@Shamar people will say that users will be inconvenienced if they have to opt-in to running JS in their browser. That doesn't stop Windows and Mac from popping up warnings when you try to run third-party software directly on the OS. Similarly, if you only have to opt-in the first time you use a given site (and can choose whether to allow goOgle Anal-ticks etc), it's not that inconvenient, and very educational. This is how I use #NoScript
@Shamar Refence / URL requested.
@Shamar, it took me quite a while to find your "simple steps to reproduce the problem", deeply buried under loads of opinion and general history of the internet. It's no surprise people got mad at you. Here is the gist of your speech:
> A web site can send you JavaScript that fills your disk with illegal contents. In the cache.
I'm sorry to inform you that no js is required for this. A site could send any image and hide it using css. Or deliver illegal numbers in html comments.
Should I be concern about Mozilla browser now ?
I believe that self signing urls (aka content hash based addressibg) would help a lot. We'd furthermore and still need to fix the cert mess or build a better system for that purpose. It would also be nice to have better programming languages yielding fewer bugs. And less code, and a larger proportion of it open for review. And maybe some radically new ideas. I'm willing to bet a large amount on the assumption that drive-by code is here to stay, @Shamar, so we ought to fix things.