw those in the mix as well
       
 (DIR) Post #APpNDMjaW1NX83X3Gi by VinceAggrippino@techhub.social
       2022-11-21T11:55:28Z
       
       0 likes, 0 repeats
       
       @strypey I was under the impression that browsers wouldn&#39;t even make non-HTTPS connections any more without flashing a warning on the screen.That isn&#39;t the case?
       
 (DIR) Post #APsjHvXNqCZoh2Hdg0 by strypey@mastodon.nzoss.nz
       2022-11-23T02:47:07Z
       
       0 likes, 0 repeats
       
       @meena&gt; given the stuff you can do with CSS and SVG, i would include theseExamples?&gt; Windows&#39; font librariesShowing my ignorance of the finger details of web design here, but are these delivered to the browser from the webserver? If so, can they still be delivered with JS turned off?
       
 (DIR) Post #APsm9HgoPVkWeXGR04 by strypey@mastodon.nzoss.nz
       2022-11-23T03:19:09Z
       
       0 likes, 0 repeats
       
       @VinceAggrippino&gt; browsers wouldn&#39;t even make non-HTTPS connections any more without flashing a warningMaybe? What made me post this is that I&#39;ve been getting the http version of web.archive.org a lot recently, without a warning. I don&#39;t remember making an exception for this, but I guess it&#39;s possible?
       
 (DIR) Post #APtHjApqT9C8Om5Bb6 by meena@cathode.church
       2022-11-23T09:12:53Z
       
       0 likes, 0 repeats
       
       @strypey re fonts: that&#39;s separate, yes, it&#39;s just a html or CSS declaration.re CSS security: https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css as one examplere SVG: &quot;SVG uses CSS for styling and JavaScript for scripting. Text, including internationalization and localization, appearing in plain text within the SVG DOM, enhances the accessibility of SVG graphics.[4]&quot;so, same reason why people are weary of PDF.
       
 (DIR) Post #APtisSrRW5jdfnU6RU by strypey@mastodon.nzoss.nz
       2022-11-23T14:17:09Z
       
       0 likes, 0 repeats
       
       @meenaThanks, I&#39;ll have a read.