Seems like they should be able to add a Content Security Policy setting to allow sites to opt in or out of it. I haven't thought it all the way through, but I feel like CSP addresses this sort of thing already, like what are valid JS sources, can JS call eval, can it run inline JS, where can it load iframe sources from, etc. Feels like this would alert fit right in.
Yes, or why not make it an option in Chrome or whatever browser so that the user can enable or disable it.
Default would be "off" for max security, the user then sees a little warning icon when visiting a site that uses bespoke disabled feature - the user can then choose to enable it (once, or permanently) for that site, or all sites, so that the site's feature becomes usable when that's of vital important to the user.
Long story short - make it an option that the user can control!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Seems like they should be able to add a Content Security Policy setting to allow sites to opt in or out of it. I haven't thought it all the way through, but I feel like CSP addresses this sort of thing already, like what are valid JS sources, can JS call
eval, can it run inline JS, where can it load iframe sources from, etc. Feels like this wouldalertfit right in.Yes, or why not make it an option in Chrome or whatever browser so that the user can enable or disable it.
Default would be "off" for max security, the user then sees a little warning icon when visiting a site that uses bespoke disabled feature - the user can then choose to enable it (once, or permanently) for that site, or all sites, so that the site's feature becomes usable when that's of vital important to the user.
Long story short - make it an option that the user can control!