Are you developing a defense against malicious use of site-generated error messages (as examplified by the [rather harmless] hurr-durr.com)?
If you enter the hurr-durr.com website, it will demonstrate how messages generated by a specific website can be used to paralyse the web browser such that you will need to quit your browser and restart it. Basically, any action from the user (such as trying to close the tab used by hurr-durr.com) is met with a nonsense message and no other response (tab remains open). Shouldn't there be some kind of defense against this? hurr-durr is rather daft and harmless but I can imagine that this loophole can be used for more sinister purposes.
All Replies (4)
It relies upon JavaScript, you can use the NoScript add-on to prevent that sort of site from working. NoScript by default blocks all JavaScript and lets you specify what sites you want JavaScript to work on.
Thank you for a prompt reply. It was very helpful. But since a lot of websites use Javascripts, maybe there will be a lot of extra handling. Also you can't know in advance which scripts will be malicious. Ideally you would like something that stops javascripts from doing certain things, like preventing the closing of a page. Maybe that is very difficult.
The next Firefox 4.0 version will have a check box on such alert messages to prevent further alerts from appearing.
See also:
That sounds like a straightforward and useful remedy. Very much looking forward to that.